From fa316e4f37137897af803f6ab0f7761f9026f9a2 Mon Sep 17 00:00:00 2001
From: Mark Gritter <mgritter@gmail.com>
Date: Sun, 7 Nov 2021 02:18:21 -0600
Subject: [PATCH 1/3] New documentation from fstardoc.

---
 docs/FStar.Algebra.CommMonoid.Equiv.html    |   50 +
 docs/FStar.Algebra.CommMonoid.html          |   38 +-
 docs/FStar.Algebra.Monoid.html              |  224 ++-
 docs/FStar.All.html                         |   47 +-
 docs/FStar.BV.html                          |  219 ++-
 docs/FStar.BaseTypes.html                   |   33 +-
 docs/FStar.BigOps.html                      |  289 +++-
 docs/FStar.BitVector.html                   |  251 ++-
 docs/FStar.Bytes.html                       |  327 +++-
 docs/FStar.Calc.html                        |   90 +-
 docs/FStar.Char.html                        |   79 +-
 docs/FStar.Classical.Sugar.html             |  181 ++
 docs/FStar.Classical.html                   |  400 ++++-
 docs/FStar.Date.html                        |   32 +-
 docs/FStar.DependentMap.html                |  269 ++-
 docs/FStar.Dyn.html                         |   37 +-
 docs/FStar.Endianness.html                  |  345 +++-
 docs/FStar.Exn.html                         |   23 +-
 docs/FStar.Fin.html                         |   91 +-
 docs/FStar.Float.html                       |   24 +-
 docs/FStar.FunctionalExtensionality.html    |  244 ++-
 docs/FStar.GSet.html                        |  142 +-
 docs/FStar.Ghost.html                       |  165 +-
 docs/FStar.Heap.html                        |   24 +-
 docs/FStar.HyperStack.All.html              |   40 +-
 docs/FStar.HyperStack.ST.html               |  607 ++++++-
 docs/FStar.HyperStack.html                  |   41 +-
 docs/FStar.IFC.html                         |  182 +-
 docs/FStar.IO.html                          |   69 +-
 docs/FStar.IndefiniteDescription.html       |  106 +-
 docs/FStar.Int.Cast.Full.html               |   36 +-
 docs/FStar.Int.Cast.html                    |  192 ++-
 docs/FStar.Int.html                         |  390 ++++-
 docs/FStar.Int128.html                      |  195 ++-
 docs/FStar.Int16.html                       |  192 ++-
 docs/FStar.Int32.html                       |  192 ++-
 docs/FStar.Int64.html                       |  192 ++-
 docs/FStar.Int8.html                        |  192 ++-
 docs/FStar.Integers.html                    |  540 +++++-
 docs/FStar.LexicographicOrdering.html       |  179 ++
 docs/FStar.List.Pure.Base.html              |  122 +-
 docs/FStar.List.Pure.Properties.html        |  343 +++-
 docs/FStar.List.Pure.html                   |   25 +-
 docs/FStar.List.Tot.Base.html               |  755 +++++++--
 docs/FStar.List.Tot.Properties.html         | 1120 +++++++++++--
 docs/FStar.List.Tot.html                    |   23 +-
 docs/FStar.List.html                        |  494 ++++--
 docs/FStar.MRef.html                        |   49 +-
 docs/FStar.Map.html                         |  175 +-
 docs/FStar.MarkovsPrinciple.html            |   25 +-
 docs/FStar.Math.Euclid.html                 |  112 +-
 docs/FStar.Math.Fermat.html                 |   44 +-
 docs/FStar.Math.Lemmas.html                 |  856 +++++++++-
 docs/FStar.Math.Lib.html                    |  162 +-
 docs/FStar.Modifies.html                    |  811 ++++++++-
 docs/FStar.ModifiesGen.html                 | 1132 ++++++++++++-
 docs/FStar.Monotonic.DependentMap.html      |  309 +++-
 docs/FStar.Monotonic.Heap.html              |  389 ++++-
 docs/FStar.Monotonic.HyperHeap.html         |  156 +-
 docs/FStar.Monotonic.HyperStack.html        |  567 ++++++-
 docs/FStar.Monotonic.Map.html               |  116 +-
 docs/FStar.Monotonic.Pure.html              |   59 +
 docs/FStar.Monotonic.Seq.html               |  439 ++++-
 docs/FStar.Monotonic.Witnessed.html         |   74 +-
 docs/FStar.Mul.html                         |   20 +-
 docs/FStar.Option.html                      |   50 +-
 docs/FStar.OrdSetProps.html                 |   47 +-
 docs/FStar.Order.html                       |   65 +-
 docs/FStar.PCM.html                         |  248 +++
 docs/FStar.Pervasives.Native.html           |  163 +-
 docs/FStar.Pervasives.html                  | 1133 +++++++++++--
 docs/FStar.PredicateExtensionality.html     |   31 +-
 docs/FStar.Preorder.html                    |   29 +-
 docs/FStar.Printf.html                      |  218 ++-
 docs/FStar.PropositionalExtensionality.html |   47 +-
 docs/FStar.Range.html                       |   19 +-
 docs/FStar.Real.html                        |   81 +-
 docs/FStar.Ref.html                         |   69 +-
 docs/FStar.Reflection.Arith.html            |  246 ++-
 docs/FStar.Reflection.Builtins.html         |   92 +
 docs/FStar.Reflection.Const.html            |   70 +-
 docs/FStar.Reflection.Derived.Lemmas.html   |   77 +-
 docs/FStar.Reflection.Derived.html          |  314 +++-
 docs/FStar.Reflection.Formula.html          |  219 ++-
 docs/FStar.Reflection.Types.html            |   35 +-
 docs/FStar.Reflection.html                  |   31 +-
 docs/FStar.ReflexiveTransitiveClosure.html  |  101 +-
 docs/FStar.ST.html                          |  154 +-
 docs/FStar.Seq.Base.html                    |  157 +-
 docs/FStar.Seq.Permutation.html             |   93 +
 docs/FStar.Seq.Properties.html              |  659 +++++++-
 docs/FStar.Seq.Sorted.html                  |  121 +-
 docs/FStar.Seq.html                         |   23 +-
 docs/FStar.Set.html                         |  137 +-
 docs/FStar.Squash.html                      |   99 +-
 docs/FStar.SquashProperties.html            |  153 +-
 docs/FStar.String.html                      |  148 +-
 docs/FStar.StrongExcludedMiddle.html        |   19 +-
 docs/FStar.TSet.html                        |  102 +-
 docs/FStar.Tactics.Arith.html               |   55 +-
 docs/FStar.Tactics.BV.html                  |  192 ++-
 docs/FStar.Tactics.Builtins.html            |  572 +++++--
 docs/FStar.Tactics.Canon.html               |  239 ++-
 docs/FStar.Tactics.CanonCommSemiring.html   | 1675 ++++++++++++++++++-
 docs/FStar.Tactics.CanonCommSwaps.html      |  133 +-
 docs/FStar.Tactics.CanonMonoid.html         |  121 +-
 docs/FStar.Tactics.Common.html              |   19 +
 docs/FStar.Tactics.Derived.html             | 1050 ++++++++++--
 docs/FStar.Tactics.Effect.html              |  173 +-
 docs/FStar.Tactics.Logic.html               |  270 ++-
 docs/FStar.Tactics.PatternMatching.html     |  913 +++++++++-
 docs/FStar.Tactics.Print.html               |   89 +
 docs/FStar.Tactics.Result.html              |   35 +-
 docs/FStar.Tactics.Simplifier.html          |  244 ++-
 docs/FStar.Tactics.SyntaxHelpers.html       |   81 +-
 docs/FStar.Tactics.Typeclasses.html         |  187 ++-
 docs/FStar.Tactics.Types.html               |   55 +-
 docs/FStar.Tactics.Util.html                |  106 +-
 docs/FStar.Tactics.html                     |   62 +-
 docs/FStar.Tcp.html                         |   49 +-
 docs/FStar.UInt.html                        |  516 +++++-
 docs/FStar.UInt128.html                     |  145 +-
 docs/FStar.UInt16.html                      |  380 ++++-
 docs/FStar.UInt32.html                      |  380 ++++-
 docs/FStar.UInt64.html                      |  380 ++++-
 docs/FStar.UInt8.html                       |  381 ++++-
 docs/FStar.Udp.html                         |   44 +-
 docs/FStar.Universe.html                    |   98 +-
 docs/FStar.Util.html                        |   30 +-
 docs/FStar.VConfig.html                     |   48 +
 docs/FStar.Vector.Base.html                 |  413 ++++-
 docs/FStar.Vector.Properties.html           |  104 +-
 docs/FStar.Vector.html                      |   23 +-
 docs/FStar.WellFounded.html                 |  148 +-
 docs/index.html                             |  108 +-
 135 files changed, 26560 insertions(+), 3554 deletions(-)
 create mode 100644 docs/FStar.Algebra.CommMonoid.Equiv.html
 create mode 100644 docs/FStar.Classical.Sugar.html
 create mode 100644 docs/FStar.LexicographicOrdering.html
 create mode 100644 docs/FStar.Monotonic.Pure.html
 create mode 100644 docs/FStar.PCM.html
 create mode 100644 docs/FStar.Reflection.Builtins.html
 create mode 100644 docs/FStar.Seq.Permutation.html
 create mode 100644 docs/FStar.Tactics.Common.html
 create mode 100644 docs/FStar.Tactics.Print.html
 create mode 100644 docs/FStar.VConfig.html

diff --git a/docs/FStar.Algebra.CommMonoid.Equiv.html b/docs/FStar.Algebra.CommMonoid.Equiv.html
new file mode 100644
index 0000000..2bbe1be
--- /dev/null
+++ b/docs/FStar.Algebra.CommMonoid.Equiv.html
@@ -0,0 +1,50 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+  <title>FStar.Algebra.CommMonoid.Equiv</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
+</head>
+<body>
+<h1>
+<a id="user-content-fstaralgebracommmonoidequiv" class="anchor" href="#fstaralgebracommmonoidequiv" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Algebra.CommMonoid.Equiv</h1>
+<ul>
+<li>Opens module <a href="FStar.Mul.html">FStar.Mul</a>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unopteq</span>
+<span class="pl-k">type</span> <span class="pl-en">equiv</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">EQ</span> <span class="pl-c1">:</span>
+    <span class="pl-en">eq</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">reflexivity</span><span class="pl-c1">:(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">eq</span><span class="pl-c1">`</span> <span class="pl-en">x</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">symmetry</span><span class="pl-c1">:(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">eq</span><span class="pl-c1">`</span> <span class="pl-en">y</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">y</span> <span class="pl-c1">`</span><span class="pl-en">eq</span><span class="pl-c1">`</span> <span class="pl-en">x</span><span class="pl-c1">)))</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">transitivity</span><span class="pl-c1">:(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">z</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">eq</span><span class="pl-c1">`</span> <span class="pl-en">y</span> <span class="pl-c1">/\</span> <span class="pl-en">y</span> <span class="pl-c1">`</span><span class="pl-en">eq</span><span class="pl-c1">`</span> <span class="pl-en">z</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">eq</span><span class="pl-c1">`</span> <span class="pl-en">z</span><span class="pl-c1">)))</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">equiv</span> <span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">equality_equiv</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">:</span> <span class="pl-en">equiv</span> <span class="pl-en">a</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">EQ</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">())</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">())</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">())</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unopteq</span>
+<span class="pl-k">type</span> <span class="pl-en">cm</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">eq</span><span class="pl-c1">:</span><span class="pl-en">equiv</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">CM</span> <span class="pl-c1">:</span>
+    <span class="pl-c1">unit:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">mult</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">identity</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((unit</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">`</span><span class="pl-c1">EQ</span><span class="pl-c1">?.</span><span class="pl-en">eq</span> <span class="pl-en">eq</span><span class="pl-c1">`</span> <span class="pl-en">x</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">associativity</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">z</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+                      <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">y</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">z</span><span class="pl-c1">)</span> <span class="pl-c1">`</span><span class="pl-c1">EQ</span><span class="pl-c1">?.</span><span class="pl-en">eq</span> <span class="pl-en">eq</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">y</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">z</span><span class="pl-c1">))))</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">commutativity</span><span class="pl-c1">:(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">`</span><span class="pl-c1">EQ</span><span class="pl-c1">?.</span><span class="pl-en">eq</span> <span class="pl-en">eq</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">y</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">x</span><span class="pl-c1">)))</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">congruence</span><span class="pl-c1">:(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">z</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">w</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-c1">EQ</span><span class="pl-c1">?.</span><span class="pl-en">eq</span> <span class="pl-en">eq</span><span class="pl-c1">`</span> <span class="pl-en">z</span> <span class="pl-c1">/\</span> <span class="pl-en">y</span> <span class="pl-c1">`</span><span class="pl-c1">EQ</span><span class="pl-c1">?.</span><span class="pl-en">eq</span> <span class="pl-en">eq</span><span class="pl-c1">`</span> <span class="pl-en">w</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">((</span><span class="pl-en">mult</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">`</span><span class="pl-c1">EQ</span><span class="pl-c1">?.</span><span class="pl-en">eq</span> <span class="pl-en">eq</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">mult</span> <span class="pl-en">z</span> <span class="pl-en">w</span><span class="pl-c1">))))</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">cm</span> <span class="pl-en">a</span> <span class="pl-en">eq</span></pre></div>
+<p>temporarily fixing the universe of this lemma to u#1 because
+otherwise tactics for LowStar.Resource canonicalization fails
+by picking up an incorrect universe u#0 for resource type</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">right_identity</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">u#</span><span class="pl-en">aa</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">eq</span><span class="pl-c1">:</span><span class="pl-en">equiv</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">cm</span> <span class="pl-en">a</span> <span class="pl-en">eq</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-c1">CM</span><span class="pl-c1">?.</span><span class="pl-en">mult</span> <span class="pl-en">m</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-c1">CM</span><span class="pl-c1">?.unit</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-c1">`</span><span class="pl-c1">EQ</span><span class="pl-c1">?.</span><span class="pl-en">eq</span> <span class="pl-en">eq</span><span class="pl-c1">`</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">CM</span><span class="pl-c1">?.</span><span class="pl-en">commutativity</span> <span class="pl-en">m</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-c1">CM</span><span class="pl-c1">?.unit</span> <span class="pl-en">m</span><span class="pl-c1">);</span>
+  <span class="pl-c1">CM</span><span class="pl-c1">?.</span><span class="pl-en">identity</span> <span class="pl-en">m</span> <span class="pl-en">x</span><span class="pl-c1">;</span>
+  <span class="pl-c1">EQ</span><span class="pl-c1">?.</span><span class="pl-en">transitivity</span> <span class="pl-en">eq</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-c1">CM</span><span class="pl-c1">?.</span><span class="pl-en">mult</span> <span class="pl-en">m</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-c1">CM</span><span class="pl-c1">?.unit</span> <span class="pl-en">m</span><span class="pl-c1">))</span> <span class="pl-c1">((</span><span class="pl-c1">CM</span><span class="pl-c1">?.unit</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-c1">`</span><span class="pl-c1">CM</span><span class="pl-c1">?.</span><span class="pl-en">mult</span> <span class="pl-en">m</span><span class="pl-c1">`</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-en">x</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">int_plus_cm</span> <span class="pl-c1">:</span> <span class="pl-en">cm</span> <span class="pl-c1">int</span> <span class="pl-c1">(</span><span class="pl-en">equality_equiv</span> <span class="pl-c1">int)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">CM</span> <span class="pl-c1">0</span> <span class="pl-c1">(+)</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">())</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">())</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">())</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">())</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">int_multiply_cm</span> <span class="pl-c1">:</span> <span class="pl-en">cm</span> <span class="pl-c1">int</span> <span class="pl-c1">(</span><span class="pl-en">equality_equiv</span> <span class="pl-c1">int)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">CM</span> <span class="pl-c1">1</span> <span class="pl-c1">(</span> * <span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">())</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">())</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">())</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">())</span></pre></div>
+
+</body>
+</html>
diff --git a/docs/FStar.Algebra.CommMonoid.html b/docs/FStar.Algebra.CommMonoid.html
index 9ad4d82..b2d6308 100644
--- a/docs/FStar.Algebra.CommMonoid.html
+++ b/docs/FStar.Algebra.CommMonoid.html
@@ -1,16 +1,34 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Algebra.CommMonoid</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.algebra.commmonoid">module FStar.Algebra.CommMonoid</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstaralgebracommmonoid" class="anchor" href="#fstaralgebracommmonoid" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Algebra.CommMonoid</h1>
+<ul>
+<li>Opens module <a href="FStar.Mul.html">FStar.Mul</a>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unopteq</span>
+<span class="pl-k">type</span> <span class="pl-en">cm</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">CM</span> <span class="pl-c1">:</span>
+    <span class="pl-c1">unit:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">mult</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">identity</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(unit</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">associativity</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">z</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+                      <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">y</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">z</span> <span class="pl-c1">==</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">y</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">z</span><span class="pl-c1">)))</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">commutativity</span><span class="pl-c1">:(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">y</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">x</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">cm</span> <span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">right_identity</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">cm</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span>
+    <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-c1">CM</span><span class="pl-c1">?.</span><span class="pl-en">mult</span> <span class="pl-en">m</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-c1">CM</span><span class="pl-c1">?.unit</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">CM</span><span class="pl-c1">?.</span><span class="pl-en">commutativity</span> <span class="pl-en">m</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-c1">CM</span><span class="pl-c1">?.unit</span> <span class="pl-en">m</span><span class="pl-c1">);</span> <span class="pl-c1">CM</span><span class="pl-c1">?.</span><span class="pl-en">identity</span> <span class="pl-en">m</span> <span class="pl-en">x</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">int_plus_cm</span> <span class="pl-c1">:</span> <span class="pl-en">cm</span> <span class="pl-c1">int</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">CM</span> <span class="pl-c1">0</span> <span class="pl-c1">(+)</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">())</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">())</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">())</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">int_multiply_cm</span> <span class="pl-c1">:</span> <span class="pl-en">cm</span> <span class="pl-c1">int</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">CM</span> <span class="pl-c1">1</span> <span class="pl-c1">(</span> * <span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">())</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">())</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">())</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Algebra.Monoid.html b/docs/FStar.Algebra.Monoid.html
index 5025187..171b130 100644
--- a/docs/FStar.Algebra.Monoid.html
+++ b/docs/FStar.Algebra.Monoid.html
@@ -1,55 +1,181 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Algebra.Monoid</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.algebra.monoid">module FStar.Algebra.Monoid</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> Definition <span class="kw">of</span> a monoid </code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> Some monoid structures </code></pre></div>
+<h1>
+<a id="user-content-fstaralgebramonoid" class="anchor" href="#fstaralgebramonoid" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Algebra.Monoid</h1>
+<ul>
+<li>
+<p>Opens module <a href="FStar.Classical.html">FStar.Classical</a></p>
+</li>
+<li>
+<p>Aliases module <a href="FStar.PropositionalExtensionality.html"> FStar.PropositionalExtensionality</a> as <code>PropExt </code></p>
+</li>
+<li>
+<p>AR: 05/12: adding calls to equational lemmas from PropositionalExtensionality</p>
+</li>
+<li>
+<pre><code>       these should go away with proper prop support
+</code></pre>
+</li>
+<li>
+<pre><code>       also see the comment in PropositionalExtensionality.fst
+</code></pre>
+</li>
+</ul>
+<p>Definition of a monoid</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">right_unitality_lemma</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">u</span><span class="pl-c1">:</span><span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">mult</span><span class="pl-c1">:</span><span class="pl-en">m</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">m</span><span class="pl-c1">).</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">u</span> <span class="pl-c1">==</span> <span class="pl-en">x</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">left_unitality_lemma</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">u</span><span class="pl-c1">:</span><span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">mult</span><span class="pl-c1">:</span><span class="pl-en">m</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">m</span><span class="pl-c1">).</span> <span class="pl-en">u</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">x</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">associativity_lemma</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">mult</span><span class="pl-c1">:</span><span class="pl-en">m</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">:</span><span class="pl-en">m</span><span class="pl-c1">).</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">y</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">z</span> <span class="pl-c1">==</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">y</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">z</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unopteq</span>
+<span class="pl-k">type</span> <span class="pl-en">monoid</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Monoid</span> <span class="pl-c1">:</span>
+    <span class="pl-c1">unit:</span><span class="pl-en">m</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">mult</span><span class="pl-c1">:(</span><span class="pl-en">m</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">right_unitality</span><span class="pl-c1">:</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">right_unitality_lemma</span> <span class="pl-en">m</span> <span class="pl-c1">unit</span> <span class="pl-en">mult</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">left_unitality</span><span class="pl-c1">:</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">left_unitality_lemma</span> <span class="pl-en">m</span> <span class="pl-c1">unit</span> <span class="pl-en">mult</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">associativity</span><span class="pl-c1">:</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">associativity_lemma</span> <span class="pl-en">m</span> <span class="pl-en">mult</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">monoid</span> <span class="pl-en">m</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">intro_monoid</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">u</span><span class="pl-c1">:</span><span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">mult</span><span class="pl-c1">:</span><span class="pl-en">m</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">monoid</span> <span class="pl-en">m</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">right_unitality_lemma</span> <span class="pl-en">m</span> <span class="pl-en">u</span> <span class="pl-en">mult</span> <span class="pl-c1">/\</span> <span class="pl-en">left_unitality_lemma</span> <span class="pl-en">m</span> <span class="pl-en">u</span> <span class="pl-en">mult</span> <span class="pl-c1">/\</span> <span class="pl-en">associativity_lemma</span> <span class="pl-en">m</span> <span class="pl-en">mult</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">mm</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Monoid</span><span class="pl-c1">?.unit</span> <span class="pl-en">mm</span> <span class="pl-c1">==</span> <span class="pl-en">u</span> <span class="pl-c1">/\</span> <span class="pl-c1">Monoid</span><span class="pl-c1">?.</span><span class="pl-en">mult</span> <span class="pl-en">mm</span> <span class="pl-c1">==</span> <span class="pl-en">mult</span><span class="pl-c1">))</span>
+<span class="pl-c1">=</span>
+  <span class="pl-c1">Monoid</span> <span class="pl-en">u</span> <span class="pl-en">mult</span> <span class="pl-c1">()</span> <span class="pl-c1">()</span> <span class="pl-c1">()</span></pre></div>
+<p>Some monoid structures</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">nat_plus_monoid</span> <span class="pl-c1">:</span> <span class="pl-en">monoid</span> <span class="pl-c1">nat</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">add</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">:</span> <span class="pl-c1">nat</span> <span class="pl-c1">=</span> <span class="pl-en">x</span> <span class="pl-c1">+</span> <span class="pl-en">y</span> <span class="pl-k">in</span>
+  <span class="pl-en">intro_monoid</span> <span class="pl-c1">nat</span> <span class="pl-c1">0</span> <span class="pl-en">add</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">int_plus_monoid</span> <span class="pl-c1">:</span> <span class="pl-en">monoid</span> <span class="pl-c1">int</span> <span class="pl-c1">=</span>
+  <span class="pl-en">intro_monoid</span> <span class="pl-c1">int</span> <span class="pl-c1">0</span> <span class="pl-c1">(+)</span></pre></div>
+<p>let int_mul_monoid : monoid int =</p>
+<p>intro_monoid int 1 op_Multiply</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">conjunction_monoid</span> <span class="pl-c1">:</span> <span class="pl-en">monoid</span> <span class="pl-en">prop</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">u</span> <span class="pl-c1">:</span> <span class="pl-en">prop</span> <span class="pl-c1">=</span> <span class="pl-en">singleton</span> <span class="pl-c1">True</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">mult</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">q</span> <span class="pl-c1">:</span> <span class="pl-en">prop</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">prop</span> <span class="pl-c1">=</span> <span class="pl-en">p</span> <span class="pl-c1">/\</span> <span class="pl-en">q</span> <span class="pl-k">in</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">left_unitality_helper</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">prop</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">u</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">assert</span> <span class="pl-c1">((</span><span class="pl-en">u</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">;</span>
+  <span class="pl-smi">PropExt.</span><span class="pl-en">apply</span> <span class="pl-c1">(</span><span class="pl-en">u</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-en">p</span>
+<span class="pl-k">in</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">right_unitality_helper</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">prop</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">p</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">u</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">assert</span> <span class="pl-c1">((</span><span class="pl-en">p</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">u</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">;</span>
+  <span class="pl-smi">PropExt.</span><span class="pl-en">apply</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">u</span><span class="pl-c1">)</span> <span class="pl-en">p</span>
+<span class="pl-k">in</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">associativity_helper</span> <span class="pl-c1">(</span><span class="pl-en">p1</span> <span class="pl-en">p2</span> <span class="pl-en">p3</span> <span class="pl-c1">:</span> <span class="pl-en">prop</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">p1</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">p2</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">p3</span> <span class="pl-c1">==</span> <span class="pl-en">p1</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">p2</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">p3</span><span class="pl-c1">))</span> <span class="pl-c1">=</span>
+  <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">p1</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">p2</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">p3</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">p1</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">p2</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">p3</span><span class="pl-c1">))</span> <span class="pl-c1">;</span>
+  <span class="pl-smi">PropExt.</span><span class="pl-en">apply</span> <span class="pl-c1">(</span><span class="pl-en">p1</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">p2</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">p3</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p1</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">p2</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">p3</span><span class="pl-c1">))</span>
+<span class="pl-k">in</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">forall_intro</span> <span class="pl-en">right_unitality_helper</span> <span class="pl-c1">;</span>
+<span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">right_unitality_lemma</span> <span class="pl-en">prop</span> <span class="pl-en">u</span> <span class="pl-en">mult</span><span class="pl-c1">)</span> <span class="pl-c1">;</span>
+<span class="pl-en">forall_intro</span> <span class="pl-en">left_unitality_helper</span> <span class="pl-c1">;</span>
+<span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">left_unitality_lemma</span> <span class="pl-en">prop</span> <span class="pl-en">u</span> <span class="pl-en">mult</span><span class="pl-c1">)</span> <span class="pl-c1">;</span>
+<span class="pl-en">forall_intro_3</span> <span class="pl-en">associativity_helper</span><span class="pl-c1">;</span>
+<span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">associativity_lemma</span> <span class="pl-en">prop</span> <span class="pl-en">mult</span><span class="pl-c1">)</span> <span class="pl-c1">;</span>
+<span class="pl-en">intro_monoid</span> <span class="pl-en">prop</span> <span class="pl-en">u</span> <span class="pl-en">mult</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">disjunction_monoid</span> <span class="pl-c1">:</span> <span class="pl-en">monoid</span> <span class="pl-en">prop</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">u</span> <span class="pl-c1">:</span> <span class="pl-en">prop</span> <span class="pl-c1">=</span> <span class="pl-en">singleton</span> <span class="pl-c1">False</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">mult</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">q</span> <span class="pl-c1">:</span> <span class="pl-en">prop</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">prop</span> <span class="pl-c1">=</span> <span class="pl-en">p</span> <span class="pl-c1">\/</span> <span class="pl-en">q</span> <span class="pl-k">in</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">left_unitality_helper</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">prop</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">u</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">assert</span> <span class="pl-c1">((</span><span class="pl-en">u</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">;</span>
+  <span class="pl-smi">PropExt.</span><span class="pl-en">apply</span> <span class="pl-c1">(</span><span class="pl-en">u</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-en">p</span>
+<span class="pl-k">in</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">right_unitality_helper</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">prop</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">p</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">u</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">assert</span> <span class="pl-c1">((</span><span class="pl-en">p</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">u</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">;</span>
+  <span class="pl-smi">PropExt.</span><span class="pl-en">apply</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">u</span><span class="pl-c1">)</span> <span class="pl-en">p</span>
+<span class="pl-k">in</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">associativity_helper</span> <span class="pl-c1">(</span><span class="pl-en">p1</span> <span class="pl-en">p2</span> <span class="pl-en">p3</span> <span class="pl-c1">:</span> <span class="pl-en">prop</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">p1</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">p2</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">p3</span> <span class="pl-c1">==</span> <span class="pl-en">p1</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">p2</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">p3</span><span class="pl-c1">))</span> <span class="pl-c1">=</span>
+  <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">p1</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">p2</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">p3</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">p1</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">p2</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">p3</span><span class="pl-c1">))</span> <span class="pl-c1">;</span>
+  <span class="pl-smi">PropExt.</span><span class="pl-en">apply</span> <span class="pl-c1">(</span><span class="pl-en">p1</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">p2</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">p3</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p1</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">p2</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">p3</span><span class="pl-c1">))</span>
+<span class="pl-k">in</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">forall_intro</span> <span class="pl-en">right_unitality_helper</span> <span class="pl-c1">;</span>
+<span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">right_unitality_lemma</span> <span class="pl-en">prop</span> <span class="pl-en">u</span> <span class="pl-en">mult</span><span class="pl-c1">)</span> <span class="pl-c1">;</span>
+<span class="pl-en">forall_intro</span> <span class="pl-en">left_unitality_helper</span> <span class="pl-c1">;</span>
+<span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">left_unitality_lemma</span> <span class="pl-en">prop</span> <span class="pl-en">u</span> <span class="pl-en">mult</span><span class="pl-c1">)</span> <span class="pl-c1">;</span>
+<span class="pl-en">forall_intro_3</span> <span class="pl-en">associativity_helper</span><span class="pl-c1">;</span>
+<span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">associativity_lemma</span> <span class="pl-en">prop</span> <span class="pl-en">mult</span><span class="pl-c1">)</span> <span class="pl-c1">;</span>
+<span class="pl-en">intro_monoid</span> <span class="pl-en">prop</span> <span class="pl-en">u</span> <span class="pl-en">mult</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">bool_and_monoid</span> <span class="pl-c1">:</span> <span class="pl-en">monoid</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">and_</span> <span class="pl-en">b1</span> <span class="pl-en">b2</span> <span class="pl-c1">=</span> <span class="pl-en">b1</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">b2</span> <span class="pl-k">in</span>
+  <span class="pl-en">intro_monoid</span> <span class="pl-c1">bool</span> <span class="pl-c1">true</span> <span class="pl-en">and_</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">bool_or_monoid</span> <span class="pl-c1">:</span> <span class="pl-en">monoid</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">or_</span> <span class="pl-en">b1</span> <span class="pl-en">b2</span> <span class="pl-c1">=</span> <span class="pl-en">b1</span> <span class="pl-c1">||</span> <span class="pl-en">b2</span> <span class="pl-k">in</span>
+  <span class="pl-en">intro_monoid</span> <span class="pl-c1">bool</span> <span class="pl-c1">false</span> <span class="pl-en">or_</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">bool_xor_monoid</span> <span class="pl-c1">:</span> <span class="pl-en">monoid</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">xor</span> <span class="pl-en">b1</span> <span class="pl-en">b2</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">b1</span> <span class="pl-c1">||</span> <span class="pl-en">b2</span><span class="pl-c1">)</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-en">b1</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">b2</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+  <span class="pl-en">intro_monoid</span> <span class="pl-c1">bool</span> <span class="pl-c1">false</span> <span class="pl-en">xor</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lift_monoid_option</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">monoid</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">monoid</span> <span class="pl-c1">(</span><span class="pl-en">option</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">mult</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">option</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-en">y</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">x0</span><span class="pl-c1">,</span> <span class="pl-c1">Some</span> <span class="pl-en">y0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Some</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-en">x0</span> <span class="pl-en">y0</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">None</span>
+  <span class="pl-k">in</span>
+  <span class="pl-en">intro_monoid</span> <span class="pl-c1">(</span><span class="pl-en">option</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-c1">Some</span> <span class="pl-en">m</span><span class="pl-c1">.unit)</span> <span class="pl-en">mult</span></pre></div>
+<p>Definition of a morphism of monoid</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">monoid_morphism_unit_lemma</span> <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ma</span><span class="pl-c1">:</span><span class="pl-en">monoid</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">mb</span><span class="pl-c1">:</span><span class="pl-en">monoid</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-c1">Monoid</span><span class="pl-c1">?.unit</span> <span class="pl-en">ma</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">Monoid</span><span class="pl-c1">?.unit</span> <span class="pl-en">mb</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">monoid_morphism_mult_lemma</span> <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ma</span><span class="pl-c1">:</span><span class="pl-en">monoid</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">mb</span><span class="pl-c1">:</span><span class="pl-en">monoid</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-c1">Monoid</span><span class="pl-c1">?.</span><span class="pl-en">mult</span> <span class="pl-en">mb</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-c1">Monoid</span><span class="pl-c1">?.</span><span class="pl-en">mult</span> <span class="pl-en">ma</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">monoid_morphism</span> <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ma</span><span class="pl-c1">:</span><span class="pl-en">monoid</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">mb</span><span class="pl-c1">:</span><span class="pl-en">monoid</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">MonoidMorphism</span> <span class="pl-c1">:</span>
+    <span class="pl-c1">unit:</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">monoid_morphism_unit_lemma</span> <span class="pl-en">f</span> <span class="pl-en">ma</span> <span class="pl-en">mb</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">mult</span><span class="pl-c1">:</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">monoid_morphism_mult_lemma</span> <span class="pl-en">f</span> <span class="pl-en">ma</span> <span class="pl-en">mb</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">monoid_morphism</span> <span class="pl-en">f</span> <span class="pl-en">ma</span> <span class="pl-en">mb</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">intro_monoid_morphism</span> <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ma</span><span class="pl-c1">:</span><span class="pl-en">monoid</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">mb</span><span class="pl-c1">:</span><span class="pl-en">monoid</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">monoid_morphism</span> <span class="pl-en">f</span> <span class="pl-en">ma</span> <span class="pl-en">mb</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">monoid_morphism_unit_lemma</span> <span class="pl-en">f</span> <span class="pl-en">ma</span> <span class="pl-en">mb</span> <span class="pl-c1">/\</span> <span class="pl-en">monoid_morphism_mult_lemma</span> <span class="pl-en">f</span> <span class="pl-en">ma</span> <span class="pl-en">mb</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span>
+<span class="pl-c1">=</span>
+  <span class="pl-c1">MonoidMorphism</span> <span class="pl-c1">()</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">embed_nat_int</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">:</span> <span class="pl-c1">int</span> <span class="pl-c1">=</span> <span class="pl-en">n</span>
+<span class="pl-k">let</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-en">intro_monoid_morphism</span> <span class="pl-en">embed_nat_int</span> <span class="pl-en">nat_plus_monoid</span> <span class="pl-en">int_plus_monoid</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">neg</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">prop</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">prop</span> <span class="pl-c1">=</span> <span class="pl-c1">~</span><span class="pl-en">p</span>
+<span class="pl-k">let</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span>
+  <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">neg</span> <span class="pl-c1">True</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">False</span><span class="pl-c1">)</span> <span class="pl-c1">;</span>
+  <span class="pl-smi">PropExt.</span><span class="pl-en">apply</span> <span class="pl-c1">(</span><span class="pl-en">neg</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">False</span> <span class="pl-c1">;</span>
+  <span class="pl-k">let</span> <span class="pl-en">mult_lemma_helper</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">q</span><span class="pl-c1">:</span><span class="pl-en">prop</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">neg</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">/\</span> <span class="pl-en">q</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-en">neg</span> <span class="pl-en">p</span> <span class="pl-c1">\/</span> <span class="pl-en">neg</span> <span class="pl-en">q</span><span class="pl-c1">))</span> <span class="pl-c1">=</span>
+    <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">neg</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">/\</span> <span class="pl-en">q</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">(</span><span class="pl-en">neg</span> <span class="pl-en">p</span> <span class="pl-c1">\/</span> <span class="pl-en">neg</span> <span class="pl-en">q</span><span class="pl-c1">))</span> <span class="pl-c1">;</span>
+    <span class="pl-smi">PropExt.</span><span class="pl-en">apply</span> <span class="pl-c1">(</span><span class="pl-en">neg</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">/\</span> <span class="pl-en">q</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">neg</span> <span class="pl-en">p</span> <span class="pl-c1">\/</span> <span class="pl-en">neg</span> <span class="pl-en">q</span><span class="pl-c1">)</span>
+  <span class="pl-k">in</span>
+  <span class="pl-en">forall_intro_2</span> <span class="pl-en">mult_lemma_helper</span> <span class="pl-c1">;</span>
+  <span class="pl-en">intro_monoid_morphism</span> <span class="pl-en">neg</span> <span class="pl-en">conjunction_monoid</span> <span class="pl-en">disjunction_monoid</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span>
+  <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">neg</span> <span class="pl-c1">False</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">;</span>
+  <span class="pl-smi">PropExt.</span><span class="pl-en">apply</span> <span class="pl-c1">(</span><span class="pl-en">neg</span> <span class="pl-c1">False</span><span class="pl-c1">)</span> <span class="pl-c1">True</span> <span class="pl-c1">;</span>
+  <span class="pl-k">let</span> <span class="pl-en">mult_lemma_helper</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">q</span><span class="pl-c1">:</span><span class="pl-en">prop</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">neg</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">\/</span> <span class="pl-en">q</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-en">neg</span> <span class="pl-en">p</span> <span class="pl-c1">/\</span> <span class="pl-en">neg</span> <span class="pl-en">q</span><span class="pl-c1">))</span> <span class="pl-c1">=</span>
+    <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">neg</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">\/</span> <span class="pl-en">q</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">(</span><span class="pl-en">neg</span> <span class="pl-en">p</span> <span class="pl-c1">/\</span> <span class="pl-en">neg</span> <span class="pl-en">q</span><span class="pl-c1">))</span> <span class="pl-c1">;</span>
+    <span class="pl-smi">PropExt.</span><span class="pl-en">apply</span> <span class="pl-c1">(</span><span class="pl-en">neg</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">\/</span> <span class="pl-en">q</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">neg</span> <span class="pl-en">p</span> <span class="pl-c1">/\</span> <span class="pl-en">neg</span> <span class="pl-en">q</span><span class="pl-c1">)</span>
+  <span class="pl-k">in</span>
+  <span class="pl-en">forall_intro_2</span> <span class="pl-en">mult_lemma_helper</span> <span class="pl-c1">;</span>
+  <span class="pl-en">intro_monoid_morphism</span> <span class="pl-en">neg</span> <span class="pl-en">disjunction_monoid</span> <span class="pl-en">conjunction_monoid</span></pre></div>
+<p>Definition of a left action</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mult_act_lemma</span> <span class="pl-c1">(</span><span class="pl-en">m</span> <span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">mult</span><span class="pl-c1">:</span><span class="pl-en">m</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">act</span><span class="pl-c1">:</span><span class="pl-en">m</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-en">x'</span><span class="pl-c1">:</span><span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">mult</span><span class="pl-c1">`</span> <span class="pl-en">x'</span><span class="pl-c1">)</span> <span class="pl-c1">`</span><span class="pl-en">act</span><span class="pl-c1">`</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">act</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">x'</span> <span class="pl-c1">`</span><span class="pl-en">act</span><span class="pl-c1">`</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">unit_act_lemma</span> <span class="pl-c1">(</span><span class="pl-en">m</span> <span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">u</span><span class="pl-c1">:</span><span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">act</span><span class="pl-c1">:</span><span class="pl-en">m</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-en">u</span> <span class="pl-c1">`</span><span class="pl-en">act</span><span class="pl-c1">`</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">y</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unopteq</span>
+<span class="pl-k">type</span> <span class="pl-en">left_action</span> <span class="pl-c1">(#</span><span class="pl-en">m</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">mm</span><span class="pl-c1">:</span><span class="pl-en">monoid</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">LAct</span> <span class="pl-c1">:</span>
+    <span class="pl-en">act</span><span class="pl-c1">:(</span><span class="pl-en">m</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">mult_lemma</span><span class="pl-c1">:</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">mult_act_lemma</span> <span class="pl-en">m</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-c1">Monoid</span><span class="pl-c1">?.</span><span class="pl-en">mult</span> <span class="pl-en">mm</span><span class="pl-c1">)</span> <span class="pl-en">act</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">unit_lemma</span><span class="pl-c1">:</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">unit_act_lemma</span> <span class="pl-en">m</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-c1">Monoid</span><span class="pl-c1">?.unit</span> <span class="pl-en">mm</span><span class="pl-c1">)</span> <span class="pl-en">act</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">left_action</span> <span class="pl-en">mm</span> <span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">left_action_morphism</span>
+    <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">#</span><span class="pl-en">ma</span> <span class="pl-c1">#</span><span class="pl-en">mb</span><span class="pl-c1">:Type)</span>
+    <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<p>mf ought to be a monoid morphism but we don't use this fact in the property</p>
+<div class="highlight highlight-source-fstar"><pre>    <span class="pl-c1">(</span><span class="pl-en">mf</span><span class="pl-c1">:</span> <span class="pl-en">ma</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mb</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">mma</span><span class="pl-c1">:</span><span class="pl-en">monoid</span> <span class="pl-en">ma</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">mmb</span><span class="pl-c1">:</span><span class="pl-en">monoid</span> <span class="pl-en">mb</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">la</span><span class="pl-c1">:</span><span class="pl-en">left_action</span> <span class="pl-en">mma</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">lb</span><span class="pl-c1">:</span><span class="pl-en">left_action</span> <span class="pl-en">mmb</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-c1">=</span> <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">g</span><span class="pl-c1">:</span><span class="pl-en">ma</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-c1">LAct</span><span class="pl-c1">?.</span><span class="pl-en">act</span> <span class="pl-en">lb</span> <span class="pl-c1">(</span><span class="pl-en">mf</span> <span class="pl-en">g</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-c1">LAct</span><span class="pl-c1">?.</span><span class="pl-en">act</span> <span class="pl-en">la</span> <span class="pl-en">g</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.All.html b/docs/FStar.All.html
index 07a5302..916873b 100644
--- a/docs/FStar.All.html
+++ b/docs/FStar.All.html
@@ -1,16 +1,43 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.All</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.all">module FStar.All</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarall" class="anchor" href="#fstarall" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.All</h1>
+<ul>
+<li>Opens module <a href="FStar.Heap.html">FStar.Heap</a>
+</li>
+<li>Includes module <a href="FStar.ST.html">FStar.ST</a>
+</li>
+<li>Includes module <a href="FStar.Exn.html">FStar.Exn</a>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">all_pre</span> <span class="pl-c1">=</span> <span class="pl-en">all_pre_h</span> <span class="pl-en">heap</span>
+<span class="pl-k">let</span> <span class="pl-en">all_post'</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">pre</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-en">all_post_h'</span> <span class="pl-en">heap</span> <span class="pl-en">a</span> <span class="pl-en">pre</span>
+<span class="pl-k">let</span> <span class="pl-en">all_post</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">=</span> <span class="pl-en">all_post_h</span> <span class="pl-en">heap</span> <span class="pl-en">a</span>
+<span class="pl-k">let</span> <span class="pl-en">all_wp</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">=</span> <span class="pl-en">all_wp_h</span> <span class="pl-en">heap</span> <span class="pl-en">a</span>
+<span class="pl-k">new_effect</span> <span class="pl-c1">ALL</span>  <span class="pl-c1">=</span> <span class="pl-c1">ALL_h</span> <span class="pl-en">heap</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">lift_state_all</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp</span> <span class="pl-c1">:</span> <span class="pl-en">st_wp</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">:</span> <span class="pl-en">all_post</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">wp</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-c1">V</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+<span class="pl-en">sub_effect</span> <span class="pl-c1">STATE</span> <span class="pl-c1">~&gt;</span> <span class="pl-c1">ALL</span> <span class="pl-c1">{</span> <span class="pl-en">lift_wp</span> <span class="pl-c1">=</span> <span class="pl-en">lift_state_all</span> <span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">lift_exn_all</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp</span> <span class="pl-c1">:</span> <span class="pl-en">ex_wp</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">:</span> <span class="pl-en">all_post</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">:</span> <span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">wp</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">ra</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-en">ra</span> <span class="pl-en">h</span><span class="pl-c1">)</span>
+<span class="pl-en">sub_effect</span> <span class="pl-c1">EXN</span> <span class="pl-c1">~&gt;</span> <span class="pl-c1">ALL</span> <span class="pl-c1">{</span> <span class="pl-en">lift_wp</span> <span class="pl-c1">=</span> <span class="pl-en">lift_exn_all</span> <span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">effect</span> <span class="pl-c1">All</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">pre</span><span class="pl-c1">:</span><span class="pl-en">all_pre</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">post</span><span class="pl-c1">:(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">all_post'</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">pre</span> <span class="pl-en">h</span><span class="pl-c1">))))</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">ALL</span> <span class="pl-en">a</span>
+    <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">:</span> <span class="pl-en">all_post</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">:</span> <span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">pre</span> <span class="pl-en">h</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">ra</span> <span class="pl-en">h1</span><span class="pl-c1">.</span> <span class="pl-en">post</span> <span class="pl-en">h</span> <span class="pl-en">ra</span> <span class="pl-en">h1</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">p</span> <span class="pl-en">ra</span> <span class="pl-en">h1</span><span class="pl-c1">))</span>
+<span class="pl-en">effect</span> <span class="pl-c1">ML</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-c1">ALL</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">all_post</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-c1">_</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">result</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">).</span> <span class="pl-en">p</span> <span class="pl-en">a</span> <span class="pl-en">h</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-c1">(</span> <span class="pl-c1">|&gt;</span> <span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-smi">'b</span><span class="pl-c1">))</span> <span class="pl-c1">:</span> <span class="pl-c1">ML</span> <span class="pl-smi">'b</span> <span class="pl-c1">=</span> <span class="pl-en">f</span> <span class="pl-en">x</span>
+<span class="pl-k">let</span> <span class="pl-en">pipe_right</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span> <span class="pl-c1">|&gt;</span> <span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-c1">(</span> &lt;<span class="pl-c1">|</span> <span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-smi">'b</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">ML</span> <span class="pl-smi">'b</span> <span class="pl-c1">=</span> <span class="pl-en">f</span> <span class="pl-en">x</span>
+<span class="pl-k">let</span> <span class="pl-en">pipe_left</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span> &lt;<span class="pl-c1">|</span> <span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">exit</span> <span class="pl-c1">:</span> <span class="pl-c1">int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-smi">'a</span>
+<span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">try_with</span> <span class="pl-c1">:</span> <span class="pl-c1">(unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">exn</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-smi">'a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">assume</span> <span class="pl-k">exception</span> <span class="pl-c1">Failure</span> <span class="pl-en">of</span> <span class="pl-c1">string</span>
+<span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-k">failwith</span> <span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">All</span> <span class="pl-smi">'a</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">h'</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Err</span><span class="pl-c1">?</span> <span class="pl-en">a</span> <span class="pl-c1">/\</span> <span class="pl-en">h</span> <span class="pl-c1">==</span> <span class="pl-en">h'</span><span class="pl-c1">)</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.BV.html b/docs/FStar.BV.html
index 9dc5199..fd67022 100644
--- a/docs/FStar.BV.html
+++ b/docs/FStar.BV.html
@@ -1,16 +1,215 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.BV</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.bv">module FStar.BV</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarbv" class="anchor" href="#fstarbv" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.BV</h1>
+<blockquote>
+<p>This module defines an abstract type of length-indexed bit
+vectors.  The type and its operations are handled primitively in
+F*'s SMT encoding, which maps them to the SMT sort of bit vectors
+and operations on that sort.</p>
+<p>One way to use this module is in conjuction with
+FStar.Tactics.BV. Its main tactic, <code>bv_tac</code>, converts bitwise
+operations on unsigned integers to operations on bit vectors and
+back using the <code>int2bv / bv2int</code> isomorphism. This can be an
+effective way of discharging such proof obligations for bitwise
+operatoins on integers using the SMT solver's theory of
+bitvectors.</p>
+</blockquote>
+<ul>
+<li>Opens module <a href="FStar.UInt.html">FStar.UInt</a>
+</li>
+</ul>
+<p>for now just opening this for logand, logxor, etc. but we need a better solution.</p>
+<h4>
+<a id="user-content-bv_t" class="anchor" href="#bv_t" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>bv_t</h4>
+<p>The main type of this module, bit vectors of length <code>n</code>, with
+decidable equality</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">bv_t</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">:</span> <span class="pl-c1">eqtype</span></pre></div>
+<p>Experimental:
+Redefining basic type from UInt to avoid importing UInt
+Reduces verification time by 50% in small examples
+// let max_int (n:nat) : Tot int = pow2 n - 1
+// let min_int (n:nat) : Tot int = 0
+// let fits (x:int) (n:nat) : Tot bool = min_int n &lt;= x &amp;&amp; x &lt;= max_int n
+// let size (x:int) (n:nat) : Tot Type0 = b2t(fits x n)
+// type uint_t' (n:nat) = x:int{size x n}</p>
+<h4>
+<a id="user-content-bv_uext" class="anchor" href="#bv_uext" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>bv_uext</h4>
+<p>Extending a bit vector of length <code>n</code> to a larger vector of size
+<code>m+n</code>, filling the extra bits with 0</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">bv_uext</span> <span class="pl-c1">(#</span><span class="pl-en">n</span> <span class="pl-c1">#</span><span class="pl-en">m</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">normalize</span> <span class="pl-c1">(</span><span class="pl-en">bv_t</span> <span class="pl-c1">(</span><span class="pl-en">m</span> <span class="pl-c1">+</span> <span class="pl-en">n</span><span class="pl-c1">)))</span></pre></div>
+<h2>
+<a id="user-content-relating-unsigned-integers-to-bitvectors" class="anchor" href="#relating-unsigned-integers-to-bitvectors" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Relating unsigned integers to bitvectors</h2>
+<h4>
+<a id="user-content-int2bv" class="anchor" href="#int2bv" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>int2bv</h4>
+<p>Mapping a bounded unsigned integer of size <code>&lt; 2^n</code>, to a n-length
+bit vector</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int2bv</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">num</span><span class="pl-c1">:</span> <span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-bv2int" class="anchor" href="#bv2int" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>bv2int</h4>
+<p>Mapping a bit vector back to a bounded unsigned integer of size [&lt;
+2^n]</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">bv2int</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">vec</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int2bv_lemma_1</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int2bv_lemma_2</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">int2bv</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">inverse_vec_lemma</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">vec</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">vec</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">(</span><span class="pl-en">bv2int</span> <span class="pl-en">vec</span><span class="pl-c1">)))</span> <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">(</span><span class="pl-en">bv2int</span> <span class="pl-en">vec</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">inverse_num_lemma</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">num</span><span class="pl-c1">:</span> <span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">num</span> <span class="pl-c1">=</span> <span class="pl-en">bv2int</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">num</span><span class="pl-c1">))</span>
+      <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">bv2int</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">num</span><span class="pl-c1">))]</span></pre></div>
+<h2>
+<a id="user-content-relating-lists-to-bitvectors" class="anchor" href="#relating-lists-to-bitvectors" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Relating lists to bitvectors</h2>
+<h4>
+<a id="user-content-list2bv" class="anchor" href="#list2bv" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>list2bv</h4>
+<p>Mapping a list of booleans to a bitvector</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">list2bv</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">bool</span> <span class="pl-c1">{</span><span class="pl-smi">List.</span><span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-bv2list" class="anchor" href="#bv2list" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>bv2list</h4>
+<p>Mapping a bitvector to a list of booleans</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">bv2list</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">bool</span> <span class="pl-c1">{</span><span class="pl-smi">List.</span><span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">})</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">list2bv_bij</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">bool</span> <span class="pl-c1">{</span><span class="pl-smi">List.</span><span class="pl-en">length</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">})</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">True</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">bv2list</span> <span class="pl-c1">(</span><span class="pl-en">list2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">bv2list_bij</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">True</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">list2bv</span> <span class="pl-c1">(</span><span class="pl-en">bv2list</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">))</span></pre></div>
+<h2>
+<a id="user-content-bitwise-logical-operators" class="anchor" href="#bitwise-logical-operators" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Bitwise logical operators</h2>
+<h4>
+<a id="user-content-bvand" class="anchor" href="#bvand" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>bvand</h4>
+<p>Bitwise conjunction</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">bvand</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int2bv_logand</span><span class="pl-c1">:</span>
+    <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">#</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">#</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">#</span><span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">bvand</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">z</span><span class="pl-c1">)</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">logand</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">z</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-bvxor" class="anchor" href="#bvxor" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>bvxor</h4>
+<p>Bitwise exclusive or</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">bvxor</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int2bv_logxor</span><span class="pl-c1">:</span>
+    <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">#</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">#</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">#</span><span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">bvxor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">z</span><span class="pl-c1">)</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">logxor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">z</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-bvor" class="anchor" href="#bvor" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>bvor</h4>
+<p>Bitwise disjunction</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">bvor</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int2bv_logor</span><span class="pl-c1">:</span>
+    <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">#</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">#</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">#</span><span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">bvor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">z</span><span class="pl-c1">)</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">logor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">z</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-bvnot" class="anchor" href="#bvnot" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>bvnot</h4>
+<p>Bitwise negation</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">bvnot</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int2bv_lognot</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">bvnot</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">z</span><span class="pl-c1">)</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">lognot</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">z</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-bvshl" class="anchor" href="#bvshl" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>bvshl</h4>
+<p>Bitwise shift left</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">bvshl</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int2bv_shl</span><span class="pl-c1">:</span>
+    <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">#</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">#</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">#</span><span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">bvshl</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">z</span><span class="pl-c1">)</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">shift_left</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">z</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-bvshr" class="anchor" href="#bvshr" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>bvshr</h4>
+<p>Bitwise shift right</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">bvshr</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int2bv_shr</span><span class="pl-c1">:</span>
+    <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">#</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">#</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">#</span><span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">bvshr</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">z</span><span class="pl-c1">)</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">shift_right</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">z</span><span class="pl-c1">)</span></pre></div>
+<h2>
+<a id="user-content-arithmetic-operations" class="anchor" href="#arithmetic-operations" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Arithmetic operations</h2>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">bv_zero</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">0</span></pre></div>
+<h4>
+<a id="user-content-bvult" class="anchor" href="#bvult" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>bvult</h4>
+<p>Inequality on bitvectors</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">bvult</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(bool)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int2bv_lemma_ult_1</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">a</span> &lt; <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">bvult</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">b</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int2bv_lemma_ult_2</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">bvult</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">b</span><span class="pl-c1">)))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">a</span> &lt; <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-bvadd" class="anchor" href="#bvadd" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>bvadd</h4>
+<p>Addition</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">bvadd</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int2bv_add</span><span class="pl-c1">:</span>
+    <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">#</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">#</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">#</span><span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">bvadd</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">z</span><span class="pl-c1">)</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">add_mod</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">z</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-bvsub" class="anchor" href="#bvsub" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>bvsub</h4>
+<p>Subtraction</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">bvsub</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int2bv_sub</span><span class="pl-c1">:</span>
+    <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">#</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">#</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">#</span><span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">bvsub</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">z</span><span class="pl-c1">)</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">sub_mod</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">z</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-bvdiv" class="anchor" href="#bvdiv" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>bvdiv</h4>
+<p>Division</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">bvdiv</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">{</span><span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int2bv_div</span><span class="pl-c1">:</span>
+    <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">#</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">#</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">{</span><span class="pl-en">y</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">#</span><span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">bvdiv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">z</span><span class="pl-c1">)</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">udiv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">z</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-bvmod" class="anchor" href="#bvmod" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>bvmod</h4>
+<p>Modulus</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">bvmod</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">{</span><span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int2bv_mod</span><span class="pl-c1">:</span>
+    <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">#</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">#</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">{</span><span class="pl-en">y</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">#</span><span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">bvmod</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">z</span><span class="pl-c1">)</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">mod</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">z</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-bvmul" class="anchor" href="#bvmul" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>bvmul</h4>
+<p>Multiplication modulo</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">bvmul</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int2bv_mul</span><span class="pl-c1">:</span>
+    <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">#</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">#</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">#</span><span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">bvmul</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">z</span><span class="pl-c1">)</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">mul_mod</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">z</span><span class="pl-c1">)</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.BaseTypes.html b/docs/FStar.BaseTypes.html
index de0c11a..9032e2c 100644
--- a/docs/FStar.BaseTypes.html
+++ b/docs/FStar.BaseTypes.html
@@ -1,16 +1,29 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.BaseTypes</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.basetypes">module FStar.BaseTypes</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarbasetypes" class="anchor" href="#fstarbasetypes" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.BaseTypes</h1>
+<blockquote>
+<p>This module aggregates commonly used primitive type constants into
+a single module, providing abbreviations for them.</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">char</span> <span class="pl-c1">=</span> <span class="pl-smi">FStar.Char.</span><span class="pl-en">char</span>
+<span class="pl-k">type</span> <span class="pl-en">float</span> <span class="pl-c1">=</span> <span class="pl-smi">FStar.Float.</span><span class="pl-en">float</span>
+<span class="pl-k">type</span> <span class="pl-en">double</span> <span class="pl-c1">=</span> <span class="pl-smi">FStar.Float.</span><span class="pl-en">double</span>
+<span class="pl-k">type</span> <span class="pl-en">byte</span> <span class="pl-c1">=</span> <span class="pl-smi">FStar.UInt8.</span><span class="pl-en">byte</span>
+<span class="pl-k">type</span> <span class="pl-en">int8</span> <span class="pl-c1">=</span> <span class="pl-smi">FStar.Int8.</span><span class="pl-en">t</span>
+<span class="pl-k">type</span> <span class="pl-en">uint8</span> <span class="pl-c1">=</span> <span class="pl-smi">FStar.UInt8.</span><span class="pl-en">t</span>
+<span class="pl-k">type</span> <span class="pl-en">int16</span> <span class="pl-c1">=</span> <span class="pl-smi">FStar.Int16.</span><span class="pl-en">t</span>
+<span class="pl-k">type</span> <span class="pl-en">uint16</span> <span class="pl-c1">=</span> <span class="pl-smi">FStar.UInt16.</span><span class="pl-en">t</span>
+<span class="pl-k">type</span> <span class="pl-en">int32</span> <span class="pl-c1">=</span> <span class="pl-smi">FStar.Int32.</span><span class="pl-en">t</span>
+<span class="pl-k">type</span> <span class="pl-en">uint32</span> <span class="pl-c1">=</span> <span class="pl-smi">FStar.UInt32.</span><span class="pl-en">t</span>
+<span class="pl-k">type</span> <span class="pl-en">int64</span> <span class="pl-c1">=</span> <span class="pl-smi">FStar.Int64.</span><span class="pl-en">t</span>
+<span class="pl-k">type</span> <span class="pl-en">uint64</span> <span class="pl-c1">=</span> <span class="pl-smi">FStar.UInt64.</span><span class="pl-en">t</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.BigOps.html b/docs/FStar.BigOps.html
index 65cfda6..ec8cf93 100644
--- a/docs/FStar.BigOps.html
+++ b/docs/FStar.BigOps.html
@@ -1,16 +1,285 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.BigOps</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.bigops">module FStar.BigOps</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarbigops" class="anchor" href="#fstarbigops" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.BigOps</h1>
+<blockquote>
+<p>This library provides propositional connectives over finite sets
+expressed as lists, aka "big operators", in analogy with LaTeX
+usage for \bigand, \bigor, etc.</p>
+<p>The library is designed with a dual usage in mind:</p>
+<pre><code>1. Normalization: When applied to a list literal, we want
+   ```FStarbig_and f [a;b;c]``` to implicilty reduce to [f a /\ f b /\ f c]
+
+2. Symbolic manipulation: We provide lemmas of the form
+
+   `big_and f l &lt;==&gt; forall x. L.memP x l ==&gt; f x`
+</code></pre>
+<p>In this latter form, partially computing <code>big_and</code> as a fold over
+a list is cumbersome for proof. So, we provide variants <a href="#big_and'"><code>big_and'</code></a>
+etc., that do not reduce implicitly.</p>
+</blockquote>
+<ul>
+<li>Aliases module <a href="FStar.List.Tot.html"> FStar.List.Tot</a> as <code>L </code>
+</li>
+</ul>
+<h4>
+<a id="user-content-reduce" class="anchor" href="#reduce" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a><strong>reduce</strong>
+</h4>
+<p>We control reduction using the <code>delta_attr</code> feature of the
+normalizer. See FStar.Pervasives for how that works. Every term
+that is to be reduced is with the <a href="#__reduce__"><code>__reduce__</code></a> attribute</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">__reduce__</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<p>We wrap <code>norm</code> with a module-specific custom usage, triggering
+specific reduction steps</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@ <span class="pl-en">__reduce__</span><span class="pl-c1">]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">normal</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">=</span>
+  <span class="pl-smi">FStar.Pervasives.</span><span class="pl-en">norm</span> <span class="pl-c1">[</span>
+      <span class="pl-en">iota</span><span class="pl-c1">;</span>
+      <span class="pl-en">zeta</span><span class="pl-c1">;</span>
+      <span class="pl-en">delta_only</span> <span class="pl-c1">[`</span>%<span class="pl-smi">L.</span><span class="pl-en">fold_right_gtot</span><span class="pl-c1">;</span> <span class="pl-c1">`</span>%<span class="pl-smi">L.</span><span class="pl-en">map_gtot</span><span class="pl-c1">];</span>
+      <span class="pl-en">delta_attr</span> <span class="pl-c1">[`</span>%<span class="pl-en">__reduce__</span><span class="pl-c1">];</span>
+      <span class="pl-en">primops</span><span class="pl-c1">;</span>
+      <span class="pl-en">simplify</span>
+    <span class="pl-c1">]</span>
+    <span class="pl-en">x</span></pre></div>
+<h4>
+<a id="user-content-normal_eq" class="anchor" href="#normal_eq" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>normal_eq</h4>
+<p>A useful lemma to relate terms to their implicilty reducing variants</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">normal_eq</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-c1">==</span> <span class="pl-en">normal</span> <span class="pl-en">f</span><span class="pl-c1">)</span></pre></div>
+<h2>
+<a id="user-content-map-and-fold" class="anchor" href="#map-and-fold" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Map and fold</h2>
+<h4>
+<a id="user-content-map_op" class="anchor" href="#map_op" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>map_op'</h4>
+<p>A utility that combines map and fold: <code>map_op' op f l z</code> maps each
+element of <code>l</code> by <code>f</code> and then combines them using <code>op</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@ <span class="pl-en">__reduce__</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">map_op'</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">op</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-en">c</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-en">c</span> <span class="pl-c1">=</span>
+  <span class="pl-smi">L.</span><span class="pl-en">fold_right_gtot</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-en">l</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-en">acc</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">`</span><span class="pl-en">op</span><span class="pl-c1">`</span> <span class="pl-en">acc</span><span class="pl-c1">)</span> <span class="pl-en">z</span></pre></div>
+<h4>
+<a id="user-content-map_op_nil" class="anchor" href="#map_op_nil" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>map_op'_nil</h4>
+<p>Equations for <a href="#map_op'"><code>map_op'</code></a> showing how it folds over the empty list</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">map_op'_nil</span> <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">op</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-en">c</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">map_op'</span> <span class="pl-en">op</span> <span class="pl-en">f</span> <span class="pl-c1">[]</span> <span class="pl-en">z</span> <span class="pl-c1">==</span> <span class="pl-en">z</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-map_op_cons" class="anchor" href="#map_op_cons" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>map_op'_cons</h4>
+<p>Equations for <a href="#map_op'"><code>map_op'</code></a> showing how it folds over a cons cell</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">map_op'_cons</span>
+      <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+      <span class="pl-c1">(</span><span class="pl-en">op</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-en">c</span><span class="pl-c1">))</span>
+      <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+      <span class="pl-c1">(</span><span class="pl-en">hd</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">tl</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">map_op'</span> <span class="pl-en">op</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">hd</span> <span class="pl-c1">::</span> <span class="pl-en">tl</span><span class="pl-c1">)</span> <span class="pl-en">z</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">hd</span><span class="pl-c1">)</span> <span class="pl-c1">`</span><span class="pl-en">op</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">map_op'</span> <span class="pl-en">op</span> <span class="pl-en">f</span> <span class="pl-en">tl</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<h2>
+<a id="user-content-conjunction" class="anchor" href="#conjunction" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Conjunction</h2>
+<h4>
+<a id="user-content-big_and" class="anchor" href="#big_and" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>big_and'</h4>
+<p><code>big_and' f l</code> = <code>/\_{x in l} f x</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@ <span class="pl-en">__reduce__</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">big_and'</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">=</span> <span class="pl-en">map_op'</span> <span class="pl-en">l_and</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">True</span></pre></div>
+<h4>
+<a id="user-content-big_and_nil" class="anchor" href="#big_and_nil" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>big_and'_nil</h4>
+<p>Equations for <a href="#big_and'"><code>big_and'</code></a> showing it to be trivial over the empty list</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">big_and'_nil</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">big_and'</span> <span class="pl-en">f</span> <span class="pl-c1">[]</span> <span class="pl-c1">==</span> <span class="pl-c1">True</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-big_and_cons" class="anchor" href="#big_and_cons" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>big_and'_cons</h4>
+<p>Equations for <a href="#big_and'"><code>big_and'</code></a> showing it to be a fold over a list with <code>/\</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">big_and'_cons</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">hd</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">tl</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">big_and'</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">hd</span> <span class="pl-c1">::</span> <span class="pl-en">tl</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">hd</span> <span class="pl-c1">/\</span> <span class="pl-en">big_and'</span> <span class="pl-en">f</span> <span class="pl-en">tl</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-big_and_prop" class="anchor" href="#big_and_prop" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>big_and'_prop</h4>
+<p><code>big_and' f l</code> is a <code>prop</code>, i.e., it is proof irrelevant.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">big_and'_prop</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">big_and'</span> <span class="pl-en">f</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">`</span><span class="pl-en">subtype_of</span><span class="pl-c1">`</span> <span class="pl-c1">unit)</span></pre></div>
+<p>Note: defining <a href="#big_and'"><code>big_and'</code></a> to intrinsically be in <code>prop</code>
+is also possible, but it's much more tedious in proofs.</p>
+<p>This is in part because the <code>/\</code> is not defined in prop,
+though one can prove that <code>a /\ b</code> is a prop.</p>
+<p>The discrepancy means that I preferred to prove these
+operators in <code>prop</code> extrinsically.</p>
+<h4>
+<a id="user-content-big_and_forall" class="anchor" href="#big_and_forall" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>big_and'_forall</h4>
+<p>Interpreting the finite conjunction <code>big_and f l</code>
+as an infinite conjunction <code>forall</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">big_and'_forall</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">big_and'</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-smi">L.</span><span class="pl-en">memP</span> <span class="pl-en">x</span> <span class="pl-en">l</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<p><code>big_and f l</code> is an implicitly reducing variant of <a href="#big_and'"><code>big_and'</code></a>
+It is defined in <code>prop</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@ <span class="pl-en">__reduce__</span><span class="pl-c1">]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">big_and</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">prop</span> <span class="pl-c1">=</span>
+  <span class="pl-en">big_and'_prop</span> <span class="pl-en">f</span> <span class="pl-en">l</span><span class="pl-c1">;</span>
+  <span class="pl-en">normal</span> <span class="pl-c1">(</span><span class="pl-en">big_and'</span> <span class="pl-en">f</span> <span class="pl-en">l</span><span class="pl-c1">)</span></pre></div>
+<h2>
+<a id="user-content-disjunction" class="anchor" href="#disjunction" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Disjunction</h2>
+<h4>
+<a id="user-content-big_or" class="anchor" href="#big_or" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>big_or'</h4>
+<p><code>big_or f l</code> = <code>\/_{x in l} f x</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@ <span class="pl-en">__reduce__</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">big_or'</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">=</span> <span class="pl-en">map_op'</span> <span class="pl-en">l_or</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">False</span></pre></div>
+<h4>
+<a id="user-content-big_or_nil" class="anchor" href="#big_or_nil" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>big_or'_nil</h4>
+<p>Equations for <code>big_or</code> showing it to be <code>False</code> on the empty list</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">big_or'_nil</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">big_or'</span> <span class="pl-en">f</span> <span class="pl-c1">[]</span> <span class="pl-c1">==</span> <span class="pl-c1">False</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-big_or_cons" class="anchor" href="#big_or_cons" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>big_or'_cons</h4>
+<p>Equations for <code>big_or</code> showing it to fold over a list</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">big_or'_cons</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">hd</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">tl</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">big_or'</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">hd</span> <span class="pl-c1">::</span> <span class="pl-en">tl</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">hd</span> <span class="pl-c1">\/</span> <span class="pl-en">big_or'</span> <span class="pl-en">f</span> <span class="pl-en">tl</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-big_or_prop" class="anchor" href="#big_or_prop" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>big_or'_prop</h4>
+<p><code>big_or f l</code> is a <code>prop</code>
+See the remark above on the style of proof for prop</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">big_or'_prop</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">big_or'</span> <span class="pl-en">f</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">`</span><span class="pl-en">subtype_of</span><span class="pl-c1">`</span> <span class="pl-c1">unit)</span></pre></div>
+<h4>
+<a id="user-content-big_or_exists" class="anchor" href="#big_or_exists" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>big_or'_exists</h4>
+<p>Interpreting the finite disjunction <code>big_or f l</code>
+as an infinite disjunction <code>exists</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">big_or'_exists</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">big_or'</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-smi">L.</span><span class="pl-en">memP</span> <span class="pl-en">x</span> <span class="pl-en">l</span> <span class="pl-c1">/\</span> <span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<p><code>big_or f l</code> is an implicitly reducing variant of <a href="#big_or'"><code>big_or'</code></a>
+It is defined in <code>prop</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@ <span class="pl-en">__reduce__</span><span class="pl-c1">]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">big_or</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">prop</span> <span class="pl-c1">=</span>
+  <span class="pl-en">big_or'_prop</span> <span class="pl-en">f</span> <span class="pl-en">l</span><span class="pl-c1">;</span>
+  <span class="pl-en">normal</span> <span class="pl-c1">(</span><span class="pl-en">big_or'</span> <span class="pl-en">f</span> <span class="pl-en">l</span><span class="pl-c1">)</span></pre></div>
+<h2>
+<a id="user-content-pairwise-operators" class="anchor" href="#pairwise-operators" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Pairwise operators</h2>
+<blockquote>
+<p>We provide functions to apply a reflexive, symmetric binary
+operator to elements in a list <code>l</code> pairwise, in a triangle of
+elements in the square matrix of <code>l X l</code>. To illustrate, for a
+list of <code>n</code> elements, we fold the operator over the pairwise
+elements of the list in top-down, left-to-right order of the
+diagram below</p>
+<div class="highlight highlight-source-fstar"><pre> <span class="pl-c1">0</span> <span class="pl-c1">1</span> <span class="pl-c1">2</span> <span class="pl-c1">3</span> <span class="pl-c1">...</span> <span class="pl-en">n</span>
+<span class="pl-c1">0</span>
+<span class="pl-c1">1</span> <span class="pl-en">x</span>
+<span class="pl-c1">2</span> <span class="pl-en">x</span> <span class="pl-en">x</span>
+<span class="pl-c1">3</span> <span class="pl-en">x</span> <span class="pl-en">x</span> <span class="pl-en">x</span>
+<span class="pl-c1">.</span> <span class="pl-en">x</span> <span class="pl-en">x</span> <span class="pl-en">x</span> <span class="pl-en">x</span>
+ <span class="pl-en">n</span> <span class="pl-en">x</span> <span class="pl-en">x</span> <span class="pl-en">x</span> <span class="pl-en">x</span>  <span class="pl-c1">```</span></pre></div>
+</blockquote>
+<h4>
+<a id="user-content-pairwise_op" class="anchor" href="#pairwise_op" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>pairwise_op'</h4>
+<p>Mapping pairs of elements of <code>l</code> using <code>f</code> and combining them with
+<code>op</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@ <span class="pl-en">__reduce__</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">pairwise_op'</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">op</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-en">b</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">z</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span> <span class="pl-c1">::</span> <span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">map_op'</span> <span class="pl-en">op</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">hd</span><span class="pl-c1">)</span> <span class="pl-en">tl</span> <span class="pl-en">z</span><span class="pl-c1">)</span> <span class="pl-c1">`</span><span class="pl-en">op</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">pairwise_op'</span> <span class="pl-en">op</span> <span class="pl-en">f</span> <span class="pl-en">tl</span> <span class="pl-en">z</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-symmetric" class="anchor" href="#symmetric" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>symmetric</h4>
+<p><code>f</code> is a symmetric relation</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">symmetric</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">=</span> <span class="pl-k">forall</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">.</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">f</span> <span class="pl-en">y</span> <span class="pl-en">x</span></pre></div>
+<h4>
+<a id="user-content-reflexive" class="anchor" href="#reflexive" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>reflexive</h4>
+<p><code>f</code> is a reflexive relation</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">reflexive</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">=</span> <span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">x</span></pre></div>
+<h4>
+<a id="user-content-anti_reflexive" class="anchor" href="#anti_reflexive" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>anti_reflexive</h4>
+<p><code>f</code> is a anti-reflexive relation</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">anti_reflexive</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">=</span> <span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-c1">~(</span><span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<h2>
+<a id="user-content-pairwise-conjunction" class="anchor" href="#pairwise-conjunction" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Pairwise conjunction</h2>
+<h4>
+<a id="user-content-pairwise_and" class="anchor" href="#pairwise_and" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>pairwise_and'</h4>
+<p><code>pairwise_and f l</code> conjoins <code>f</code> on all pairs excluding the diagonal
+i.e.,</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@ <span class="pl-en">__reduce__</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">pairwise_and'</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">=</span> <span class="pl-en">pairwise_op'</span> <span class="pl-en">l_and</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">True</span></pre></div>
+<p><code>FStar pairwise_and f [a; b; c] = f a b /\ f a c /\ f b c </code></p>
+<h4>
+<a id="user-content-pairwise_and_nil" class="anchor" href="#pairwise_and_nil" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>pairwise_and'_nil</h4>
+<p>Equations for <code>pairwise_and</code> showing it to be a fold with <code>big_and</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">pairwise_and'_nil</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0))</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">pairwise_and'</span> <span class="pl-en">f</span> <span class="pl-c1">[]</span> <span class="pl-c1">==</span> <span class="pl-c1">True</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-pairwise_and_cons" class="anchor" href="#pairwise_and_cons" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>pairwise_and'_cons</h4>
+<p>Equations for <code>pairwise_and</code> showing it to be a fold with <code>big_and</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">pairwise_and'_cons</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0))</span> <span class="pl-c1">(</span><span class="pl-en">hd</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">tl</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">pairwise_and'</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">hd</span> <span class="pl-c1">::</span> <span class="pl-en">tl</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-en">big_and'</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">hd</span><span class="pl-c1">)</span> <span class="pl-en">tl</span> <span class="pl-c1">/\</span> <span class="pl-en">pairwise_and'</span> <span class="pl-en">f</span> <span class="pl-en">tl</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-pairwise_and_prop" class="anchor" href="#pairwise_and_prop" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>pairwise_and'_prop</h4>
+<p><code>pairwise_and' f l</code> is a prop
+See the remark above on the style of proof for prop</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">pairwise_and'_prop</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">pairwise_and'</span> <span class="pl-en">f</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">`</span><span class="pl-en">subtype_of</span><span class="pl-c1">`</span> <span class="pl-c1">unit)</span></pre></div>
+<h4>
+<a id="user-content-pairwise_and_forall" class="anchor" href="#pairwise_and_forall" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>pairwise_and'_forall</h4>
+<p><code>pairwise_and' f l</code> for symmetric reflexive relations <code>f</code>
+is interpreted as universal quantification over pairs of list elements *</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">pairwise_and'_forall</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">symmetric</span> <span class="pl-en">f</span> <span class="pl-c1">/\</span> <span class="pl-en">reflexive</span> <span class="pl-en">f</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">pairwise_and'</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">.</span> <span class="pl-smi">L.</span><span class="pl-en">memP</span> <span class="pl-en">x</span> <span class="pl-en">l</span> <span class="pl-c1">/\</span> <span class="pl-smi">L.</span><span class="pl-en">memP</span> <span class="pl-en">y</span> <span class="pl-en">l</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)))</span></pre></div>
+<h4>
+<a id="user-content-pairwise_and_forall_no_repeats" class="anchor" href="#pairwise_and_forall_no_repeats" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>pairwise_and'_forall_no_repeats</h4>
+<p><code>pairwise_and' f l</code> for symmetric relations <code>f</code> interpreted as
+universal quantification over pairs of list of unique elements</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">pairwise_and'_forall_no_repeats</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">symmetric</span> <span class="pl-en">f</span> <span class="pl-c1">/\</span> <span class="pl-smi">L.</span><span class="pl-en">no_repeats_p</span> <span class="pl-en">l</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">pairwise_and'</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">.</span> <span class="pl-smi">L.</span><span class="pl-en">memP</span> <span class="pl-en">x</span> <span class="pl-en">l</span> <span class="pl-c1">/\</span> <span class="pl-smi">L.</span><span class="pl-en">memP</span> <span class="pl-en">y</span> <span class="pl-en">l</span> <span class="pl-c1">/\</span> <span class="pl-en">x</span> <span class="pl-c1">=</span>!<span class="pl-c1">=</span> <span class="pl-en">y</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)))</span></pre></div>
+<p><code>pairwise_and f l</code> is an implicitly reducing variant of <a href="#pairwise_and'"><code>pairwise_and'</code></a>
+It is defined in <code>prop</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@ <span class="pl-en">__reduce__</span><span class="pl-c1">]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">pairwise_and</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">prop</span> <span class="pl-c1">=</span>
+  <span class="pl-en">pairwise_and'_prop</span> <span class="pl-en">f</span> <span class="pl-en">l</span><span class="pl-c1">;</span>
+  <span class="pl-en">normal</span> <span class="pl-c1">(</span><span class="pl-en">pairwise_and'</span> <span class="pl-en">f</span> <span class="pl-en">l</span><span class="pl-c1">)</span></pre></div>
+<h2>
+<a id="user-content-pairwise-disjunction" class="anchor" href="#pairwise-disjunction" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Pairwise disjunction</h2>
+<h4>
+<a id="user-content-pairwise_or" class="anchor" href="#pairwise_or" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>pairwise_or'</h4>
+<p><code>pairwise_or f l</code> disjoins <code>f</code> on all pairs excluding the diagonal
+i.e., <code>pairwise_or f </code>a; b; c<code> = f a b \/ f a c \/ f b c</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@ <span class="pl-en">__reduce__</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">pairwise_or'</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">=</span> <span class="pl-en">pairwise_op'</span> <span class="pl-en">l_or</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">False</span></pre></div>
+<h4>
+<a id="user-content-pairwise_or_nil" class="anchor" href="#pairwise_or_nil" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>pairwise_or'_nil</h4>
+<p>Equations for <a href="#pairwise_or'"><code>pairwise_or'</code></a> showing it to be a fold with <a href="#big_or'"><code>big_or'</code></a></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">pairwise_or'_nil</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0))</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">pairwise_or'</span> <span class="pl-en">f</span> <span class="pl-c1">[]</span> <span class="pl-c1">==</span> <span class="pl-c1">False</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-pairwise_or_cons" class="anchor" href="#pairwise_or_cons" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>pairwise_or'_cons</h4>
+<p>Equations for <a href="#pairwise_or'"><code>pairwise_or'</code></a> showing it to be a fold with <a href="#big_or'"><code>big_or'</code></a></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">pairwise_or'_cons</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0))</span> <span class="pl-c1">(</span><span class="pl-en">hd</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">tl</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">pairwise_or'</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">hd</span> <span class="pl-c1">::</span> <span class="pl-en">tl</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-en">big_or'</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">hd</span><span class="pl-c1">)</span> <span class="pl-en">tl</span> <span class="pl-c1">\/</span> <span class="pl-en">pairwise_or'</span> <span class="pl-en">f</span> <span class="pl-en">tl</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-pairwise_or_prop" class="anchor" href="#pairwise_or_prop" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>pairwise_or'_prop</h4>
+<p><code>pairwise_or' f l</code> is a prop
+See the remark above on the style of proof for prop</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">pairwise_or'_prop</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">pairwise_or'</span> <span class="pl-en">f</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">`</span><span class="pl-en">subtype_of</span><span class="pl-c1">`</span> <span class="pl-c1">unit)</span></pre></div>
+<h4>
+<a id="user-content-pairwise_or_exists" class="anchor" href="#pairwise_or_exists" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>pairwise_or'_exists</h4>
+<p><code>pairwise_or' f l</code> for symmetric, anti-reflexive relations <code>f</code>
+interpreted as existential quantification over
+pairs of list elements</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">pairwise_or'_exists</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">symmetric</span> <span class="pl-en">f</span> <span class="pl-c1">/\</span> <span class="pl-en">anti_reflexive</span> <span class="pl-en">f</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">pairwise_or'</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">.</span> <span class="pl-smi">L.</span><span class="pl-en">memP</span> <span class="pl-en">x</span> <span class="pl-en">l</span> <span class="pl-c1">/\</span> <span class="pl-smi">L.</span><span class="pl-en">memP</span> <span class="pl-en">y</span> <span class="pl-en">l</span> <span class="pl-c1">/\</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)))</span></pre></div>
+<h4>
+<a id="user-content-pairwise_or_exists_no_repeats" class="anchor" href="#pairwise_or_exists_no_repeats" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>pairwise_or'_exists_no_repeats</h4>
+<p><code>pairwise_or' f l</code> for symmetric, anti-reflexive relations <code>f</code>
+interpreted as existential quantification over
+pairs of list elements</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">pairwise_or'_exists_no_repeats</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">symmetric</span> <span class="pl-en">f</span> <span class="pl-c1">/\</span> <span class="pl-smi">L.</span><span class="pl-en">no_repeats_p</span> <span class="pl-en">l</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">pairwise_or'</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">.</span> <span class="pl-smi">L.</span><span class="pl-en">memP</span> <span class="pl-en">x</span> <span class="pl-en">l</span> <span class="pl-c1">/\</span> <span class="pl-smi">L.</span><span class="pl-en">memP</span> <span class="pl-en">y</span> <span class="pl-en">l</span> <span class="pl-c1">/\</span> <span class="pl-en">x</span> <span class="pl-c1">=</span>!<span class="pl-c1">=</span> <span class="pl-en">y</span> <span class="pl-c1">/\</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)))</span></pre></div>
+<p><code>pairwise_or f l</code> is an implicitly reducing variant of <a href="#pairwise_or'"><code>pairwise_or'</code></a>
+It is defined in <code>prop</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@ <span class="pl-en">__reduce__</span><span class="pl-c1">]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">pairwise_or</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">prop</span> <span class="pl-c1">=</span>
+  <span class="pl-en">pairwise_or'_prop</span> <span class="pl-en">f</span> <span class="pl-en">l</span><span class="pl-c1">;</span>
+  <span class="pl-en">normal</span> <span class="pl-c1">(</span><span class="pl-en">pairwise_or'</span> <span class="pl-en">f</span> <span class="pl-en">l</span><span class="pl-c1">)</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.BitVector.html b/docs/FStar.BitVector.html
index 36d94b5..5eebfc4 100644
--- a/docs/FStar.BitVector.html
+++ b/docs/FStar.BitVector.html
@@ -1,61 +1,202 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.BitVector</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.bitvector">module FStar.BitVector</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> (is_subset_vec (#n:pos) (a:bv_t n) (b:bv_t n)):forall i:nat.{:pattern } ==&gt;(&lt;(i, n), ==&gt;(=(index b i, <span class="kw">false</span>), =(index a i, <span class="kw">false</span>)))</code></pre></div>
-<p>is_subset_vec is the property that the zero bits of b are also zero in a. I.e. that a is a subset of b.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> (is_superset_vec (#n:pos) (a:bv_t n) (b:bv_t n)):forall i:nat.{:pattern } ==&gt;(&lt;(i, n), ==&gt;(=(index b i, <span class="kw">true</span>), =(index a i, <span class="kw">true</span>)))</code></pre></div>
-<p>is_superset_vec is the property that the non-zero bits of b are also non-zero in a. I.e. that a is a superset of b.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> lemma_slice_subset_vec:Unidentified product: [#n:pos] Unidentified product: [a:bv_t n] Unidentified product: [b:bv_t n] Unidentified product: [i:nat] Unidentified product: [j:j:nat:{&amp;&amp;(&lt;(i, j), &lt;=(j, n))}] (Lemma ((requires is_subset_vec a b)) ((ensures (<span class="kw">match</span> n <span class="kw">with</span> <span class="dv">1</span>  -&gt; True | _  -&gt; is_subset_vec #(-(j, i)) (slice a i j) (slice b i j)))))</code></pre></div>
-<p>lemma_slice_subset_vec proves that the subset property is conserved in subslices.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> lemma_slice_superset_vec:Unidentified product: [#n:pos] Unidentified product: [a:bv_t n] Unidentified product: [b:bv_t n] Unidentified product: [i:nat] Unidentified product: [j:j:nat:{&amp;&amp;(&lt;(i, j), &lt;=(j, n))}] (Lemma ((requires is_superset_vec a b)) ((ensures (<span class="kw">match</span> n <span class="kw">with</span> <span class="dv">1</span>  -&gt; True | _  -&gt; is_superset_vec #(-(j, i)) (slice a i j) (slice b i j)))))</code></pre></div>
-<p>lemma_slice_superset_vec proves that the superset property is conserved in subslices.</p>
+<h1>
+<a id="user-content-fstarbitvector" class="anchor" href="#fstarbitvector" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.BitVector</h1>
+<blockquote>
+<p>This module defines a bit vector as a sequence of booleans of a
+given length, and provides various utilities.</p>
+<p>NOTE: THE TYPE <a href="#bv_t"><code>bv_t</code></a> DEFINED IS UNRELATED TO THE SMT SOLVER'S
+THEORY OF BIT VECTORS. SEE <code>FStar.BV</code> FOR THAT.</p>
+<p>TODO: We might rename this module to FStar.Seq.Boolean?</p>
+</blockquote>
+<ul>
+<li>Opens module <a href="FStar.Mul.html">FStar.Mul</a>
+</li>
+<li>Opens module <a href="FStar.Seq.html">FStar.Seq</a>
+</li>
+</ul>
+<h4>
+<a id="user-content-bv_t" class="anchor" href="#bv_t" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>bv_t</h4>
+<p><code>bv_t n</code> is just a sequence of booleans of length <code>n</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">bv_t</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">=</span> <span class="pl-en">vec</span><span class="pl-c1">:</span> <span class="pl-en">seq</span> <span class="pl-c1">bool</span> <span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">vec</span> <span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">}</span></pre></div>
+<h2>
+<a id="user-content-common-constants" class="anchor" href="#common-constants" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Common constants</h2>
+<h4>
+<a id="user-content-zero_vec" class="anchor" href="#zero_vec" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>zero_vec</h4>
+<p>A length <code>n</code> zero vector</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">zero_vec</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-en">create</span> <span class="pl-en">n</span> <span class="pl-c1">false</span></pre></div>
+<h4>
+<a id="user-content-elem_vec" class="anchor" href="#elem_vec" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>elem_vec</h4>
+<p>A vector of length <code>n</code> whose <code>i</code>th bit is set, only</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">elem_vec</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-c1">nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-en">upd</span> <span class="pl-c1">(</span><span class="pl-en">create</span> <span class="pl-en">n</span> <span class="pl-c1">false</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">true</span></pre></div>
+<h4>
+<a id="user-content-ones_vec" class="anchor" href="#ones_vec" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>ones_vec</h4>
+<p>A length <code>n</code> vector all of whose bits are set</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">ones_vec</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-en">create</span> <span class="pl-en">n</span> <span class="pl-c1">true</span></pre></div>
+<h4>
+<a id="user-content-logand_vec" class="anchor" href="#logand_vec" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>logand_vec</h4>
+<p>Bitwise logical and</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">logand_vec</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">1</span>
+  <span class="pl-k">then</span> <span class="pl-en">create</span> <span class="pl-c1">1</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">a</span> <span class="pl-c1">0</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">index</span> <span class="pl-en">b</span> <span class="pl-c1">0</span><span class="pl-c1">)</span>
+  <span class="pl-k">else</span> <span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">create</span> <span class="pl-c1">1</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">a</span> <span class="pl-c1">0</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">index</span> <span class="pl-en">b</span> <span class="pl-c1">0</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">logand_vec</span> <span class="pl-c1">#(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">a</span> <span class="pl-c1">1</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">b</span> <span class="pl-c1">1</span> <span class="pl-en">n</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-logand_vec_definition" class="anchor" href="#logand_vec_definition" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>logand_vec_definition</h4>
+<p><code>logand</code> defined in terms of its indexing behavior</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">logand_vec_definition</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-c1">nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">})</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">logand_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">a</span> <span class="pl-en">i</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">index</span> <span class="pl-en">b</span> <span class="pl-en">i</span><span class="pl-c1">))</span>
+      <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">logand_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-c1">()</span> <span class="pl-k">else</span> <span class="pl-en">logand_vec_definition</span> <span class="pl-c1">#(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">a</span> <span class="pl-c1">1</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">b</span> <span class="pl-c1">1</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-logxor_vec" class="anchor" href="#logxor_vec" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>logxor_vec</h4>
+<p>Bitwise logical exclusive or</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">logxor_vec</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">1</span>
+  <span class="pl-k">then</span> <span class="pl-en">create</span> <span class="pl-c1">1</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">a</span> <span class="pl-c1">0</span> &lt;&gt; <span class="pl-en">index</span> <span class="pl-en">b</span> <span class="pl-c1">0</span><span class="pl-c1">)</span>
+  <span class="pl-k">else</span> <span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">create</span> <span class="pl-c1">1</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">a</span> <span class="pl-c1">0</span> &lt;&gt; <span class="pl-en">index</span> <span class="pl-en">b</span> <span class="pl-c1">0</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">logxor_vec</span> <span class="pl-c1">#(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">a</span> <span class="pl-c1">1</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">b</span> <span class="pl-c1">1</span> <span class="pl-en">n</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-logxor_vec_definition" class="anchor" href="#logxor_vec_definition" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>logxor_vec_definition</h4>
+<p><code>logxor</code> defined in terms of its indexing behavior</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">logxor_vec_definition</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-c1">nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">})</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">logxor_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">a</span> <span class="pl-en">i</span> &lt;&gt; <span class="pl-en">index</span> <span class="pl-en">b</span> <span class="pl-en">i</span><span class="pl-c1">))</span>
+      <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">logxor_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-c1">()</span> <span class="pl-k">else</span> <span class="pl-en">logxor_vec_definition</span> <span class="pl-c1">#(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">a</span> <span class="pl-c1">1</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">b</span> <span class="pl-c1">1</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-logor_vec" class="anchor" href="#logor_vec" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>logor_vec</h4>
+<p>Bitwise logical or</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">logor_vec</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">1</span>
+  <span class="pl-k">then</span> <span class="pl-en">create</span> <span class="pl-c1">1</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">a</span> <span class="pl-c1">0</span> <span class="pl-c1">||</span> <span class="pl-en">index</span> <span class="pl-en">b</span> <span class="pl-c1">0</span><span class="pl-c1">)</span>
+  <span class="pl-k">else</span> <span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">create</span> <span class="pl-c1">1</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">a</span> <span class="pl-c1">0</span> <span class="pl-c1">||</span> <span class="pl-en">index</span> <span class="pl-en">b</span> <span class="pl-c1">0</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">logor_vec</span> <span class="pl-c1">#(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">a</span> <span class="pl-c1">1</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">b</span> <span class="pl-c1">1</span> <span class="pl-en">n</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-logor_vec_definition" class="anchor" href="#logor_vec_definition" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>logor_vec_definition</h4>
+<p><code>logor</code> defined in terms of its indexing behavior</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">logor_vec_definition</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-c1">nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">})</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">logor_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">a</span> <span class="pl-en">i</span> <span class="pl-c1">||</span> <span class="pl-en">index</span> <span class="pl-en">b</span> <span class="pl-en">i</span><span class="pl-c1">))</span>
+      <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">logor_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-c1">()</span> <span class="pl-k">else</span> <span class="pl-en">logor_vec_definition</span> <span class="pl-c1">#(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">a</span> <span class="pl-c1">1</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">b</span> <span class="pl-c1">1</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-lognot_vec" class="anchor" href="#lognot_vec" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lognot_vec</h4>
+<p>Bitwise negation</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">lognot_vec</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">1</span>
+  <span class="pl-k">then</span> <span class="pl-en">create</span> <span class="pl-c1">1</span> <span class="pl-c1">(</span><span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">a</span> <span class="pl-c1">0</span><span class="pl-c1">))</span>
+  <span class="pl-k">else</span> <span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">create</span> <span class="pl-c1">1</span> <span class="pl-c1">(</span><span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">a</span> <span class="pl-c1">0</span><span class="pl-c1">)))</span> <span class="pl-c1">(</span><span class="pl-en">lognot_vec</span> <span class="pl-c1">#(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">a</span> <span class="pl-c1">1</span> <span class="pl-en">n</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-lognot_vec_definition" class="anchor" href="#lognot_vec_definition" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lognot_vec_definition</h4>
+<p><code>lognot</code> defined in terms of its indexing behavior</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">lognot_vec_definition</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-c1">nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">})</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">lognot_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">a</span> <span class="pl-en">i</span><span class="pl-c1">))</span>
+      <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">lognot_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-c1">()</span> <span class="pl-k">else</span> <span class="pl-en">lognot_vec_definition</span> <span class="pl-c1">#(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">a</span> <span class="pl-c1">1</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span></pre></div>
+<p>Bitwise lemmas</p>
+<h4>
+<a id="user-content-lemma_xor_bounded" class="anchor" href="#lemma_xor_bounded" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lemma_xor_bounded</h4>
+<p>If both <code>x</code> and <code>y</code> are false at a given index <code>i</code>, then so is they logical xor at <code>i</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lemma_xor_bounded</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">m</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+      <span class="pl-c1">(</span><span class="pl-en">requires</span>
+        <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-c1">nat).</span>
+            <span class="pl-c1">(</span><span class="pl-en">i</span> &lt; <span class="pl-en">m</span> <span class="pl-c1">/\</span> <span class="pl-en">i</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span>
+            <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">m</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span> <span class="pl-c1">-</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">false</span> <span class="pl-c1">/\</span> <span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-en">y</span> <span class="pl-c1">(</span><span class="pl-en">m</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span> <span class="pl-c1">-</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">false</span><span class="pl-c1">)))</span>
+      <span class="pl-c1">(</span><span class="pl-en">ensures</span>
+        <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-c1">nat).</span> <span class="pl-c1">(</span><span class="pl-en">i</span> &lt; <span class="pl-en">m</span> <span class="pl-c1">/\</span> <span class="pl-en">i</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">logxor_vec</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span> <span class="pl-c1">-</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">false</span><span class="pl-c1">)))</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">()</span></pre></div>
+<h4>
+<a id="user-content-is_subset_vec" class="anchor" href="#is_subset_vec" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>is_subset_vec</h4>
+<p>The property that the zero bits of b are also zero in a.
+I.e. that a is a subset of b.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">is_subset_vec</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-c1">nat).</span> <span class="pl-en">i</span> &lt; <span class="pl-en">n</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">index</span> <span class="pl-en">b</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">false</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">index</span> <span class="pl-en">a</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">false</span></pre></div>
+<h4>
+<a id="user-content-is_superset_vec" class="anchor" href="#is_superset_vec" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>is_superset_vec</h4>
+<p>The property that the non-zero bits of b are also non-zero in a.
+I.e. that a is a superset of b.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">is_superset_vec</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-c1">nat).</span> <span class="pl-en">i</span> &lt; <span class="pl-en">n</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">index</span> <span class="pl-en">b</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">true</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">index</span> <span class="pl-en">a</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">true</span></pre></div>
+<h4>
+<a id="user-content-lemma_slice_subset_vec" class="anchor" href="#lemma_slice_subset_vec" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lemma_slice_subset_vec</h4>
+<p>Proves that the subset property is conserved in subslices.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lemma_slice_subset_vec</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">j</span><span class="pl-c1">:</span> <span class="pl-c1">nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">j</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">j</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">})</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">is_subset_vec</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">ensures</span>
+        <span class="pl-c1">(</span><span class="pl-k">match</span> <span class="pl-en">n</span> <span class="pl-k">with</span>
+          <span class="pl-c1">|</span> <span class="pl-c1">1</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span>
+          <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">is_subset_vec</span> <span class="pl-c1">#(</span><span class="pl-en">j</span> <span class="pl-c1">-</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">a</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">b</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)))</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<h4>
+<a id="user-content-lemma_slice_superset_vec" class="anchor" href="#lemma_slice_superset_vec" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lemma_slice_superset_vec</h4>
+<p>Proves that the superset property is conserved in subslices.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lemma_slice_superset_vec</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">j</span><span class="pl-c1">:</span> <span class="pl-c1">nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">j</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">j</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">})</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">is_superset_vec</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">ensures</span>
+        <span class="pl-c1">(</span><span class="pl-k">match</span> <span class="pl-en">n</span> <span class="pl-k">with</span>
+          <span class="pl-c1">|</span> <span class="pl-c1">1</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span>
+          <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">is_superset_vec</span> <span class="pl-c1">#(</span><span class="pl-en">j</span> <span class="pl-c1">-</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">a</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">b</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)))</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<h2>
+<a id="user-content-shift-operators" class="anchor" href="#shift-operators" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Shift operators</h2>
+<p>Note: the shift amount is extracted as a bitvector
+NS: Not sure what this remark means.</p>
+<h4>
+<a id="user-content-shift_left_vec" class="anchor" href="#shift_left_vec" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>shift_left_vec</h4>
+<p>Shift <code>a</code> left by <code>s</code> bits, filling with zeroes</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">shift_left_vec</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">s</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">n</span> <span class="pl-k">then</span> <span class="pl-en">zero_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-en">a</span> <span class="pl-k">else</span> <span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">a</span> <span class="pl-en">s</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">zero_vec</span> <span class="pl-c1">#</span><span class="pl-en">s</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-shift_left_vec_lemma_1" class="anchor" href="#shift_left_vec_lemma_1" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>shift_left_vec_lemma_1</h4>
+<p>The fill bits of a shift left are zero</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">shift_left_vec_lemma_1</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-c1">nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">i</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">s</span><span class="pl-c1">})</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">shift_left_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">false</span><span class="pl-c1">)</span>
+      <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">shift_left_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<h4>
+<a id="user-content-shift_left_vec_lemma_2" class="anchor" href="#shift_left_vec_lemma_2" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>shift_left_vec_lemma_2</h4>
+<p>Relating the indexes of the shifted vector to the original</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">shift_left_vec_lemma_2</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-c1">nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">i</span> &lt; <span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">s</span><span class="pl-c1">})</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">shift_left_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">index</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">+</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+      <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">shift_left_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<h4>
+<a id="user-content-shift_right_vec" class="anchor" href="#shift_right_vec" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>shift_right_vec</h4>
+<p>Shift <code>a</code> right by <code>s</code> bits, filling with zeroes</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">shift_right_vec</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">s</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">n</span> <span class="pl-k">then</span> <span class="pl-en">zero_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-en">a</span> <span class="pl-k">else</span> <span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">zero_vec</span> <span class="pl-c1">#</span><span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">a</span> <span class="pl-c1">0</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">s</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-shift_right_vec_lemma_1" class="anchor" href="#shift_right_vec_lemma_1" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>shift_right_vec_lemma_1</h4>
+<p>The fill bits of a shift right are zero</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">shift_right_vec_lemma_1</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-c1">nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">i</span> &lt; <span class="pl-en">s</span><span class="pl-c1">})</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">shift_right_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">false</span><span class="pl-c1">)</span>
+      <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">shift_right_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<h4>
+<a id="user-content-shift_right_vec_lemma_2" class="anchor" href="#shift_right_vec_lemma_2" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>shift_right_vec_lemma_2</h4>
+<p>Relating the indexes of the shifted vector to the original</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">shift_right_vec_lemma_2</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-c1">nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">i</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">s</span><span class="pl-c1">})</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">shift_right_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">index</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">-</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+      <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">shift_right_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<h4>
+<a id="user-content-shift_arithmetic_right_vec" class="anchor" href="#shift_arithmetic_right_vec" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>shift_arithmetic_right_vec</h4>
+<p>Arithmetic shift right of <code>a</code>, interpreting position <code>0</code> as the
+most-significant bit, and using its value to fill</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">shift_arithmetic_right_vec</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">index</span> <span class="pl-en">a</span> <span class="pl-c1">0</span>
+  <span class="pl-k">then</span> <span class="pl-k">if</span> <span class="pl-en">s</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">n</span> <span class="pl-k">then</span> <span class="pl-en">ones_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-en">a</span> <span class="pl-k">else</span> <span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">ones_vec</span> <span class="pl-c1">#</span><span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">a</span> <span class="pl-c1">0</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+  <span class="pl-k">else</span> <span class="pl-en">shift_right_vec</span> <span class="pl-en">a</span> <span class="pl-en">s</span></pre></div>
+<h4>
+<a id="user-content-shift_arithmetic_right_vec_lemma_1" class="anchor" href="#shift_arithmetic_right_vec_lemma_1" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>shift_arithmetic_right_vec_lemma_1</h4>
+<p>The fill bits of arithmetic shift right is the value of its
+most-significant bit (position zero)</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">shift_arithmetic_right_vec_lemma_1</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-c1">nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">i</span> &lt; <span class="pl-en">s</span><span class="pl-c1">})</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">shift_arithmetic_right_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">index</span> <span class="pl-en">a</span> <span class="pl-c1">0</span><span class="pl-c1">)</span>
+      <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">shift_arithmetic_right_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<h4>
+<a id="user-content-shift_arithmetic_right_vec_lemma_2" class="anchor" href="#shift_arithmetic_right_vec_lemma_2" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>shift_arithmetic_right_vec_lemma_2</h4>
+<p>Relating the indexes of the shifted vector to the original</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">shift_arithmetic_right_vec_lemma_2</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-c1">nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">i</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">s</span><span class="pl-c1">})</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">shift_arithmetic_right_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">index</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">-</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+      <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">shift_arithmetic_right_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Bytes.html b/docs/FStar.Bytes.html
index ead489d..58c57fb 100644
--- a/docs/FStar.Bytes.html
+++ b/docs/FStar.Bytes.html
@@ -1,70 +1,283 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Bytes</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.bytes">module FStar.Bytes</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">typeabbrev </code></pre></div>
+<h1>
+<a id="user-content-fstarbytes" class="anchor" href="#fstarbytes" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Bytes</h1>
+<p>A standard library for manipulation of value bytes.</p>
+<p>This model is realized by Bytes.bytes in OCaml and by
+struct {uintX_t size; char *bytes} (or similar) in C.</p>
+<p>This file is essentially a specialized version of FStar.Seq,
+with lemmas and refinements taylored for typical operations on
+bytes, and with support for machine integers and C-extractible versions
+(which Seq does not provide.)</p>
+<p>@summary Value bytes standard library</p>
+<ul>
+<li>Aliases module <a href="FStar.Seq.html"> FStar.Seq</a> as <code>S </code>
+</li>
+<li>Aliases module <a href="FStar.UInt.html"> FStar.UInt</a> as <code>U </code>
+</li>
+<li>Aliases module <a href="FStar.UInt8.html"> FStar.UInt8</a> as <code>U8 </code>
+</li>
+<li>Aliases module <a href="FStar.UInt16.html"> FStar.UInt16</a> as <code>U16 </code>
+</li>
+<li>Aliases module <a href="FStar.UInt32.html"> FStar.UInt32</a> as <code>U32 </code>
+</li>
+<li>Aliases module <a href="FStar.UInt64.html"> FStar.UInt64</a> as <code>U64 </code>
+</li>
+<li>Aliases module <a href="FStar.String.html"> FStar.String</a> as <code>Str </code>
+</li>
+<li>Aliases module <a href="FStar.Char.html"> FStar.Char</a> as <code>Chr </code>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">u8</span> <span class="pl-c1">=</span> <span class="pl-smi">U8.</span><span class="pl-en">t</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">u16</span> <span class="pl-c1">=</span> <span class="pl-smi">U16.</span><span class="pl-en">t</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">u32</span> <span class="pl-c1">=</span> <span class="pl-smi">U32.</span><span class="pl-en">t</span></pre></div>
+<h4>
+<a id="user-content-byte" class="anchor" href="#byte" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>byte</h4>
 <p>Realized by uint8_t in C and int in OCaml (char does not have necessary operators...)</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> bytes:t:Type0:{hasEq t}</code></pre></div>
-<p>Realized in C by a pair of a length field and uint8_t* in C Realized in OCaml by a string</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> reveal:Unidentified product: [bytes] (GTot (S<span class="kw">.</span><span class="dt">seq</span> <span class="dt">byte</span>))</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">type</span> <span class="pl-en">byte</span> <span class="pl-c1">=</span> <span class="pl-en">u8</span></pre></div>
+<h4>
+<a id="user-content-bytes" class="anchor" href="#bytes" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>bytes</h4>
+<p>Realized in C by a pair of a length field and uint8_t* in C
+Realized in OCaml by a string</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">bytes</span> <span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">:Type0{</span><span class="pl-k">hasEq</span> <span class="pl-en">t</span><span class="pl-c1">}</span>
+<span class="pl-k">val</span> <span class="pl-en">len</span> <span class="pl-c1">:</span> <span class="pl-en">bytes</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">u32</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">length</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">FStar.UInt32.</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">len</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-reveal" class="anchor" href="#reveal" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>reveal</h4>
 <p>representation for specs that need lemmas not defined here.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> get:Unidentified product: [b:bytes] Unidentified product: [pos:pos:u32:{&lt;(U32<span class="kw">.</span>v pos, length b)}] (Pure <span class="dt">byte</span> ((requires True)) ((ensures ((<span class="kw">fun</span> y -&gt; ==(y, S<span class="kw">.</span>index (reveal b) (U32<span class="kw">.</span>v pos)))))))</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">reveal</span><span class="pl-c1">:</span>
+    <span class="pl-en">bytes</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">seq</span> <span class="pl-en">byte</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">length_reveal</span><span class="pl-c1">:</span>
+    <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">bytes</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+          <span class="pl-c1">[</span><span class="pl-k">SMTPatOr</span> <span class="pl-c1">[[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">x</span><span class="pl-c1">))];</span>
+                     <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">len</span> <span class="pl-en">x</span><span class="pl-c1">)]]]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">hide</span><span class="pl-c1">:</span>
+    <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">S.</span><span class="pl-en">seq</span> <span class="pl-en">byte</span><span class="pl-c1">{</span><span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s</span> &lt; <span class="pl-en">pow2</span> <span class="pl-c1">32</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-en">bytes</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">hide_reveal</span><span class="pl-c1">:</span>
+    <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">bytes</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">hide</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+          <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">x</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">reveal_hide</span><span class="pl-c1">:</span>
+    <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-smi">S.</span><span class="pl-en">seq</span> <span class="pl-en">byte</span><span class="pl-c1">{</span><span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">x</span> &lt; <span class="pl-en">pow2</span> <span class="pl-c1">32</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-c1">(</span><span class="pl-en">hide</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+          <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">hide</span> <span class="pl-en">x</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">lbytes</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:nat)</span> <span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">l</span><span class="pl-c1">}</span>
+<span class="pl-k">type</span> <span class="pl-en">kbytes</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:nat)</span> <span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">b</span> &lt; <span class="pl-en">pow2</span> <span class="pl-en">k</span><span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lbytes32</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span><span class="pl-c1">{</span><span class="pl-en">len</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">l</span><span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">empty_bytes</span> <span class="pl-c1">:</span> <span class="pl-en">lbytes</span> <span class="pl-c1">0</span>
+<span class="pl-k">val</span> <span class="pl-en">empty_unique</span><span class="pl-c1">:</span>
+    <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">empty_bytes</span><span class="pl-c1">)</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">len</span> <span class="pl-en">b</span><span class="pl-c1">)]</span></pre></div>
+<h4>
+<a id="user-content-get" class="anchor" href="#get" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>get</h4>
 <p>If you statically know the length, it is OK to read at arbitrary indexes</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> create:Unidentified product: [len:u32] Unidentified product: [v:<span class="dt">byte</span>] b:lbytes (U32<span class="kw">.</span>v len):{forall i:i:u32:{<span class="kw">let</span> <span class="ot">open</span> U32 <span class="kw">in</span> &lt;^(i, len)}.{:pattern .[](b, i)} ==(.[](b, i), v)}</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">get</span><span class="pl-c1">:</span>
+    <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">pos:</span><span class="pl-en">u32</span><span class="pl-c1">{</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-c1">pos</span> &lt; <span class="pl-en">length</span> <span class="pl-en">b</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-en">byte</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-smi">S.</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-c1">pos)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_String_Access</span> <span class="pl-c1">=</span> <span class="pl-en">get</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">length</span> <span class="pl-en">b</span><span class="pl-c1">})</span> <span class="pl-c1">=</span> <span class="pl-en">get</span> <span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">uint_to_t</span> <span class="pl-en">i</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">equal</span> <span class="pl-en">b1</span> <span class="pl-en">b2</span> <span class="pl-c1">=</span>
+  <span class="pl-en">length</span> <span class="pl-en">b1</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">b2</span> <span class="pl-c1">/\</span>
+  <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">u32</span><span class="pl-c1">{</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">i</span> &lt; <span class="pl-en">length</span> <span class="pl-en">b1</span><span class="pl-c1">}).{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">b1</span><span class="pl-c1">.[</span><span class="pl-en">i</span><span class="pl-c1">]);</span> <span class="pl-c1">(</span><span class="pl-en">b2</span><span class="pl-c1">.[</span><span class="pl-en">i</span><span class="pl-c1">])}</span> <span class="pl-en">b1</span><span class="pl-c1">.[</span><span class="pl-en">i</span><span class="pl-c1">]</span> <span class="pl-c1">==</span> <span class="pl-en">b2</span><span class="pl-c1">.[</span><span class="pl-en">i</span><span class="pl-c1">])</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">extensionality</span><span class="pl-c1">:</span>
+    <span class="pl-en">b1</span><span class="pl-c1">:</span><span class="pl-en">bytes</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">b2</span><span class="pl-c1">:</span><span class="pl-en">bytes</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">b1</span> <span class="pl-en">b2</span><span class="pl-c1">))</span>
+          <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">b1</span> <span class="pl-c1">=</span> <span class="pl-en">b2</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-create" class="anchor" href="#create" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>create</h4>
 <p>creating byte values *</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> append:Unidentified product: [b1:bytes] Unidentified product: [b2:bytes] (Pure bytes ((requires (UInt<span class="kw">.</span>size (+(length b1, length b2)) U32<span class="kw">.</span>n))) ((ensures ((<span class="kw">fun</span> b -&gt; ==(reveal b, S<span class="kw">.</span>append (reveal b1) (reveal b2)))))))</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">create</span><span class="pl-c1">:</span>
+    <span class="pl-en">len</span><span class="pl-c1">:</span><span class="pl-en">u32</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">byte</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">lbytes</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">len</span><span class="pl-c1">){</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">u32</span><span class="pl-c1">{</span><span class="pl-smi">U32.</span><span class="pl-c1">(</span><span class="pl-en">i</span> &lt;<span class="pl-c1">^</span> <span class="pl-en">len</span><span class="pl-c1">)}).{:pattern</span> <span class="pl-en">b</span><span class="pl-c1">.[</span><span class="pl-en">i</span><span class="pl-c1">]}</span> <span class="pl-en">b</span><span class="pl-c1">.[</span><span class="pl-en">i</span><span class="pl-c1">]</span> <span class="pl-c1">==</span> <span class="pl-en">v</span><span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">create_</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat{</span><span class="pl-smi">FStar.UInt.</span><span class="pl-en">size</span> <span class="pl-en">n</span> <span class="pl-smi">U32.</span><span class="pl-en">n</span><span class="pl-c1">})</span> <span class="pl-en">v</span> <span class="pl-c1">=</span> <span class="pl-en">create</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">uint_to_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-en">v</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">init</span><span class="pl-c1">:</span>
+    <span class="pl-en">len</span><span class="pl-c1">:</span><span class="pl-en">u32</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">u32</span><span class="pl-c1">{</span><span class="pl-smi">U32.</span><span class="pl-c1">(</span><span class="pl-en">i</span> &lt;<span class="pl-c1">^</span> <span class="pl-en">len</span><span class="pl-c1">)}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">byte</span><span class="pl-c1">)</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">lbytes</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">len</span><span class="pl-c1">){</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">u32</span><span class="pl-c1">{</span><span class="pl-smi">U32.</span><span class="pl-c1">(</span><span class="pl-en">i</span> &lt;<span class="pl-c1">^</span> <span class="pl-en">len</span><span class="pl-c1">)}).{:pattern</span> <span class="pl-en">b</span><span class="pl-c1">.[</span><span class="pl-en">i</span><span class="pl-c1">]}</span> <span class="pl-en">b</span><span class="pl-c1">.[</span><span class="pl-en">i</span><span class="pl-c1">]</span> <span class="pl-c1">==</span> <span class="pl-en">f</span> <span class="pl-en">i</span><span class="pl-c1">}</span></pre></div>
+<p>this is a hack JROESCH
+admit () create 1ul b</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">abyte</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">byte</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">lbytes</span> <span class="pl-c1">1</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">twobytes</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">byte</span>*<span class="pl-en">byte</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">lbytes</span> <span class="pl-c1">2</span></pre></div>
+<p>init 2ul (fun i -&gt; if i = 0ul then fst b else snd b)</p>
+<h4>
+<a id="user-content-append" class="anchor" href="#append" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>append</h4>
 <p>appending bytes *</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> (fits_in_k_bytes (n:nat) (k:nat)):FStar<span class="kw">.</span>UInt<span class="kw">.</span>size n (op_Multiply <span class="dv">8</span> k)</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">append</span><span class="pl-c1">:</span>
+    <span class="pl-en">b1</span><span class="pl-c1">:</span><span class="pl-en">bytes</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">b2</span><span class="pl-c1">:</span><span class="pl-en">bytes</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-en">bytes</span>
+         <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">UInt.</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">b1</span> <span class="pl-c1">+</span> <span class="pl-en">length</span> <span class="pl-en">b2</span><span class="pl-c1">)</span> <span class="pl-smi">U32.</span><span class="pl-en">n</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">reveal</span> <span class="pl-en">b</span> <span class="pl-c1">==</span> <span class="pl-smi">S.</span><span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">b1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">b2</span><span class="pl-c1">)))</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_At_Bar</span> <span class="pl-c1">=</span> <span class="pl-en">append</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">slice</span><span class="pl-c1">:</span>
+    <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">u32</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">e</span><span class="pl-c1">:</span><span class="pl-en">u32</span><span class="pl-c1">{</span><span class="pl-smi">U32.</span><span class="pl-c1">(</span><span class="pl-en">s</span> &lt;<span class="pl-c1">=^</span> <span class="pl-en">e</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">e</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">b</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">bytes</span><span class="pl-c1">{</span><span class="pl-en">reveal</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-smi">Seq.</span><span class="pl-en">slice</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">e</span><span class="pl-c1">)}</span>
+<span class="pl-k">let</span> <span class="pl-en">slice_</span> <span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">e</span><span class="pl-c1">:nat{</span><span class="pl-en">s</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">e</span> <span class="pl-c1">/\</span> <span class="pl-en">e</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">b</span><span class="pl-c1">})</span> <span class="pl-c1">=</span> <span class="pl-en">slice</span> <span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">uint_to_t</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">uint_to_t</span> <span class="pl-en">e</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sub</span><span class="pl-c1">:</span>
+    <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">u32</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">u32</span><span class="pl-c1">{</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">s</span> <span class="pl-c1">+</span> <span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">l</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">b</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">bytes</span><span class="pl-c1">{</span><span class="pl-en">reveal</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-smi">Seq.</span><span class="pl-en">slice</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">s</span> <span class="pl-c1">+</span> <span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">l</span><span class="pl-c1">)}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">split</span><span class="pl-c1">:</span>
+    <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">k</span><span class="pl-c1">:</span><span class="pl-en">u32</span><span class="pl-c1">{</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">k</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">b</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">bytes</span>*<span class="pl-en">bytes</span><span class="pl-c1">){</span>
+     <span class="pl-k">let</span> <span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">p</span> <span class="pl-k">in</span>
+     <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-en">reveal</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-smi">Seq.</span><span class="pl-en">split</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">k</span><span class="pl-c1">)}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">split_</span> <span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:nat{</span><span class="pl-smi">FStar.UInt.</span><span class="pl-en">size</span> <span class="pl-en">k</span> <span class="pl-smi">U32.</span><span class="pl-en">n</span> <span class="pl-c1">/\</span> <span class="pl-en">k</span> &lt; <span class="pl-en">length</span> <span class="pl-en">b</span><span class="pl-c1">})</span> <span class="pl-c1">=</span> <span class="pl-en">split</span> <span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">uint_to_t</span> <span class="pl-en">k</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-fits_in_k_bytes" class="anchor" href="#fits_in_k_bytes" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>fits_in_k_bytes</h4>
 <p>Interpret a sequence of bytes as a mathematical integer encoded in big endian *</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> repr_bytes:Unidentified product: [n:nat] k:pos:{fits_in_k_bytes n k}</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">fits_in_k_bytes</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:nat)</span> <span class="pl-c1">=</span> <span class="pl-smi">FStar.UInt.</span><span class="pl-en">size</span> <span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">op_Multiply</span> <span class="pl-c1">8</span> <span class="pl-en">k</span><span class="pl-c1">)</span>
+<span class="pl-k">type</span> <span class="pl-en">uint_k</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:nat)</span> <span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">:nat{</span><span class="pl-en">fits_in_k_bytes</span> <span class="pl-en">n</span> <span class="pl-en">k</span><span class="pl-c1">}</span></pre></div>
+<h4>
+<a id="user-content-repr_bytes" class="anchor" href="#repr_bytes" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>repr_bytes</h4>
 <p>repr_bytes n: The number of bytes needed to represent a nat *</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> A better implementation <span class="kw">of</span> BufferBytes, formerly found <span class="kw">in</span> miTLS </code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">repr_bytes</span><span class="pl-c1">:</span>
+    <span class="pl-en">n</span><span class="pl-c1">:nat</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">k</span><span class="pl-c1">:pos{</span><span class="pl-en">fits_in_k_bytes</span> <span class="pl-en">n</span> <span class="pl-en">k</span><span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_repr_bytes_values</span><span class="pl-c1">:</span>
+    <span class="pl-en">n</span><span class="pl-c1">:nat</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span> <span class="pl-k">let</span> <span class="pl-en">k</span> <span class="pl-c1">=</span> <span class="pl-en">repr_bytes</span> <span class="pl-en">n</span> <span class="pl-k">in</span>
+                     <span class="pl-k">if</span> <span class="pl-en">n</span> &lt; <span class="pl-c1">256</span> <span class="pl-k">then</span> <span class="pl-en">k</span><span class="pl-c1">==</span><span class="pl-c1">1</span>
+                     <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">n</span> &lt; <span class="pl-c1">65536</span> <span class="pl-k">then</span> <span class="pl-en">k</span><span class="pl-c1">==</span><span class="pl-c1">2</span>
+                     <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">n</span> &lt; <span class="pl-c1">16777216</span> <span class="pl-k">then</span> <span class="pl-en">k</span><span class="pl-c1">==</span><span class="pl-c1">3</span>
+                     <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">n</span> &lt; <span class="pl-c1">4294967296</span> <span class="pl-k">then</span> <span class="pl-en">k</span><span class="pl-c1">==</span><span class="pl-c1">4</span>
+                     <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">n</span> &lt; <span class="pl-c1">1099511627776</span> <span class="pl-k">then</span> <span class="pl-en">k</span><span class="pl-c1">==</span><span class="pl-c1">5</span>
+                     <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">n</span> &lt; <span class="pl-c1">281474976710656</span> <span class="pl-k">then</span> <span class="pl-en">k</span><span class="pl-c1">==</span><span class="pl-c1">6</span>
+                     <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">n</span> &lt; <span class="pl-c1">72057594037927936</span> <span class="pl-k">then</span> <span class="pl-en">k</span><span class="pl-c1">==</span><span class="pl-c1">7</span>
+                     <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">n</span> &lt; <span class="pl-c1">18446744073709551616</span> <span class="pl-k">then</span> <span class="pl-en">k</span><span class="pl-c1">==</span><span class="pl-c1">8</span>
+                     <span class="pl-k">else</span> <span class="pl-c1">True</span> <span class="pl-c1">))</span>
+          <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">repr_bytes</span> <span class="pl-en">n</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">repr_bytes_size</span><span class="pl-c1">:</span>
+    <span class="pl-en">k</span><span class="pl-c1">:nat</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">n</span><span class="pl-c1">:</span><span class="pl-en">uint_k</span> <span class="pl-en">k</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">repr_bytes</span> <span class="pl-en">n</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">k</span><span class="pl-c1">))</span>
+          <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">fits_in_k_bytes</span> <span class="pl-en">n</span> <span class="pl-en">k</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int_of_bytes</span><span class="pl-c1">:</span>
+    <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">uint_k</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">bytes_of_int</span><span class="pl-c1">:</span>
+    <span class="pl-en">k</span><span class="pl-c1">:nat</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">n</span><span class="pl-c1">:nat{</span><span class="pl-en">repr_bytes</span> <span class="pl-en">n</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">k</span> <span class="pl-c1">/\</span> <span class="pl-en">k</span> &lt; <span class="pl-en">pow2</span> <span class="pl-c1">32</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">lbytes</span> <span class="pl-en">k</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int_of_bytes_of_int</span><span class="pl-c1">:</span>
+  <span class="pl-c1">#</span><span class="pl-en">k</span><span class="pl-c1">:nat{</span><span class="pl-en">k</span> &lt;<span class="pl-c1">=</span> <span class="pl-c1">32</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">n</span><span class="pl-c1">:</span><span class="pl-en">uint_k</span> <span class="pl-en">k</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">int_of_bytes</span> <span class="pl-c1">(</span><span class="pl-en">bytes_of_int</span> <span class="pl-en">k</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+          <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">bytes_of_int</span> <span class="pl-en">k</span> <span class="pl-en">n</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">bytes_of_int_of_bytes</span><span class="pl-c1">:</span>
+    <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">b</span> &lt;<span class="pl-c1">=</span> <span class="pl-c1">32</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">bytes_of_int</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">int_of_bytes</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+          <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">int_of_bytes</span> <span class="pl-en">b</span><span class="pl-c1">)]</span></pre></div>
+<p>18-02-25 use <code>uint32</code> instead of <code>int32</code> etc?</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int32_of_bytes</span><span class="pl-c1">:</span>
+    <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">b</span> &lt;<span class="pl-c1">=</span> <span class="pl-c1">4</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">n</span><span class="pl-c1">:</span><span class="pl-en">u32</span><span class="pl-c1">{</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">n</span> <span class="pl-c1">==</span> <span class="pl-en">int_of_bytes</span> <span class="pl-en">b</span><span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int16_of_bytes</span><span class="pl-c1">:</span>
+    <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">b</span> &lt;<span class="pl-c1">=</span> <span class="pl-c1">2</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">n</span><span class="pl-c1">:</span><span class="pl-en">u16</span><span class="pl-c1">{</span><span class="pl-smi">U16.</span><span class="pl-en">v</span> <span class="pl-en">n</span> <span class="pl-c1">==</span> <span class="pl-en">int_of_bytes</span> <span class="pl-en">b</span><span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int8_of_bytes</span><span class="pl-c1">:</span>
+    <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">1</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">n</span><span class="pl-c1">:</span><span class="pl-en">u8</span><span class="pl-c1">{</span><span class="pl-smi">U8.</span><span class="pl-en">v</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-en">int_of_bytes</span> <span class="pl-en">b</span><span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">bytes_of_int32</span><span class="pl-c1">:</span>
+    <span class="pl-en">n</span><span class="pl-c1">:</span><span class="pl-smi">U32.</span><span class="pl-en">t</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">lbytes</span> <span class="pl-c1">4</span><span class="pl-c1">{</span><span class="pl-en">b</span> <span class="pl-c1">==</span> <span class="pl-en">bytes_of_int</span> <span class="pl-c1">4</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">n</span><span class="pl-c1">)}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">bytes_of_int16</span><span class="pl-c1">:</span>
+    <span class="pl-en">n</span><span class="pl-c1">:</span><span class="pl-smi">U16.</span><span class="pl-en">t</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">lbytes</span> <span class="pl-c1">2</span><span class="pl-c1">{</span><span class="pl-en">b</span> <span class="pl-c1">==</span> <span class="pl-en">bytes_of_int</span> <span class="pl-c1">2</span> <span class="pl-c1">(</span><span class="pl-smi">U16.</span><span class="pl-en">v</span> <span class="pl-en">n</span><span class="pl-c1">)}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">bytes_of_int8</span><span class="pl-c1">:</span>
+    <span class="pl-en">n</span><span class="pl-c1">:</span><span class="pl-smi">U8.</span><span class="pl-en">t</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">lbytes</span> <span class="pl-c1">1</span><span class="pl-c1">{</span><span class="pl-en">b</span> <span class="pl-c1">==</span> <span class="pl-en">bytes_of_int</span> <span class="pl-c1">1</span> <span class="pl-c1">(</span><span class="pl-smi">U8.</span><span class="pl-en">v</span> <span class="pl-en">n</span><span class="pl-c1">)}</span></pre></div>
+<p>//////////////////////////////////////////////////////////////////////////////</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">minbytes</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">b</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">xor</span><span class="pl-c1">:</span>
+    <span class="pl-en">n</span><span class="pl-c1">:</span><span class="pl-en">u32</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">b1</span><span class="pl-c1">:</span><span class="pl-en">minbytes</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">b2</span><span class="pl-c1">:</span><span class="pl-en">minbytes</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span><span class="pl-c1">{</span><span class="pl-en">len</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">xor_</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:nat{</span><span class="pl-smi">FStar.UInt.</span><span class="pl-en">size</span> <span class="pl-en">n</span> <span class="pl-smi">U32.</span><span class="pl-en">n</span><span class="pl-c1">})</span> <span class="pl-c1">(</span><span class="pl-en">b1</span><span class="pl-c1">:</span><span class="pl-en">minbytes</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b2</span><span class="pl-c1">:</span><span class="pl-en">minbytes</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">xor</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">uint_to_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-en">b1</span> <span class="pl-en">b2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">xor_commutative</span><span class="pl-c1">:</span>
+    <span class="pl-en">n</span><span class="pl-c1">:</span><span class="pl-en">u32</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">b1</span><span class="pl-c1">:</span><span class="pl-en">minbytes</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">b2</span><span class="pl-c1">:</span><span class="pl-en">minbytes</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">xor</span> <span class="pl-en">n</span> <span class="pl-en">b1</span> <span class="pl-en">b2</span> <span class="pl-c1">==</span> <span class="pl-en">xor</span> <span class="pl-en">n</span> <span class="pl-en">b2</span> <span class="pl-en">b1</span><span class="pl-c1">))</span>
+          <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">xor</span> <span class="pl-en">n</span> <span class="pl-en">b1</span> <span class="pl-en">b2</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">xor_append</span><span class="pl-c1">:</span>
+    <span class="pl-en">b1</span><span class="pl-c1">:</span><span class="pl-en">bytes</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">b2</span><span class="pl-c1">:</span><span class="pl-en">bytes</span><span class="pl-c1">{</span><span class="pl-smi">FStar.UInt.</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">b1</span> <span class="pl-c1">+</span> <span class="pl-en">length</span> <span class="pl-en">b2</span><span class="pl-c1">)</span> <span class="pl-smi">U32.</span><span class="pl-en">n</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">x1</span><span class="pl-c1">:</span><span class="pl-en">bytes</span><span class="pl-c1">{</span><span class="pl-en">len</span> <span class="pl-en">x1</span> <span class="pl-c1">=</span> <span class="pl-en">len</span> <span class="pl-en">b1</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">x2</span><span class="pl-c1">:</span><span class="pl-en">bytes</span><span class="pl-c1">{</span><span class="pl-en">len</span> <span class="pl-en">x2</span> <span class="pl-c1">=</span> <span class="pl-en">len</span> <span class="pl-en">b2</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">xor</span> <span class="pl-smi">U32.</span><span class="pl-c1">(</span><span class="pl-en">len</span> <span class="pl-en">b1</span> <span class="pl-c1">+^</span> <span class="pl-en">len</span> <span class="pl-en">b2</span><span class="pl-c1">)</span>
+                        <span class="pl-c1">(</span><span class="pl-en">b1</span> @<span class="pl-c1">|</span> <span class="pl-en">b2</span><span class="pl-c1">)</span>
+                        <span class="pl-c1">(</span><span class="pl-en">x1</span> @<span class="pl-c1">|</span> <span class="pl-en">x2</span><span class="pl-c1">)</span>
+                    <span class="pl-c1">==</span>
+                    <span class="pl-en">xor</span> <span class="pl-c1">(</span><span class="pl-en">len</span> <span class="pl-en">b1</span><span class="pl-c1">)</span> <span class="pl-en">b1</span> <span class="pl-en">x1</span> @<span class="pl-c1">|</span> <span class="pl-en">xor</span> <span class="pl-c1">(</span><span class="pl-en">len</span> <span class="pl-en">b2</span><span class="pl-c1">)</span> <span class="pl-en">b2</span> <span class="pl-en">x2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">xor_idempotent</span><span class="pl-c1">:</span>
+    <span class="pl-en">n</span><span class="pl-c1">:</span><span class="pl-en">u32</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">b1</span><span class="pl-c1">:</span><span class="pl-en">lbytes</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">b2</span><span class="pl-c1">:</span><span class="pl-en">lbytes</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">xor</span> <span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">xor</span> <span class="pl-en">n</span> <span class="pl-en">b1</span> <span class="pl-en">b2</span><span class="pl-c1">)</span> <span class="pl-en">b2</span> <span class="pl-c1">==</span> <span class="pl-en">b1</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">utf8_encode</span><span class="pl-c1">:</span>
+    <span class="pl-en">s</span><span class="pl-c1">:string{</span><span class="pl-smi">Str.</span><span class="pl-en">maxlen</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-c1">30</span><span class="pl-c1">)}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">b</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">op_Multiply</span> <span class="pl-c1">4</span> <span class="pl-c1">(</span><span class="pl-smi">Str.</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">)}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">iutf8_opt</span><span class="pl-c1">:</span>
+    <span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">bytes</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">option</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:string{</span><span class="pl-smi">Str.</span><span class="pl-en">maxlen</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-c1">30</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">utf8_encode</span> <span class="pl-en">s</span> <span class="pl-c1">==</span> <span class="pl-en">m</span><span class="pl-c1">}))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">string_of_hex</span><span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">string</span></pre></div>
+<p>missing post on the length of the results (exact on constant arguments)</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">bytes_of_hex</span><span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">bytes</span>
+<span class="pl-k">val</span> <span class="pl-en">hex_of_string</span><span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">string</span>
+<span class="pl-k">val</span> <span class="pl-en">hex_of_bytes</span><span class="pl-c1">:</span> <span class="pl-en">bytes</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">string</span>
+<span class="pl-k">val</span> <span class="pl-en">print_bytes</span><span class="pl-c1">:</span> <span class="pl-en">bytes</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">string</span>
+<span class="pl-k">val</span> <span class="pl-en">bytes_of_string</span><span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">bytes</span> <span class="pl-c">//abytes</span></pre></div>
+<p>A better implementation of BufferBytes, formerly found in miTLS</p>
+<ul>
+<li>
+<p>Aliases module <a href="LowStar.Buffer.html"> LowStar.Buffer</a> as <code>B </code></p>
+</li>
+<li>
+<p>Aliases module <a href="LowStar.Modifies.html"> LowStar.Modifies</a> as <code>M </code></p>
+</li>
+<li>
+<p>Opens module <a href="FStar.HyperStack.ST.html">FStar.HyperStack.ST</a></p>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">lbuffer</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">B.</span><span class="pl-en">buffer</span> <span class="pl-smi">UInt8.</span><span class="pl-en">t</span> <span class="pl-c1">{</span><span class="pl-smi">B.</span><span class="pl-en">length</span> <span class="pl-en">b</span> <span class="pl-c1">==</span> <span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">l</span><span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">of_buffer</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">p</span> <span class="pl-c1">#</span><span class="pl-en">q</span><span class="pl-c1">:</span><span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">buf</span><span class="pl-c1">:</span><span class="pl-smi">B.</span><span class="pl-en">mbuffer</span> <span class="pl-smi">UInt8.</span><span class="pl-en">t</span> <span class="pl-en">p</span> <span class="pl-en">q</span><span class="pl-c1">{</span><span class="pl-smi">B.</span><span class="pl-en">length</span> <span class="pl-en">buf</span> <span class="pl-c1">==</span> <span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">l</span><span class="pl-c1">})</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Stack</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">l</span><span class="pl-c1">})</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-smi">B.</span><span class="pl-en">live</span> <span class="pl-en">h0</span> <span class="pl-en">buf</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-en">b</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-smi">B.</span><span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">loc_none</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">hide</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">as_seq</span> <span class="pl-en">h0</span> <span class="pl-en">buf</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">store_bytes</span><span class="pl-c1">:</span> <span class="pl-en">src</span><span class="pl-c1">:</span><span class="pl-en">bytes</span> <span class="pl-c1">{</span> <span class="pl-en">length</span> <span class="pl-en">src</span> &lt;&gt; <span class="pl-c1">0</span> <span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">dst</span><span class="pl-c1">:</span><span class="pl-en">lbuffer</span> <span class="pl-c1">(</span><span class="pl-en">len</span> <span class="pl-en">src</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Stack</span> <span class="pl-c1">unit</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">B.</span><span class="pl-en">live</span> <span class="pl-en">h0</span> <span class="pl-en">dst</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-en">r</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-smi">M.</span><span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-en">dst</span><span class="pl-c1">)</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+      <span class="pl-smi">Seq.</span><span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">src</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">as_seq</span> <span class="pl-en">h1</span> <span class="pl-en">dst</span><span class="pl-c1">)))</span></pre></div>
+<p>JP: let's not add from_bytes here because we want to leave it up to the
+caller to allocate on the stack or on the heap</p>
+
 </body>
 </html>
diff --git a/docs/FStar.Calc.html b/docs/FStar.Calc.html
index 3c303b5..e7f28b4 100644
--- a/docs/FStar.Calc.html
+++ b/docs/FStar.Calc.html
@@ -1,16 +1,86 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Calc</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.calc">module FStar.Calc</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarcalc" class="anchor" href="#fstarcalc" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Calc</h1>
+<ul>
+<li>Opens module [FStar.Preorder (* for <code>relation</code> <em>)](FStar.Preorder (</em> for <code>relation</code> *).html)</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">noeq</span>
+<span class="pl-k">type</span> <span class="pl-en">calc_proof</span> <span class="pl-c1">#</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">relation</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">CalcRefl</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">calc_proof</span> <span class="pl-c1">[]</span> <span class="pl-en">x</span> <span class="pl-en">x</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">CalcStep</span> <span class="pl-c1">:</span> <span class="pl-en">rs</span><span class="pl-c1">:(</span><span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">relation</span> <span class="pl-en">t</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">relation</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+               <span class="pl-c1">#</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">z</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">calc_proof</span> <span class="pl-en">rs</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">calc_proof</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">::</span><span class="pl-en">rs</span><span class="pl-c1">)</span> <span class="pl-en">x</span> <span class="pl-en">z</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">noeq</span>
+<span class="pl-k">type</span> <span class="pl-en">calc_pack</span> <span class="pl-c1">#</span><span class="pl-en">t</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">{</span>
+  <span class="pl-en">rels</span>  <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">relation</span> <span class="pl-en">t</span><span class="pl-c1">);</span>
+  <span class="pl-en">proof</span> <span class="pl-c1">:</span> <span class="pl-en">calc_proof</span> <span class="pl-en">rels</span> <span class="pl-en">x</span> <span class="pl-en">y</span>
+<span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-s"><span class="pl-pds">"</span>opaque_to_smt<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">pk_rels</span> <span class="pl-c1">#</span><span class="pl-en">t</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">#</span><span class="pl-en">y</span> <span class="pl-c1">(</span><span class="pl-en">pk</span> <span class="pl-c1">:</span> <span class="pl-en">calc_pack</span> <span class="pl-c1">#</span><span class="pl-en">t</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">pk</span><span class="pl-c1">.</span><span class="pl-en">rels</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">calc_chain_related</span> <span class="pl-c1">(#</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">rs</span> <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">relation</span> <span class="pl-en">t</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type0</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">rs</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">rs</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">y</span></pre></div>
+<p>GM: The <code>:t</code> annotation below matters a lot for compactness of the formula!</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-en">r1</span><span class="pl-c1">::</span><span class="pl-en">rs</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">exists</span> <span class="pl-c1">(</span><span class="pl-en">w</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">).</span> <span class="pl-en">calc_chain_related</span> <span class="pl-en">rs</span> <span class="pl-en">x</span> <span class="pl-en">w</span> <span class="pl-c1">/\</span> <span class="pl-en">r1</span> <span class="pl-en">w</span> <span class="pl-en">y</span></pre></div>
+<p>Every chain of <code>t</code>'s related by <code>rs</code> <strong>(reversed!)</strong> has its endpoints related by p</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-s"><span class="pl-pds">"</span>opaque_to_smt<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">calc_chain_compatible</span> <span class="pl-c1">(#</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">rs</span> <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">relation</span> <span class="pl-en">t</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">:</span> <span class="pl-en">relation</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type0</span> <span class="pl-c1">=</span>
+  <span class="pl-k">forall</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">.</span> <span class="pl-en">calc_chain_related</span> <span class="pl-en">rs</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">y</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-s"><span class="pl-pds">"</span>opaque_to_smt<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">elim_calc_proof</span> <span class="pl-c1">#</span><span class="pl-en">t</span> <span class="pl-en">rs</span> <span class="pl-c1">(#</span><span class="pl-en">x</span> <span class="pl-c1">#</span><span class="pl-en">y</span> <span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">pf</span> <span class="pl-c1">:</span> <span class="pl-en">calc_proof</span> <span class="pl-en">rs</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">calc_chain_related</span> <span class="pl-en">rs</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">pf</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">pf</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">CalcRefl</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">CalcStep</span> <span class="pl-en">rs</span> <span class="pl-c1">#</span><span class="pl-en">p'</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">#</span><span class="pl-en">y</span> <span class="pl-c1">#</span><span class="pl-en">z</span> <span class="pl-en">pf</span> <span class="pl-en">p'xy</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">elim_calc_proof</span> <span class="pl-en">rs</span> <span class="pl-en">pf</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-s"><span class="pl-pds">"</span>opaque_to_smt<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">_calc_init</span> <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">calc_proof</span> <span class="pl-c1">[]</span> <span class="pl-en">x</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">CalcRefl</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-s"><span class="pl-pds">"</span>opaque_to_smt<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">calc_init</span> <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">calc_pack</span> <span class="pl-en">x</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">{</span> <span class="pl-en">rels</span> <span class="pl-c1">=</span> <span class="pl-c1">[];</span> <span class="pl-en">proof</span> <span class="pl-c1">=</span> <span class="pl-en">_calc_init</span> <span class="pl-en">x</span> <span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-s"><span class="pl-pds">"</span>opaque_to_smt<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">_calc_step</span> <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rs</span> <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">relation</span> <span class="pl-en">t</span><span class="pl-c1">))</span> <span class="pl-c1">(#</span><span class="pl-en">x</span> <span class="pl-c1">#</span><span class="pl-en">y</span> <span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+         <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">:</span> <span class="pl-en">relation</span> <span class="pl-en">t</span><span class="pl-c1">)</span>                         <span class="pl-c"><span class="pl-c">(*</span> Relation for this step <span class="pl-c">*)</span></span>
+         <span class="pl-c1">(</span><span class="pl-en">z</span> <span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">)</span>                                  <span class="pl-c"><span class="pl-c">(*</span> Next expression <span class="pl-c">*)</span></span>
+         <span class="pl-c1">(</span><span class="pl-en">pf</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">calc_proof</span> <span class="pl-en">rs</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">))</span>  <span class="pl-c"><span class="pl-c">(*</span> Rest of the proof <span class="pl-c">*)</span></span>
+         <span class="pl-c1">(</span><span class="pl-en">j</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">)))</span>       <span class="pl-c"><span class="pl-c">(*</span> Justification, thunked to avoid confusion such as #1397 <span class="pl-c">*)</span></span>
+         <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">calc_proof</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">::</span><span class="pl-en">rs</span><span class="pl-c1">)</span> <span class="pl-en">x</span> <span class="pl-en">z</span><span class="pl-c1">)</span></pre></div>
+<p>Need to annotate #p seemingly due to #1486</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">=</span> <span class="pl-c1">CalcStep</span> <span class="pl-en">rs</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-en">pf</span> <span class="pl-c1">())</span> <span class="pl-c1">(</span><span class="pl-en">j</span> <span class="pl-c1">())</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-s"><span class="pl-pds">"</span>opaque_to_smt<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">calc_step</span> <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">x</span> <span class="pl-c1">#</span><span class="pl-en">y</span> <span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">:</span> <span class="pl-en">relation</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+         <span class="pl-c1">(</span><span class="pl-en">z</span> <span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+         <span class="pl-c1">(</span><span class="pl-en">pf</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">calc_pack</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">j</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">)))</span>
+         <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">calc_pack</span> <span class="pl-en">x</span> <span class="pl-en">z</span><span class="pl-c1">)</span>
+         <span class="pl-c1">=</span>
+         <span class="pl-k">let</span> <span class="pl-en">pk</span> <span class="pl-c1">=</span> <span class="pl-en">pf</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+         <span class="pl-c1">{</span> <span class="pl-en">rels</span> <span class="pl-c1">=</span> <span class="pl-en">p</span><span class="pl-c1">::</span><span class="pl-en">pk</span><span class="pl-c1">.</span><span class="pl-en">rels</span> <span class="pl-c1">;</span> <span class="pl-en">proof</span> <span class="pl-c1">=</span> <span class="pl-en">_calc_step</span> <span class="pl-en">p</span> <span class="pl-en">z</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">pk</span><span class="pl-c1">.</span><span class="pl-en">proof</span><span class="pl-c1">)</span> <span class="pl-en">j</span> <span class="pl-c1">}</span></pre></div>
+<p>let _calc_finish (#t:Type) (#rs : list (relation t)) (p : relation t) (#x #y : t) (pf : unit -&gt; calc_proof rs x y)</p>
+<p>: Lemma (requires (norm <code>delta_only ``%calc_chain_compatible; </code>%calc_chain_related`;</p>
+<p>iota;</p>
+<p>zeta] (calc_chain_compatible rs p)))</p>
+<p>(ensures (p x y))</p>
+<p>= elim_calc_proof rs (pf ())</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-s"><span class="pl-pds">"</span>opaque_to_smt<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">calc_finish</span> <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">:</span> <span class="pl-en">relation</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">x</span> <span class="pl-c1">#</span><span class="pl-en">y</span> <span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">pf</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">calc_pack</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">))</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">norm</span> <span class="pl-c1">[</span><span class="pl-en">delta_only</span> <span class="pl-c1">[`</span>%<span class="pl-en">calc_chain_compatible</span><span class="pl-c1">;</span> <span class="pl-c1">`</span>%<span class="pl-en">calc_chain_related</span><span class="pl-c1">;</span>
+                                       <span class="pl-s"><span class="pl-pds">"</span>FStar.Calc.__proj__Mkcalc_pack__item__rels<span class="pl-pds">"</span></span><span class="pl-c1">;</span>
+                                       <span class="pl-c1">`</span>%<span class="pl-en">calc_step</span><span class="pl-c1">;</span> <span class="pl-c1">`</span>%<span class="pl-en">_calc_step</span><span class="pl-c1">;</span>
+                                       <span class="pl-c1">`</span>%<span class="pl-en">calc_init</span><span class="pl-c1">;</span> <span class="pl-c1">`</span>%<span class="pl-en">_calc_init</span><span class="pl-c1">;</span> <span class="pl-c1">`</span>%<span class="pl-en">pk_rels</span><span class="pl-c1">];</span>
+                           <span class="pl-en">iota</span><span class="pl-c1">;</span>
+                           <span class="pl-en">zeta</span><span class="pl-c1">]</span> <span class="pl-c1">(</span><span class="pl-en">labeled</span> <span class="pl-en">range_0</span> <span class="pl-s"><span class="pl-pds">"</span>Could not prove that this calc-chain is compatible<span class="pl-pds">"</span></span>
+                                            <span class="pl-c1">(</span><span class="pl-en">calc_chain_compatible</span> <span class="pl-c1">(</span><span class="pl-en">pk_rels</span> <span class="pl-c1">(</span><span class="pl-en">pf</span> <span class="pl-c1">()))</span> <span class="pl-en">p</span><span class="pl-c1">))))</span>
+          <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-en">pk</span> <span class="pl-c1">=</span> <span class="pl-en">pf</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+    <span class="pl-en">elim_calc_proof</span> <span class="pl-en">pk</span><span class="pl-c1">.</span><span class="pl-en">rels</span> <span class="pl-en">pk</span><span class="pl-c1">.</span><span class="pl-en">proof</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">calc_push_impl</span> <span class="pl-c1">(#</span><span class="pl-en">p</span> <span class="pl-c1">#</span><span class="pl-en">q</span> <span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-c1">:</span> <span class="pl-k">squash</span> <span class="pl-en">p</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-en">q</span><span class="pl-c1">))</span> <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">q</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">calc_push_impl</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">#</span><span class="pl-en">q</span> <span class="pl-en">f</span> <span class="pl-c1">=</span> <span class="pl-smi">Classical.</span><span class="pl-en">arrow_to_impl</span> <span class="pl-en">f</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Char.html b/docs/FStar.Char.html
index ebc9e68..ea8528e 100644
--- a/docs/FStar.Char.html
+++ b/docs/FStar.Char.html
@@ -1,16 +1,75 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Char</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.char">module FStar.Char</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarchar" class="anchor" href="#fstarchar" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Char</h1>
+<blockquote>
+<p>This module provides the <code>char</code> type, an abstract type
+representing UTF-8 characters.</p>
+<p>UTF-8 characters are representing in a variable-length encoding of
+between 1 and 4 bytes, with a maximum of 21 bits used to represent
+a code.</p>
+<p>See <a href="https://en.wikipedia.org/wiki/UTF-8" rel="nofollow">https://en.wikipedia.org/wiki/UTF-8</a> and
+<a href="https://erratique.ch/software/uucp/doc/unicode.html" rel="nofollow">https://erratique.ch/software/uucp/doc/unicode.html</a></p>
+</blockquote>
+<ul>
+<li>Aliases module <a href="FStar.UInt32.html"> FStar.UInt32</a> as <code>U32 </code>
+</li>
+</ul>
+<h4>
+<a id="user-content-chareqtype" class="anchor" href="#chareqtype" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>char:eqtype</h4>
+<p><code>char</code> is a new primitive type with decidable equality</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">new</span>
+<span class="pl-k">val</span> <span class="pl-en">char</span><span class="pl-c1">:eqtype</span></pre></div>
+<h4>
+<a id="user-content-char_code" class="anchor" href="#char_code" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>char_code</h4>
+<p>A <a href="#char_code"><code>char_code</code></a> is the representation of a UTF-8 char code in
+an unsigned 32-bit integer whose value is at most 2^21</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">char_code</span> <span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-smi">U32.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">n</span> &lt; <span class="pl-en">pow2</span> <span class="pl-c1">21</span><span class="pl-c1">}</span></pre></div>
+<h4>
+<a id="user-content-u32_of_char" class="anchor" href="#u32_of_char" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>u32_of_char</h4>
+<p>A primitive to extract the <a href="#char_code"><code>char_code</code></a> of a <code>char</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">u32_of_char</span><span class="pl-c1">:</span> <span class="pl-en">char</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">char_code</span></pre></div>
+<h4>
+<a id="user-content-char_of_u32" class="anchor" href="#char_of_u32" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>char_of_u32</h4>
+<p>A primitive to promote a <a href="#char_code"><code>char_code</code></a> to a <code>char</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">char_of_u32</span><span class="pl-c1">:</span> <span class="pl-en">char_code</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">char</span></pre></div>
+<h4>
+<a id="user-content-char_of_u32_of_char" class="anchor" href="#char_of_u32_of_char" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>char_of_u32_of_char</h4>
+<p>Encoding and decoding from <code>char</code> to <a href="#char_code"><code>char_code</code></a> is the identity</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">char_of_u32_of_char</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">char</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">char_of_u32</span> <span class="pl-c1">(</span><span class="pl-en">u32_of_char</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">c</span><span class="pl-c1">))</span> <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">u32_of_char</span> <span class="pl-en">c</span><span class="pl-c1">)]</span></pre></div>
+<h4>
+<a id="user-content-u32_of_char_of_u32" class="anchor" href="#u32_of_char_of_u32" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>u32_of_char_of_u32</h4>
+<p>Encoding and decoding from <code>char</code> to <a href="#char_code"><code>char_code</code></a> is the identity</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">u32_of_char_of_u32</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">char_code</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">u32_of_char</span> <span class="pl-c1">(</span><span class="pl-en">char_of_u32</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">c</span><span class="pl-c1">))</span> <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">char_of_u32</span> <span class="pl-en">c</span><span class="pl-c1">)]</span></pre></div>
+<h4>
+<a id="user-content-int_of_char" class="anchor" href="#int_of_char" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>int_of_char</h4>
+<p>A couple of utilities to use mathematical integers rather than <code>U32.t</code>
+to represent a <a href="#char_code"><code>char_code</code></a></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">int_of_char</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">char</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">nat</span> <span class="pl-c1">=</span> <span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">u32_of_char</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">char_of_int</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-c1">nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">pow2</span> <span class="pl-c1">21</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-en">char</span> <span class="pl-c1">=</span> <span class="pl-en">char_of_u32</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">uint_to_t</span> <span class="pl-en">i</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-lowercase" class="anchor" href="#lowercase" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lowercase</h4>
+<p>Case conversion</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lowercase</span><span class="pl-c1">:</span> <span class="pl-en">char</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">char</span>
+<span class="pl-k">val</span> <span class="pl-en">uppercase</span><span class="pl-c1">:</span> <span class="pl-en">char</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">char</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#set-options</span> "<span class="pl-s">--lax</span>"</pre></div>
+<p>This private primitive is used internally by the compiler to
+translate character literals with a desugaring-time check of the
+size of the number, rather than an expensive verifiation check.
+Since it is marked private, client programs cannot call it
+directly Since it is marked unfold, it eagerly reduces,
+eliminating the verification overhead of the wrapper</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">__char_of_int</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">:</span> <span class="pl-en">char</span> <span class="pl-c1">=</span> <span class="pl-en">char_of_int</span> <span class="pl-en">x</span>
+<span class="pl-c1">#</span><span class="pl-en">reset</span><span class="pl-c1">-</span><span class="pl-en">options</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Classical.Sugar.html b/docs/FStar.Classical.Sugar.html
new file mode 100644
index 0000000..71eb3ef
--- /dev/null
+++ b/docs/FStar.Classical.Sugar.html
@@ -0,0 +1,181 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+  <title>FStar.Classical.Sugar</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
+</head>
+<body>
+<p>Copyright 2021 Microsoft Research</p>
+<p>Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at</p>
+<pre><code>http://www.apache.org/licenses/LICENSE-2.0
+</code></pre>
+<p>Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.</p>
+<h1>
+<a id="user-content-fstarclassicalsugar" class="anchor" href="#fstarclassicalsugar" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Classical.Sugar</h1>
+<blockquote>
+<p>This module provides a few combinators that are targeted
+by the desugaring phase of the F* front end</p>
+<p>The combinators it provides are fairly standard, except for one
+subtlety. In F*, the typechecking of terms formed using the
+logical connectives is biased from left to right. That is:</p>
+<ul>
+<li>
+<p>In <code>p /\ q</code> and <code>p ==&gt; q</code>, the well-typedness of <code>q</code> is in a
+context assuming <code>squash p</code></p>
+</li>
+<li>
+<p>In <code>p \/ q</code>, the well-typedness of <code>q</code> is in a context assuming
+<code>squash (~p)</code></p>
+</li>
+</ul>
+<p>So, many of these combinators reflect that bias by taking as
+instantiations for <code>q</code> functions that depend on <code>squash p</code> or
+<code>squash (~p)</code>.</p>
+<p>The other subtlety is that the when using these combinators, we
+encapsulate any proof terms provided by the caller within a
+thunk. This is to ensure that if, for instance, the caller simply
+admits a goal, that they do not inadvertently discard any proof
+obligations in the remainder of their programs.</p>
+<p>For example, consider the difference between</p>
+<ol>
+<li>exists_intro a p v (admit()); rest</li>
+</ol>
+<p>and</p>
+<ol start="2">
+<li>exists_intro a p v (fun _ -&gt; admit()); rest</li>
+</ol>
+<p>In (1) the proof of rest is admitted also.</p>
+</blockquote>
+<h4>
+<a id="user-content-forall_elim" class="anchor" href="#forall_elim" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>forall_elim</h4>
+<p>Eliminate a universal quantifier by providing an instantiation</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">forall_elim</span>
+       <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span>
+       <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span>
+       <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+       <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">v</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-exists_elim" class="anchor" href="#exists_elim" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>exists_elim</h4>
+<p>Eliminate an existential quantifier into a proof of a goal <code>q</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">exists_elim</span>
+     <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:Type)</span>
+     <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span>
+     <span class="pl-c1">(#</span><span class="pl-en">q</span><span class="pl-c1">:Type)</span>
+     <span class="pl-c1">($</span><span class="pl-en">s_ex_p</span><span class="pl-c1">:</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">).</span> <span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+     <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-en">q</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-en">q</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-implies_elim" class="anchor" href="#implies_elim" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>implies_elim</h4>
+<p>Eliminate an implication, by providing a proof of the hypothesis
+Note, the proof is thunked</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">implies_elim</span>
+        <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:Type)</span>
+        <span class="pl-c1">(</span><span class="pl-en">q</span><span class="pl-c1">:Type)</span>
+        <span class="pl-c1">(</span><span class="pl-c1">_</span><span class="pl-c1">:</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">q</span><span class="pl-c1">))</span>
+        <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-en">p</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-k">squash</span> <span class="pl-en">q</span>
+  <span class="pl-c1">=</span> <span class="pl-en">f</span><span class="pl-c1">()</span></pre></div>
+<h4>
+<a id="user-content-or_elim" class="anchor" href="#or_elim" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>or_elim</h4>
+<p>Eliminate a disjunction</p>
+<ul>
+<li>The type of q can depend on the ~p</li>
+<li>The right proof can assume both ~p and q</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">or_elim</span>
+        <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:Type)</span>
+        <span class="pl-c1">(</span><span class="pl-en">q</span><span class="pl-c1">:</span><span class="pl-k">squash</span> <span class="pl-c1">(~</span><span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span>
+        <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:Type)</span>
+        <span class="pl-c1">(</span><span class="pl-en">p_or</span><span class="pl-c1">:</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">\/</span> <span class="pl-en">q</span><span class="pl-c1">()))</span>
+        <span class="pl-c1">(</span><span class="pl-en">left</span><span class="pl-c1">:</span><span class="pl-k">squash</span> <span class="pl-en">p</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+        <span class="pl-c1">(</span><span class="pl-en">right</span><span class="pl-c1">:</span><span class="pl-k">squash</span> <span class="pl-c1">(~</span><span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">q</span><span class="pl-c1">())</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-en">r</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-and_elim" class="anchor" href="#and_elim" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>and_elim</h4>
+<p>Eliminate a conjunction</p>
+<ul>
+<li>The type of q can depend on p</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">and_elim</span>
+        <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:Type)</span>
+        <span class="pl-c1">(</span><span class="pl-en">q</span><span class="pl-c1">:</span><span class="pl-k">squash</span> <span class="pl-en">p</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span>
+        <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:Type)</span>
+        <span class="pl-c1">(</span><span class="pl-c1">_</span><span class="pl-c1">:</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">/\</span> <span class="pl-en">q</span><span class="pl-c1">()))</span>
+        <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-k">squash</span> <span class="pl-en">p</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">q</span><span class="pl-c1">())</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-en">r</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-forall_intro" class="anchor" href="#forall_intro" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>forall_intro</h4>
+<p>Introduce a universal quantifier</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">forall_intro</span>
+      <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span>
+      <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span>
+      <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">))))</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-exists_intro" class="anchor" href="#exists_intro" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>exists_intro</h4>
+<p>Introduce an existential quantifier</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">exists_intro</span>
+        <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span>
+        <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span>
+        <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">v</span><span class="pl-c1">))</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-implies_intro" class="anchor" href="#implies_intro" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>implies_intro</h4>
+<p>Introduce an implication</p>
+<ul>
+<li>The type of q can depend on p</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">implies_intro</span>
+        <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:Type)</span>
+        <span class="pl-c1">(</span><span class="pl-en">q</span><span class="pl-c1">:</span><span class="pl-k">squash</span> <span class="pl-en">p</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span>
+        <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-k">squash</span> <span class="pl-en">p</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">q</span><span class="pl-c1">()))))</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">q</span><span class="pl-c1">()))</span></pre></div>
+<h4>
+<a id="user-content-or_intro_left" class="anchor" href="#or_intro_left" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>or_intro_left</h4>
+<p>Introduce an disjunction on the left</p>
+<ul>
+<li>The type of q can depend on ~p</li>
+<li>The proof is thunked to avoid polluting the continuation</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">or_intro_left</span>
+        <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:Type)</span>
+        <span class="pl-c1">(</span><span class="pl-en">q</span><span class="pl-c1">:</span><span class="pl-k">squash</span> <span class="pl-c1">(~</span><span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span>
+        <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-en">p</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">\/</span> <span class="pl-en">q</span><span class="pl-c1">()))</span></pre></div>
+<h4>
+<a id="user-content-or_intro_right" class="anchor" href="#or_intro_right" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>or_intro_right</h4>
+<p>Introduce an disjunction on the right</p>
+<ul>
+<li>The type of q can depend on ~p</li>
+<li>The proof can assume ~p too</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">or_intro_right</span>
+        <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:Type)</span>
+        <span class="pl-c1">(</span><span class="pl-en">q</span><span class="pl-c1">:</span><span class="pl-k">squash</span> <span class="pl-c1">(~</span><span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span>
+        <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-k">squash</span> <span class="pl-c1">(~</span><span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">q</span><span class="pl-c1">()))</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">\/</span> <span class="pl-en">q</span><span class="pl-c1">()))</span></pre></div>
+<h4>
+<a id="user-content-and_intro" class="anchor" href="#and_intro" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>and_intro</h4>
+<p>Introduce a conjunction</p>
+<ul>
+<li>The type of q can depend on p</li>
+<li>The proof in the right case can also assume p</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">and_intro</span>
+        <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:Type)</span>
+        <span class="pl-c1">(</span><span class="pl-en">q</span><span class="pl-c1">:</span><span class="pl-k">squash</span> <span class="pl-en">p</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span>
+        <span class="pl-c1">(</span><span class="pl-en">left</span><span class="pl-c1">:unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-en">p</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">right</span><span class="pl-c1">:</span><span class="pl-k">squash</span> <span class="pl-en">p</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">q</span><span class="pl-c1">()))</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">/\</span> <span class="pl-en">q</span><span class="pl-c1">()))</span></pre></div>
+
+</body>
+</html>
diff --git a/docs/FStar.Classical.html b/docs/FStar.Classical.html
index 0c71dfc..ca66208 100644
--- a/docs/FStar.Classical.html
+++ b/docs/FStar.Classical.html
@@ -1,16 +1,396 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Classical</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.classical">module FStar.Classical</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarclassical" class="anchor" href="#fstarclassical" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Classical</h1>
+<blockquote>
+<p>This module provides various utilities to manipulate the squashed
+logical connectives <code>==&gt;</code>, <code>/\</code>, <code>\/</code>, <code>forall</code>, <code>exists</code> and <code>==</code>,
+defined in Prims in terms of the <code>squash</code> type. See Prims and
+FStar.Squash for basic explanations of the <code>squash</code> type.</p>
+<p>In summary:</p>
+<ul>
+<li>
+<p><code>squash p</code> is proof-irrelevant proof of <code>p</code>, expressed as a unit
+refinement.</p>
+</li>
+<li>
+<p><code>Lemma p</code> is also a proof-irrelevant proof of <code>p</code>, expressed as
+a postcondition of a unit-returning Ghost computation.</p>
+</li>
+</ul>
+<p>We provide several utilities to turn proofs of various
+propositions with non-trivial proof terms into proof-irrelevant,
+classical proofs.</p>
+</blockquote>
+<h4>
+<a id="user-content-give_witness" class="anchor" href="#give_witness" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>give_witness</h4>
+<p><code>give_witness x</code> transforms a constructive proof <code>x:a</code> into a
+proof-irrelevant postcondition. It is similar to
+<code>FStar.Squash.return_squash</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">give_witness</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-c1">_</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-give_witness_from_squash" class="anchor" href="#give_witness_from_squash" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>give_witness_from_squash</h4>
+<p><code>give_witness_from_squash s</code> moves from a unit-refinement to a
+postcondition. It is similar to <code>FStar.Squash.give_proof</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">give_witness_from_squash</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-c1">_</span><span class="pl-c1">:</span> <span class="pl-k">squash</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-lemma_to_squash_gtot" class="anchor" href="#lemma_to_squash_gtot" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lemma_to_squash_gtot</h4>
+<p>This turns a proof-irrelevant postcondition into a squashed proof</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_to_squash_gtot</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type))</span> <span class="pl-c1">($</span><span class="pl-c1">_</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)))</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<h2>
+<a id="user-content-equality" class="anchor" href="#equality" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Equality</h2>
+<h4>
+<a id="user-content-get_equality" class="anchor" href="#get_equality" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>get_equality</h4>
+<p>Turning an equality precondition into returned squash proof,
+similar to <code>FStar.Squash.get_proof</code>, but avoiding an extra squash,
+since <code>==</code> is already squashed.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">get_equality</span> <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">==</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">==</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span></pre></div>
+<h2>
+<a id="user-content-implication" class="anchor" href="#implication" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Implication</h2>
+<h4>
+<a id="user-content-impl_to_arrow" class="anchor" href="#impl_to_arrow" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>impl_to_arrow</h4>
+<p>Turning an <code>a ==&gt; b</code> into a <code>squash a -&gt; squash b</code>. Note <code>a ==&gt; b</code> is
+defined as <code>squash (a -&gt; b)</code>, so this distributes the squash over the arrow.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">impl_to_arrow</span> <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">(</span><span class="pl-c1">_</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-c1">_</span><span class="pl-c1">:</span> <span class="pl-k">squash</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-arrow_to_impl" class="anchor" href="#arrow_to_impl" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>arrow_to_impl</h4>
+<p>The converse of <a href="#impl_to_arrow"><code>impl_to_arrow</code></a></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">arrow_to_impl</span> <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">(</span><span class="pl-c1">_</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-en">b</span><span class="pl-c1">)))</span> <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-impl_intro_gtot" class="anchor" href="#impl_intro_gtot" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>impl_intro_gtot</h4>
+<p>Similar to <a href="#arrow_to_impl"><code>arrow_to_impl</code></a>, but without squashing proofs on the left</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">impl_intro_gtot</span> <span class="pl-c1">(#</span><span class="pl-en">p</span> <span class="pl-c1">#</span><span class="pl-en">q</span><span class="pl-c1">:</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">($</span><span class="pl-c1">_</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-en">q</span><span class="pl-c1">))</span> <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">q</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-impl_intro" class="anchor" href="#impl_intro" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>impl_intro</h4>
+<p>Similar to <a href="#arrow_to_impl"><code>arrow_to_impl</code></a>, but not squashing the proof of <code>p</code> on the LHS.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">impl_intro</span> <span class="pl-c1">(#</span><span class="pl-en">p</span> <span class="pl-c1">#</span><span class="pl-en">q</span><span class="pl-c1">:</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">($</span><span class="pl-c1">_</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-en">q</span><span class="pl-c1">))</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">q</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-move_requires" class="anchor" href="#move_requires" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>move_requires</h4>
+<p>A lemma with a precondition can also be treated as a proof a quantified implication.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">move_requires</span>
+      <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">p</span> <span class="pl-c1">#</span><span class="pl-en">q</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">($</span><span class="pl-c1">_</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">q</span> <span class="pl-en">x</span><span class="pl-c1">))))</span>
+      <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">q</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<p>See the remark at the top of this section comparing nested lemmas
+with SMT pattern to <a href="#move_requires"><code>move_requires</code></a> and <a href="#forall_intro"><code>forall_intro</code></a></p>
+<h4>
+<a id="user-content-move_requires_2" class="anchor" href="#move_requires_2" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>move_requires_2</h4>
+<p>The arity 2 version of <a href="#move_requires"><code>move_requires</code></a></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">move_requires_2</span>
+      <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">p</span> <span class="pl-c1">#</span><span class="pl-en">q</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">($</span><span class="pl-c1">_</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">q</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">))))</span>
+      <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">q</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-move_requires_3" class="anchor" href="#move_requires_3" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>move_requires_3</h4>
+<p>The arity 3 version of <a href="#move_requires"><code>move_requires</code></a></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">move_requires_3</span>
+      <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">p</span> <span class="pl-c1">#</span><span class="pl-en">q</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">($</span><span class="pl-c1">_</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">q</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">))))</span>
+      <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-en">z</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">q</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-impl_intro_gen" class="anchor" href="#impl_intro_gen" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>impl_intro_gen</h4>
+<p>When proving predicate <code>q</code> whose well-formedness depends on the
+predicate <code>p</code>, it is convenient to have <code>q</code> appear only under a
+context where <code>p</code> is know to be valid.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">impl_intro_gen</span> <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">q</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-en">p</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type0))</span> <span class="pl-c1">(</span><span class="pl-c1">_</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-en">p</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">q</span> <span class="pl-c1">())))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">q</span> <span class="pl-c1">())</span></pre></div>
+<h2>
+<a id="user-content-universal-quantification" class="anchor" href="#universal-quantification" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Universal quantification</h2>
+<blockquote>
+<p>Many of the utilities for universal quantification are designed to
+help in the proofs of lemmas that ensure quantified
+postconditions. For example, in order to prove [Lemma (forall
+(x:a). p x)] it is often useful to "get your hands" on a freshly
+introduced variable <code>x</code> and to prove <code>p x</code> for it, i.e., to prove
+<code>x:a -&gt; Lemma (p x)</code> and to turn this into a proof for <code>forall x. p x</code>. Functions like <a href="#forall_intro"><code>forall_intro</code></a> in this module let you do
+just that.</p>
+<p>That said, it may often be more convenient to prove such
+properties using local lemmas in inner scopes. For example, here
+are two proof sketches for <code>forall x. p x</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">assume</span>
+<span class="pl-k">val</span> <span class="pl-en">p</span> <span class="pl-c1">:</span> <span class="pl-c1">nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">prop</span>
+
+<span class="pl-k">let</span> <span class="pl-en">proof1</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">lem</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:nat)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+    <span class="pl-c1">=</span> <span class="pl-k">admit</span><span class="pl-c1">()</span>
+  <span class="pl-k">in</span>
+  <span class="pl-en">forall_intro</span> <span class="pl-en">lem</span><span class="pl-c1">;</span>
+  <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+
+<span class="pl-k">let</span> <span class="pl-en">proof2</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">lem</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:nat)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+            <span class="pl-c1">`</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)`</span>
+    <span class="pl-c1">=</span> <span class="pl-k">admit</span><span class="pl-c1">()</span>
+  <span class="pl-k">in</span>
+  <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<p>In <code>proof1</code>, we prove an auxiliary lemma <code>lem</code> and then use
+<a href="#forall_intro"><code>forall_intro</code></a> to turn it into a proof of <code>forall x. p x</code>.</p>
+<p>In <code>proof2</code>, we simply decorate <code>lem</code> with an SMT pattern to
+allow the solver to use that lemma to prove <code>forall x. p x</code>
+directly.</p>
+<p>The style of <code>proof2</code> is often more robust for several reasons:</p>
+<ul>
+<li>
+<p><a href="#forall_intro"><code>forall_intro</code></a> only works with lemmas that do not have
+preconditions. E.g., if you wanted to prove <a href="#ghost_lemma">forall x. q x ==&gt;
+p x<code>, you would have had to prove </code>lem<code>with the type</code>x:nat -&gt;
+Lemma (q x ==&gt; p x)<code>. In contrast, in the style of </code>proof2<code>, you could have proven [x:nat -&gt; Lemma (requires q x) (ensures p x)</code>, which is easier, since you can assume the precondition <code>q x]. To use this style of lemma-with-precondition with [</code>forall_intro<code>](#forall_intro), one typically must also use [</code>move_requires<code>](#move_requires) to coerce a lemma with a precondition into a lemma proving an implication, or to use [</code>ghost_lemma`</a>.</p>
+</li>
+<li>
+<p><a href="#forall_intro"><code>forall_intro</code></a> introduces a quantifier without an SMT
+pattern. This can pollute the local context with an unguarded
+quantifier, leading to inefficient proofs. Note, the variants
+<a href="#forall_intro_with_pat"><code>forall_intro_with_pat</code></a> help with this somewhat, but they only
+support a single pattern, rather than conjunctive and
+disjunctive patterns.</p>
+</li>
+<li>
+<p><a href="#forall_intro"><code>forall_intro</code></a> and its variants are available for only a fixed
+arity up to 4. The nested SMTPat lemma style of <code>proof2</code> works
+are arbitrary arity.</p>
+</li>
+</ul>
+<p>That said, there may still be cases where <a href="#forall_intro"><code>forall_intro</code></a> etc. are
+more suitable.</p>
+</blockquote>
+<h4>
+<a id="user-content-get_forall" class="anchor" href="#get_forall" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>get_forall</h4>
+<p>Turning an universally quantified precondition into returned
+squash proof, similar to <code>FStar.Squash.get_proof</code>, but avoiding an
+extra squash, since <code>forall</code> is already squashed.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">get_forall</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type0))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-forall_intro_gtot" class="anchor" href="#forall_intro_gtot" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>forall_intro_gtot</h4>
+<p>This introduces a squash proof of a universal
+quantifier. <code>forall_intro_gtot f</code> is equivalent to `return_squash
+(return_squash f)].</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">forall_intro_gtot</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type))</span> <span class="pl-c1">($</span><span class="pl-c1">_</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<p>TODO: Perhaps remove this? It seems redundant</p>
+<h4>
+<a id="user-content-lemma_forall_intro_gtot" class="anchor" href="#lemma_forall_intro_gtot" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lemma_forall_intro_gtot</h4>
+<p>This turns a dependent arrow into a proof-irrelevant postcondition
+of a universal quantifier.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_forall_intro_gtot</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type))</span> <span class="pl-c1">($</span><span class="pl-c1">_</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-gtot_to_lemma" class="anchor" href="#gtot_to_lemma" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>gtot_to_lemma</h4>
+<p>This turns a dependent arrow producing a proof a <code>p</code> into a lemma
+ensuring <code>p</code>, effectively squashing the proof of <code>p</code>, while still
+retaining the arrow.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">gtot_to_lemma</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type))</span> <span class="pl-c1">($</span><span class="pl-c1">_</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)))</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-forall_intro_squash_gtot" class="anchor" href="#forall_intro_squash_gtot" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>forall_intro_squash_gtot</h4>
+<p>This is the analog of <a href="#lemma_forall_intro_gtot"><code>lemma_forall_intro_gtot</code></a> but with squashed
+proofs on both sides, including a redundant extra squash on the result.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">forall_intro_squash_gtot</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type))</span> <span class="pl-c1">($</span><span class="pl-c1">_</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">))))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<p>TODO: perhaps remove this?</p>
+<h4>
+<a id="user-content-forall_intro_squash_gtot_join" class="anchor" href="#forall_intro_squash_gtot_join" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>forall_intro_squash_gtot_join</h4>
+<p>This is the analog of <a href="#lemma_forall_intro_gtot"><code>lemma_forall_intro_gtot</code></a> but with squashed
+proofs on both sides</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">forall_intro_squash_gtot_join</span>
+      <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">($</span><span class="pl-c1">_</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">))))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-forall_intro" class="anchor" href="#forall_intro" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>forall_intro</h4>
+<p>The main workhorse for introducing universally quantified postconditions, at arity 1.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">forall_intro</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type))</span> <span class="pl-c1">($</span><span class="pl-c1">_</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<p>See the remark at the start of this section for guidelines on its
+use. You may prefer to use a local lemma with an SMT pattern.</p>
+<h4>
+<a id="user-content-forall_intro_with_pat" class="anchor" href="#forall_intro_with_pat" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>forall_intro_with_pat</h4>
+<p>The main workhorse for introducing universally quantified
+postconditions, at arity 1, including a provision for a single
+pattern.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">forall_intro_with_pat</span>
+      <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type0))</span>
+      <span class="pl-c1">($</span><span class="pl-en">pat</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">c</span> <span class="pl-en">x</span><span class="pl-c1">)))</span>
+      <span class="pl-c1">($</span><span class="pl-c1">_</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-c1">{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">pat</span> <span class="pl-en">x</span><span class="pl-c1">)}</span> <span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<p>See the remark at the start of this section for guidelines on its
+use. You may prefer to use a local lemma with an SMT pattern.</p>
+<h4>
+<a id="user-content-forall_intro_sub" class="anchor" href="#forall_intro_sub" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>forall_intro_sub</h4>
+<p>This function is almost identical to <a href="#forall_intro"><code>forall_intro</code></a>. The only
+difference is that rather in <code>forall_intro f</code> the type of <code>f</code> is
+<em>unified</em> with expected type of that argument, leading to better
+resolution of implicit variables.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">forall_intro_sub</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-c1">_</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<p>However, sometimes it is convenient to introduce a quantifier from
+a lemma while relying on subtyping---<code>forall_intro_sub f</code> allows
+the use of subtyping when comparing the type of <code>f</code> to the
+expected type of the argument. This will likely mean that the
+implicit arguments, notably <code>p</code>, will have to be provided
+explicilty.</p>
+<h4>
+<a id="user-content-forall_intro_2" class="anchor" href="#forall_intro_2" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>forall_intro_2</h4>
+<p>The arity 2 version of <a href="#forall_intro"><code>forall_intro</code></a></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">forall_intro_2</span>
+      <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type0))</span>
+      <span class="pl-c1">($</span><span class="pl-c1">_</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">).</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-forall_intro_2_with_pat" class="anchor" href="#forall_intro_2_with_pat" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>forall_intro_2_with_pat</h4>
+<p>The arity 2 version of <a href="#forall_intro_with_pat"><code>forall_intro_with_pat</code></a></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">forall_intro_2_with_pat</span>
+      <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type0))</span>
+      <span class="pl-c1">($</span><span class="pl-en">pat</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">c</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)))</span>
+      <span class="pl-c1">($</span><span class="pl-c1">_</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">).</span> <span class="pl-c1">{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">pat</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)}</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-forall_intro_3" class="anchor" href="#forall_intro_3" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>forall_intro_3</h4>
+<p>The arity 3 version of <a href="#forall_intro"><code>forall_intro</code></a></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">forall_intro_3</span>
+      <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">c</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0))</span>
+      <span class="pl-c1">($</span><span class="pl-c1">_</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">c</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">c</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">).</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-forall_intro_3_with_pat" class="anchor" href="#forall_intro_3_with_pat" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>forall_intro_3_with_pat</h4>
+<p>The arity 3 version of <a href="#forall_intro_with_pat"><code>forall_intro_with_pat</code></a></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">forall_intro_3_with_pat</span>
+      <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">(#</span><span class="pl-en">d</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">c</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">c</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type0))</span>
+      <span class="pl-c1">($</span><span class="pl-en">pat</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">c</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">d</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">)))</span>
+      <span class="pl-c1">($</span><span class="pl-c1">_</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">c</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">c</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">).</span> <span class="pl-c1">{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">pat</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">)}</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-forall_intro_4" class="anchor" href="#forall_intro_4" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>forall_intro_4</h4>
+<p>The arity 4 version of <a href="#forall_intro"><code>forall_intro</code></a></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">forall_intro_4</span>
+      <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">(#</span><span class="pl-en">d</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">c</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">c</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">w</span><span class="pl-c1">:</span> <span class="pl-en">d</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0))</span>
+      <span class="pl-c1">($</span><span class="pl-c1">_</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">c</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">w</span><span class="pl-c1">:</span> <span class="pl-en">d</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-en">z</span> <span class="pl-en">w</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">c</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">w</span><span class="pl-c1">:</span> <span class="pl-en">d</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">).</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-en">z</span> <span class="pl-en">w</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-forall_impl_intro" class="anchor" href="#forall_impl_intro" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>forall_impl_intro</h4>
+<p>This combines th use of <a href="#arrow_to_impl"><code>arrow_to_impl</code></a> with <a href="#forall_intro"><code>forall_intro</code></a>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">forall_impl_intro</span>
+      <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">p</span> <span class="pl-c1">#</span><span class="pl-en">q</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">($</span><span class="pl-c1">_</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">q</span> <span class="pl-en">x</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">q</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<p>TODO: Seems overly specific; could be removed?</p>
+<h4>
+<a id="user-content-ghost_lemma" class="anchor" href="#ghost_lemma" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>ghost_lemma</h4>
+<p>This is similar to <a href="#forall_intro"><code>forall_intro</code></a>, but with a lemma that has a precondition.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">ghost_lemma</span>
+      <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type0))</span>
+      <span class="pl-c1">(#</span><span class="pl-en">q</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type0))</span>
+      <span class="pl-c1">($</span><span class="pl-c1">_</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">q</span> <span class="pl-en">x</span> <span class="pl-c1">()))))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">q</span> <span class="pl-en">x</span> <span class="pl-c1">())</span></pre></div>
+<p>Note: It's unclear why <code>q</code> has an additional <code>unit</code> argument.</p>
+<h2>
+<a id="user-content-existential-quantification" class="anchor" href="#existential-quantification" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Existential quantification</h2>
+<h4>
+<a id="user-content-exists_intro" class="anchor" href="#exists_intro" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>exists_intro</h4>
+<p>The most basic way to introduce a squashed existential quantifier
+<code>exists x. p x</code> is to present a witness <code>w</code> such that <code>p w</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">exists_intro</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">witness</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">witness</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<p>While <a href="#exists_intro"><code>exists_intro</code></a> is very explicit, as with universal
+quantification and <a href="#forall_intro"><code>forall_intro</code></a>, it is only available for a
+fixed arity.</p>
+<p>However, unlike with we do not yet provide any conveniences for
+higher arities. One workaround is to tuple witnesses together,
+e.g., instead of proving <code>exists x y. p x y</code> to prove instead
+<code>exists xy. p (fst xy) (snd xy)</code> and to allow the SMT solver to convert
+the latter to the former.</p>
+<h4>
+<a id="user-content-exists_intro_not_all_not" class="anchor" href="#exists_intro_not_all_not" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>exists_intro_not_all_not</h4>
+<p>Introducing an exists via its classical correspondence with a negated universal quantifier</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">exists_intro_not_all_not</span>
+      <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">($</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">((</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(~(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)))</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">False</span><span class="pl-c1">))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-forall_to_exists" class="anchor" href="#forall_to_exists" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>forall_to_exists</h4>
+<p>If <code>r</code> is true for all <code>x:a{p x}</code>, then one can use
+<a href="#forall_to_exists"><code>forall_to_exists</code></a> to establish <code>(exists x. p x) ==&gt; r</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">forall_to_exists</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">($</span><span class="pl-c1">_</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">r</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-k">exists</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">r</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-forall_to_exists_2" class="anchor" href="#forall_to_exists_2" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>forall_to_exists_2</h4>
+<p>The arity two variant of <a href="#forall_to_exists"><code>forall_to_exists</code></a> for two separate
+existentially quantified hypotheses.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">forall_to_exists_2</span>
+      <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">q</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+      <span class="pl-c1">($</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-c1">/\</span> <span class="pl-en">q</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">r</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(((</span><span class="pl-k">exists</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span><span class="pl-c1">).</span> <span class="pl-en">q</span> <span class="pl-en">y</span><span class="pl-c1">))</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">r</span><span class="pl-c1">)</span></pre></div>
+<p>TODO: overly specific, remove?</p>
+<h4>
+<a id="user-content-exists_elim" class="anchor" href="#exists_elim" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>exists_elim</h4>
+<p>An eliminator for squashed existentials: If every witnesse can be
+eliminated into a squashed proof of the <code>goal</code>, then the <code>goal</code>
+postcondition is valid.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">exists_elim</span>
+      <span class="pl-c1">(</span><span class="pl-en">goal</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">(</span><span class="pl-c1">_</span><span class="pl-c1">:</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+      <span class="pl-c1">(</span><span class="pl-c1">_</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-en">goal</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-en">goal</span></pre></div>
+<h3>
+<a id="user-content-disjunction" class="anchor" href="#disjunction" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Disjunction</h3>
+<h4>
+<a id="user-content-or_elim" class="anchor" href="#or_elim" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>or_elim</h4>
+<p>Eliminating <code>l \/ r</code> into a <code>goal</code> whose well-formedness depends on
+<code>l \/ r</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">or_elim</span>
+      <span class="pl-c1">(#</span><span class="pl-en">l</span> <span class="pl-c1">#</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-c1">Type0)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">goal</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">l</span> <span class="pl-c1">\/</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type0))</span>
+      <span class="pl-c1">(</span><span class="pl-en">hl</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-en">l</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">goal</span> <span class="pl-c1">())))</span>
+      <span class="pl-c1">(</span><span class="pl-en">hr</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">goal</span> <span class="pl-c1">())))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">l</span> <span class="pl-c1">\/</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">goal</span> <span class="pl-c1">())</span></pre></div>
+<h4>
+<a id="user-content-excluded_middle" class="anchor" href="#excluded_middle" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>excluded_middle</h4>
+<p>The law of excluded middle: squashed types are classical</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">excluded_middle</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">True</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">\/</span> <span class="pl-c1">~</span><span class="pl-en">p</span><span class="pl-c1">))</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Date.html b/docs/FStar.Date.html
index 89f0726..479d31f 100644
--- a/docs/FStar.Date.html
+++ b/docs/FStar.Date.html
@@ -1,16 +1,28 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Date</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.date">module FStar.Date</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstardate" class="anchor" href="#fstardate" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Date</h1>
+<blockquote>
+<p>A module providing primitives for dates and times</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">new</span>
+<span class="pl-k">val</span> <span class="pl-en">dateTime</span><span class="pl-c1">:Type0</span>
+<span class="pl-k">new</span>
+<span class="pl-k">val</span> <span class="pl-en">timeSpan</span><span class="pl-c1">:Type0</span></pre></div>
+<h4>
+<a id="user-content-now" class="anchor" href="#now" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>now</h4>
+<p>EXT marks an external function</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">now</span><span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">EXT</span> <span class="pl-en">dateTime</span>
+<span class="pl-k">val</span> <span class="pl-en">secondsFromDawn</span><span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">EXT</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">nat{</span><span class="pl-en">n</span> &lt; <span class="pl-en">pow2</span> <span class="pl-c1">32</span><span class="pl-c1">})</span>
+<span class="pl-k">val</span> <span class="pl-en">newTimeSpan</span><span class="pl-c1">:</span> <span class="pl-c1">int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">timeSpan</span>
+<span class="pl-k">val</span> <span class="pl-en">addTimeSpan</span><span class="pl-c1">:</span> <span class="pl-en">dateTime</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">timeSpan</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">dateTime</span>
+<span class="pl-k">val</span> <span class="pl-en">greaterDateTime</span><span class="pl-c1">:</span> <span class="pl-en">dateTime</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">dateTime</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.DependentMap.html b/docs/FStar.DependentMap.html
index 4f4dbbf..dd581ef 100644
--- a/docs/FStar.DependentMap.html
+++ b/docs/FStar.DependentMap.html
@@ -1,16 +1,265 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.DependentMap</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.dependentmap">module FStar.DependentMap</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstardependentmap" class="anchor" href="#fstardependentmap" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.DependentMap</h1>
+<blockquote>
+<p>This module provides an abstract type of maps whose co-domain
+depends on the value of each key. i.e., it is an encapsulation
+of <code>x:key -&gt; value x</code>, where <code>key</code> supports decidable equality.</p>
+<p>The main constructors of the type are:</p>
+<ul>
+<li>
+<a href="#create"><code>create</code></a>: To create the whole map from a function</li>
+<li>
+<a href="#upd"><code>upd</code></a>: To update a map at a point</li>
+<li>
+<a href="#restrict"><code>restrict</code></a>: To restrict the domain of a map</li>
+<li>
+<a href="#concat"><code>concat</code></a>: To concatenate maps by taking the union of their key spaces</li>
+<li>
+<a href="#rename"><code>rename</code></a>: To rename the keys of a map</li>
+<li>
+<a href="#map"><code>map</code></a>: To map a function over the values of a map</li>
+</ul>
+<p>The main eliminators are:</p>
+<ul>
+<li>
+<a href="#sel"><code>sel</code></a>: To query the map for its value at a point</li>
+</ul>
+<p>The interface is specified in a style that describes the action of
+each eliminator over each of the constructors</p>
+<p>The map also supports an extensional equality principle.</p>
+</blockquote>
+<h4>
+<a id="user-content-t" class="anchor" href="#t" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>t</h4>
+<p>Abstract type of dependent maps, with universe polymorphic values
+and keys in universe 0 with decidable equality</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">t</span> <span class="pl-c1">(</span><span class="pl-en">key</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">value</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">v</span><span class="pl-c1">))</span> <span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">v</span></pre></div>
+<h4>
+<a id="user-content-create" class="anchor" href="#create" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>create</h4>
+<p>Creating a new map from a function</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">create</span> <span class="pl-c1">(#</span><span class="pl-en">key</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span> <span class="pl-c1">(#</span><span class="pl-en">value</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:</span> <span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">value</span> <span class="pl-en">k</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-sel" class="anchor" href="#sel" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>sel</h4>
+<p>Querying the map for its value at a given key</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sel</span> <span class="pl-c1">(#</span><span class="pl-en">key</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span> <span class="pl-c1">(#</span><span class="pl-en">value</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:</span> <span class="pl-en">key</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">value</span> <span class="pl-en">k</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-sel_create" class="anchor" href="#sel_create" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>sel_create</h4>
+<p>Relating <a href="#create"><code>create</code></a> to <a href="#sel"><code>sel</code></a></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sel_create</span> <span class="pl-c1">(#</span><span class="pl-en">key</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span> <span class="pl-c1">(#</span><span class="pl-en">value</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:</span> <span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">value</span> <span class="pl-en">k</span><span class="pl-c1">)))</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:</span> <span class="pl-en">key</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">#</span><span class="pl-en">key</span> <span class="pl-c1">#</span><span class="pl-en">value</span> <span class="pl-c1">(</span><span class="pl-en">create</span> <span class="pl-en">f</span><span class="pl-c1">)</span> <span class="pl-en">k</span> <span class="pl-c1">==</span> <span class="pl-en">f</span> <span class="pl-en">k</span><span class="pl-c1">))</span> <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">#</span><span class="pl-en">key</span> <span class="pl-c1">#</span><span class="pl-en">value</span> <span class="pl-c1">(</span><span class="pl-en">create</span> <span class="pl-en">f</span><span class="pl-c1">)</span> <span class="pl-en">k</span><span class="pl-c1">)]</span></pre></div>
+<h4>
+<a id="user-content-upd" class="anchor" href="#upd" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>upd</h4>
+<p>Updating a map at a point</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">upd</span> <span class="pl-c1">(#</span><span class="pl-en">key</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span> <span class="pl-c1">(#</span><span class="pl-en">value</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:</span> <span class="pl-en">key</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:</span> <span class="pl-en">value</span> <span class="pl-en">k</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-sel_upd_same" class="anchor" href="#sel_upd_same" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>sel_upd_same</h4>
+<p>The action of selecting a key <code>k</code> a map with an updated value <code>v</code>
+at <code>k</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sel_upd_same</span> <span class="pl-c1">(#</span><span class="pl-en">key</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span> <span class="pl-c1">(#</span><span class="pl-en">value</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:</span> <span class="pl-en">key</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:</span> <span class="pl-en">value</span> <span class="pl-en">k</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">m</span> <span class="pl-en">k</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-en">k</span> <span class="pl-c1">==</span> <span class="pl-en">v</span><span class="pl-c1">))</span> <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">m</span> <span class="pl-en">k</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-en">k</span><span class="pl-c1">)]</span></pre></div>
+<p>This is one of the classic McCarthy select/update axioms in the
+setting of a dependent map.</p>
+<h4>
+<a id="user-content-sel_upd_other" class="anchor" href="#sel_upd_other" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>sel_upd_other</h4>
+<p>The action of selecting a key <code>k</code> a map with an updated value <code>v</code>
+at a different key <code>k'</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sel_upd_other</span>
+      <span class="pl-c1">(#</span><span class="pl-en">key</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">value</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:</span> <span class="pl-en">key</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:</span> <span class="pl-en">value</span> <span class="pl-en">k</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">k'</span><span class="pl-c1">:</span> <span class="pl-en">key</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">k'</span> &lt;&gt; <span class="pl-en">k</span><span class="pl-c1">))</span>
+      <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">m</span> <span class="pl-en">k</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-en">k'</span> <span class="pl-c1">==</span> <span class="pl-en">sel</span> <span class="pl-en">m</span> <span class="pl-en">k'</span><span class="pl-c1">))</span>
+      <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">m</span> <span class="pl-en">k</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-en">k'</span><span class="pl-c1">)]</span></pre></div>
+<p>This is one of the classic McCarthy select/update axioms in the
+setting of a dependent map.</p>
+<h4>
+<a id="user-content-equal" class="anchor" href="#equal" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>equal</h4>
+<p>Extensional propositional equality on maps</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">equal</span> <span class="pl-c1">(#</span><span class="pl-en">key</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span> <span class="pl-c1">(#</span><span class="pl-en">value</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">m1</span> <span class="pl-en">m2</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">prop</span></pre></div>
+<h4>
+<a id="user-content-equal_intro" class="anchor" href="#equal_intro" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>equal_intro</h4>
+<p>Introducing extensional equality by lifting equality on the map, pointwise</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">equal_intro</span> <span class="pl-c1">(#</span><span class="pl-en">key</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span> <span class="pl-c1">(#</span><span class="pl-en">value</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">m1</span> <span class="pl-en">m2</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">k</span><span class="pl-c1">.</span> <span class="pl-en">sel</span> <span class="pl-en">m1</span> <span class="pl-en">k</span> <span class="pl-c1">==</span> <span class="pl-en">sel</span> <span class="pl-en">m2</span> <span class="pl-en">k</span><span class="pl-c1">))</span>
+      <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">m1</span> <span class="pl-en">m2</span><span class="pl-c1">))</span>
+      <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">m1</span> <span class="pl-en">m2</span><span class="pl-c1">)]</span></pre></div>
+<h4>
+<a id="user-content-equal_refl" class="anchor" href="#equal_refl" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>equal_refl</h4>
+<p><a href="#equal"><code>equal</code></a> is reflexive</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">equal_refl</span> <span class="pl-c1">(#</span><span class="pl-en">key</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span> <span class="pl-c1">(#</span><span class="pl-en">value</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">m</span> <span class="pl-en">m</span><span class="pl-c1">))</span> <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">m</span> <span class="pl-en">m</span><span class="pl-c1">)]</span></pre></div>
+<h4>
+<a id="user-content-equal_elim" class="anchor" href="#equal_elim" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>equal_elim</h4>
+<p><a href="#equal"><code>equal</code></a> can be eliminated into standard propositional equality
+(==), also proving that it is an equivalence relation</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">equal_elim</span> <span class="pl-c1">(#</span><span class="pl-en">key</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span> <span class="pl-c1">(#</span><span class="pl-en">value</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">m1</span> <span class="pl-en">m2</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">m1</span> <span class="pl-en">m2</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">m1</span> <span class="pl-c1">==</span> <span class="pl-en">m2</span><span class="pl-c1">))</span> <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">m1</span> <span class="pl-en">m2</span><span class="pl-c1">)]</span></pre></div>
+<h2>
+<a id="user-content-restricting-the-domain-of-a-map" class="anchor" href="#restricting-the-domain-of-a-map" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Restricting the domain of a map</h2>
+<h4>
+<a id="user-content-restrict" class="anchor" href="#restrict" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>restrict</h4>
+<p>Restricts the domain of the map to those keys satisfying <code>p</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">restrict</span> <span class="pl-c1">(#</span><span class="pl-en">key</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span> <span class="pl-c1">(#</span><span class="pl-en">value</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type0))</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:</span> <span class="pl-en">key</span><span class="pl-c1">{</span><span class="pl-en">p</span> <span class="pl-en">k</span><span class="pl-c1">})</span> <span class="pl-en">value</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-sel_restrict" class="anchor" href="#sel_restrict" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>sel_restrict</h4>
+<p>The action of <a href="#sel"><code>sel</code></a> on <a href="#restrict"><code>restrict</code></a> : the contents of the map isn't changed</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sel_restrict</span>
+      <span class="pl-c1">(#</span><span class="pl-en">key</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">value</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type0))</span>
+      <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:</span> <span class="pl-en">key</span><span class="pl-c1">{</span><span class="pl-en">p</span> <span class="pl-en">k</span><span class="pl-c1">})</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-en">restrict</span> <span class="pl-en">p</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-en">k</span> <span class="pl-c1">==</span> <span class="pl-en">sel</span> <span class="pl-en">m</span> <span class="pl-en">k</span><span class="pl-c1">))</span></pre></div>
+<h2>
+<a id="user-content-concatenating-maps" class="anchor" href="#concatenating-maps" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Concatenating maps</h2>
+<blockquote>
+<p>Concatenating <code>t k1 v1</code> and <code>t k2 v2</code> produces a map
+<code>t (either k1 k2) (concat_value v1 v2)</code></p>
+<p>I.e., the key space varies contravariantly, to take the union of
+the component key spaces. The co-domain is the dependent product
+of the co-domains of the original map</p>
+</blockquote>
+<h4>
+<a id="user-content-concat_value" class="anchor" href="#concat_value" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>concat_value</h4>
+<p>The key space of a concatenated map is the product of the key spaces</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">concat_value</span>
+      <span class="pl-c1">(#</span><span class="pl-en">key1</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span>
+      <span class="pl-c1">(</span><span class="pl-en">value1</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">key1</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">(#</span><span class="pl-en">key2</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span>
+      <span class="pl-c1">(</span><span class="pl-en">value2</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">key2</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:</span> <span class="pl-en">either</span> <span class="pl-en">key1</span> <span class="pl-en">key2</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">k</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Inl</span> <span class="pl-en">k1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">value1</span> <span class="pl-en">k1</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Inr</span> <span class="pl-en">k2</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">value2</span> <span class="pl-en">k2</span></pre></div>
+<h4>
+<a id="user-content-concat" class="anchor" href="#concat" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>concat</h4>
+<p>Concatenating maps</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">concat</span>
+      <span class="pl-c1">(#</span><span class="pl-en">key1</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">value1</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">key1</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(Type</span> <span class="pl-c1">u#</span><span class="pl-en">v</span><span class="pl-c1">)))</span>
+      <span class="pl-c1">(#</span><span class="pl-en">key2</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">value2</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">key2</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(Type</span> <span class="pl-c1">u#</span><span class="pl-en">v</span><span class="pl-c1">)))</span>
+      <span class="pl-c1">(</span><span class="pl-en">m1</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-en">key1</span> <span class="pl-en">value1</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">m2</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-en">key2</span> <span class="pl-en">value2</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">(</span><span class="pl-en">either</span> <span class="pl-en">key1</span> <span class="pl-en">key2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">concat_value</span> <span class="pl-en">value1</span> <span class="pl-en">value2</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-sel_concat_l" class="anchor" href="#sel_concat_l" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>sel_concat_l</h4>
+<p>The action of <a href="#sel"><code>sel</code></a> on <a href="#concat"><code>concat</code></a>, for a key on the left picks a
+value from the left map</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sel_concat_l</span>
+      <span class="pl-c1">(#</span><span class="pl-en">key1</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">value1</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">key1</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(Type</span> <span class="pl-c1">u#</span><span class="pl-en">v</span><span class="pl-c1">)))</span>
+      <span class="pl-c1">(#</span><span class="pl-en">key2</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">value2</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">key2</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(Type</span> <span class="pl-c1">u#</span><span class="pl-en">v</span><span class="pl-c1">)))</span>
+      <span class="pl-c1">(</span><span class="pl-en">m1</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-en">key1</span> <span class="pl-en">value1</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">m2</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-en">key2</span> <span class="pl-en">value2</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">k1</span><span class="pl-c1">:</span> <span class="pl-en">key1</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-en">concat</span> <span class="pl-en">m1</span> <span class="pl-en">m2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-c1">Inl</span> <span class="pl-en">k1</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">sel</span> <span class="pl-en">m1</span> <span class="pl-en">k1</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-sel_concat_r" class="anchor" href="#sel_concat_r" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>sel_concat_r</h4>
+<p>The action of <a href="#sel"><code>sel</code></a> on <a href="#concat"><code>concat</code></a>, for a key on the right picks a
+value from the right map</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sel_concat_r</span>
+      <span class="pl-c1">(#</span><span class="pl-en">key1</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">value1</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">key1</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">(#</span><span class="pl-en">key2</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">value2</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">key2</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">(</span><span class="pl-en">m1</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-en">key1</span> <span class="pl-en">value1</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">m2</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-en">key2</span> <span class="pl-en">value2</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">k2</span><span class="pl-c1">:</span> <span class="pl-en">key2</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-en">concat</span> <span class="pl-en">m1</span> <span class="pl-en">m2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-c1">Inr</span> <span class="pl-en">k2</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">sel</span> <span class="pl-en">m2</span> <span class="pl-en">k2</span><span class="pl-c1">))</span></pre></div>
+<h2>
+<a id="user-content-renamings" class="anchor" href="#renamings" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Renamings</h2>
+<blockquote>
+<p>Given a map from <code>key2</code> to <code>key1</code>, we can revise a map from <code>t key1 v</code> to a map <code>t key2 v</code>, by composing the maps.</p>
+</blockquote>
+<h4>
+<a id="user-content-rename_value" class="anchor" href="#rename_value" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>rename_value</h4>
+<p>The type of the co-domain of the renamed map also involves
+transformation along the renaming function</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">rename_value</span>
+      <span class="pl-c1">(#</span><span class="pl-en">key1</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span>
+      <span class="pl-c1">(</span><span class="pl-en">value1</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">key1</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">(#</span><span class="pl-en">key2</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span>
+      <span class="pl-c1">(</span><span class="pl-en">ren</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">key2</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">key1</span><span class="pl-c1">))</span>
+      <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:</span> <span class="pl-en">key2</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type</span> <span class="pl-c1">=</span> <span class="pl-en">value1</span> <span class="pl-c1">(</span><span class="pl-en">ren</span> <span class="pl-en">k</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-rename" class="anchor" href="#rename" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>rename</h4>
+<p>Renaming the keys of a map</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">rename</span>
+      <span class="pl-c1">(#</span><span class="pl-en">key1</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">value1</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">key1</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-en">key1</span> <span class="pl-en">value1</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">key2</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span>
+      <span class="pl-c1">(</span><span class="pl-en">ren</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">key2</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">key1</span><span class="pl-c1">))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-en">key2</span> <span class="pl-c1">(</span><span class="pl-en">rename_value</span> <span class="pl-en">value1</span> <span class="pl-en">ren</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-sel_rename" class="anchor" href="#sel_rename" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>sel_rename</h4>
+<p>The action of <a href="#sel"><code>sel</code></a> on <a href="#rename"><code>rename</code></a></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sel_rename</span>
+      <span class="pl-c1">(#</span><span class="pl-en">key1</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">value1</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">key1</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-en">key1</span> <span class="pl-en">value1</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">key2</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span>
+      <span class="pl-c1">(</span><span class="pl-en">ren</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">key2</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">key1</span><span class="pl-c1">))</span>
+      <span class="pl-c1">(</span><span class="pl-en">k2</span><span class="pl-c1">:</span> <span class="pl-en">key2</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-en">rename</span> <span class="pl-en">m</span> <span class="pl-en">ren</span><span class="pl-c1">)</span> <span class="pl-en">k2</span> <span class="pl-c1">==</span> <span class="pl-en">sel</span> <span class="pl-en">m</span> <span class="pl-c1">(</span><span class="pl-en">ren</span> <span class="pl-en">k2</span><span class="pl-c1">)))</span></pre></div>
+<h2>
+<a id="user-content-mapping-a-function-over-a-dependent-map" class="anchor" href="#mapping-a-function-over-a-dependent-map" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Mapping a function over a dependent map</h2>
+<h4>
+<a id="user-content-map" class="anchor" href="#map" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>map</h4>
+<p><code>map f m</code> applies f to each value in <code>m</code>'s co-domain</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">map</span>
+      <span class="pl-c1">(#</span><span class="pl-en">key</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">value1</span> <span class="pl-c1">#</span><span class="pl-en">value2</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:</span> <span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">value1</span> <span class="pl-en">k</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">value2</span> <span class="pl-en">k</span><span class="pl-c1">)))</span>
+      <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value1</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value2</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-sel_map" class="anchor" href="#sel_map" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>sel_map</h4>
+<p>The action of <a href="#sel"><code>sel</code></a> on <a href="#map"><code>map</code></a></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sel_map</span>
+      <span class="pl-c1">(#</span><span class="pl-en">key</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">value1</span> <span class="pl-c1">#</span><span class="pl-en">value2</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:</span> <span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">value1</span> <span class="pl-en">k</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">value2</span> <span class="pl-en">k</span><span class="pl-c1">)))</span>
+      <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value1</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:</span> <span class="pl-en">key</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-en">k</span> <span class="pl-c1">==</span> <span class="pl-en">f</span> <span class="pl-en">k</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-en">m</span> <span class="pl-en">k</span><span class="pl-c1">)))</span>
+      <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">#</span><span class="pl-en">key</span> <span class="pl-c1">#</span><span class="pl-en">value2</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-c1">#</span><span class="pl-en">key</span> <span class="pl-c1">#</span><span class="pl-en">value1</span> <span class="pl-c1">#</span><span class="pl-en">value2</span> <span class="pl-en">f</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-en">k</span><span class="pl-c1">)]</span></pre></div>
+<h4>
+<a id="user-content-map_upd" class="anchor" href="#map_upd" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>map_upd</h4>
+<p><a href="#map"><code>map</code></a> explained in terms of its action on <a href="#upd"><code>upd</code></a></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">map_upd</span>
+      <span class="pl-c1">(#</span><span class="pl-en">key</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">value1</span> <span class="pl-c1">#</span><span class="pl-en">value2</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:</span> <span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">value1</span> <span class="pl-en">k</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">value2</span> <span class="pl-en">k</span><span class="pl-c1">)))</span>
+      <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value1</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:</span> <span class="pl-en">key</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:</span> <span class="pl-en">value1</span> <span class="pl-en">k</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">m</span> <span class="pl-en">k</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">upd</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-en">k</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">k</span> <span class="pl-en">v</span><span class="pl-c1">)))</span>
+      <span class="pl-c1">[</span></pre></div>
+<p>AR: wanted to write an SMTPatOr, but gives some error</p>
+<div class="highlight highlight-source-fstar"><pre>  <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-c1">#</span><span class="pl-en">key</span> <span class="pl-c1">#</span><span class="pl-en">value1</span> <span class="pl-c1">#</span><span class="pl-en">value2</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-c1">#</span><span class="pl-en">key</span> <span class="pl-c1">#</span><span class="pl-en">value1</span> <span class="pl-en">m</span> <span class="pl-en">k</span> <span class="pl-en">v</span><span class="pl-c1">))</span>
+<span class="pl-c1">]</span></pre></div>
+<blockquote>
+<p>We seem to miss lemmas that relate map to the other constructors,
+including create, restrict etc.</p>
+</blockquote>
+
 </body>
 </html>
diff --git a/docs/FStar.Dyn.html b/docs/FStar.Dyn.html
index 509a4a9..277c6bd 100644
--- a/docs/FStar.Dyn.html
+++ b/docs/FStar.Dyn.html
@@ -1,16 +1,33 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Dyn</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.dyn">module FStar.Dyn</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstardyn" class="anchor" href="#fstardyn" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Dyn</h1>
+<ul>
+<li>Opens module <a href="FStar.All.html">FStar.All</a>
+</li>
+</ul>
+<blockquote>
+<p>Dynamic casts, realized by OCaml's <code>Obj</code></p>
+<p>NOTE: THIS PROVIDES CASTS BETWEEN ARBITRARY TYPES
+BUT ONLY IN <code>False</code> CONTEXTS. USE WISELY.</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">assume</span> <span class="pl-k">new</span>
+<span class="pl-k">type</span> <span class="pl-en">dyn</span></pre></div>
+<h4>
+<a id="user-content-mkdyn" class="anchor" href="#mkdyn" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>mkdyn</h4>
+<p>Promoting a value of type <code>'a</code> to <code>dyn</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mkdyn</span><span class="pl-c1">:</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">EXT</span> <span class="pl-en">dyn</span></pre></div>
+<h4>
+<a id="user-content-undyn" class="anchor" href="#undyn" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>undyn</h4>
+<p>This coerces a value of type <code>dyn</code> to any type <code>'a</code>,
+but only with <code>False</code> precondition</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">undyn</span> <span class="pl-c1">(</span><span class="pl-en">d</span><span class="pl-c1">:</span> <span class="pl-en">dyn</span><span class="pl-c1">{</span><span class="pl-c1">false</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">EXT</span> <span class="pl-smi">'a</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Endianness.html b/docs/FStar.Endianness.html
index 9636848..54d5efc 100644
--- a/docs/FStar.Endianness.html
+++ b/docs/FStar.Endianness.html
@@ -1,16 +1,341 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Endianness</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.endianness">module FStar.Endianness</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarendianness" class="anchor" href="#fstarendianness" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Endianness</h1>
+<blockquote>
+<p>A library of lemmas for reasoning about sequences of machine integers and
+their (little|big)-endian representation as a sequence of bytes.</p>
+<p>The functions in this module aim to be as generic as possible, in order to
+facilitate compatibility with:</p>
+<ul>
+<li>Vale's model of machine integers (nat64 et. al.), which does not rely on
+FStar's machine integers</li>
+<li>HACL*'s Lib.IntTypes module, which exposes a universal indexed integer
+type but uses F* machine integers under the hood.</li>
+</ul>
+<p>To achieve maximum compatibility, we try to state most lemmas using nat
+rather than UIntX.</p>
+<p>To limit context pollution, the definitions of the recursive functions are
+abstract; please add lemmas as you see fit. In extreme cases, <code>friend</code>'ing
+might be de rigueur.</p>
+<p>.. note::</p>
+<p>This module supersedes the poorly-named <code>FStar.Kremlin.Endianness</code>.</p>
+</blockquote>
+<ul>
+<li>Aliases module <a href="FStar.UInt8.html"> FStar.UInt8</a> as <code>U8 </code>
+</li>
+<li>Aliases module <a href="FStar.UInt32.html"> FStar.UInt32</a> as <code>U32 </code>
+</li>
+<li>Aliases module <a href="FStar.UInt64.html"> FStar.UInt64</a> as <code>U64 </code>
+</li>
+<li>Aliases module <a href="FStar.Math.Lemmas.html"> FStar.Math.Lemmas</a> as <code>Math </code>
+</li>
+<li>Aliases module <a href="FStar.Seq.html"> FStar.Seq</a> as <code>S </code>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@ <span class="pl-en">noextract_to</span> <span class="pl-s"><span class="pl-pds">"</span>Kremlin<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">type</span> <span class="pl-en">bytes</span> <span class="pl-c1">=</span> <span class="pl-smi">S.</span><span class="pl-en">seq</span> <span class="pl-smi">U8.</span><span class="pl-en">t</span></pre></div>
+<ul>
+<li>Opens module <a href="FStar.Mul.html">FStar.Mul</a>
+</li>
+</ul>
+<blockquote>
+<h2>
+<a id="user-content-definition-of-little-and-big-endianness" class="anchor" href="#definition-of-little-and-big-endianness" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Definition of little and big-endianness</h2>
+<p>This is our spec, to be audited. From bytes to nat.</p>
+</blockquote>
+<blockquote>
+<p>lt_to_n interprets a byte sequence as a little-endian natural number</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">le_to_n</span> <span class="pl-c1">:</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">nat</span></pre></div>
+<blockquote>
+<p>be_to_n interprets a byte sequence as a big-endian natural number</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">be_to_n</span> <span class="pl-c1">:</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">nat</span></pre></div>
+<blockquote>
+<p>Induction for le_to_n and be_to_n</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">reveal_le_to_n</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">le_to_n</span> <span class="pl-en">b</span> <span class="pl-c1">==</span>
+     <span class="pl-c1">(</span><span class="pl-k">match</span> <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">b</span> <span class="pl-k">with</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">0</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">U8.</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">head</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-en">pow2</span> <span class="pl-c1">8</span> * <span class="pl-en">le_to_n</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">tail</span> <span class="pl-en">b</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">reveal_be_to_n</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">be_to_n</span> <span class="pl-en">b</span> <span class="pl-c1">==</span>
+     <span class="pl-c1">(</span><span class="pl-k">match</span> <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">b</span> <span class="pl-k">with</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">0</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">U8.</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">last</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-en">pow2</span> <span class="pl-c1">8</span> * <span class="pl-en">be_to_n</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">slice</span> <span class="pl-en">b</span> <span class="pl-c1">0</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">b</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">))))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_le_to_n_is_bounded</span><span class="pl-c1">:</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">le_to_n</span> <span class="pl-en">b</span> &lt; <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-c1">8</span> * <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">b</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_be_to_n_is_bounded</span><span class="pl-c1">:</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">be_to_n</span> <span class="pl-en">b</span> &lt; <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-c1">8</span> * <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">b</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<blockquote>
+<h2>
+<a id="user-content-inverse-operations" class="anchor" href="#inverse-operations" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Inverse operations</h2>
+<p>From nat to bytes, and their functional correctness.</p>
+</blockquote>
+<blockquote>
+<p>n_to_le encodes a number as a little-endian byte sequence of a fixed,
+sufficiently large length.</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">n_to_le</span> <span class="pl-c1">:</span> <span class="pl-en">len</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">n</span><span class="pl-c1">:nat{</span><span class="pl-en">n</span> &lt; <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-c1">8</span> * <span class="pl-en">len</span><span class="pl-c1">)}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span><span class="pl-c1">{</span><span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">b</span> <span class="pl-c1">==</span> <span class="pl-en">len</span> <span class="pl-c1">/\</span> <span class="pl-en">n</span> <span class="pl-c1">==</span> <span class="pl-en">le_to_n</span> <span class="pl-en">b</span><span class="pl-c1">})</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">len</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<p>n_to_be encodes a numbers as a big-endian byte sequence of a fixed,
+sufficiently large length</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">n_to_be</span><span class="pl-c1">:</span>
+  <span class="pl-en">len</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">n</span><span class="pl-c1">:nat{</span><span class="pl-en">n</span> &lt; <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-c1">8</span> * <span class="pl-en">len</span><span class="pl-c1">)}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span><span class="pl-c1">{</span><span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">b</span> <span class="pl-c1">==</span> <span class="pl-en">len</span> <span class="pl-c1">/\</span> <span class="pl-en">n</span> <span class="pl-c1">==</span> <span class="pl-en">be_to_n</span> <span class="pl-en">b</span><span class="pl-c1">})</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">len</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<h2>
+<a id="user-content-injectivity" class="anchor" href="#injectivity" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Injectivity</h2>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">n_to_le_inj</span> <span class="pl-c1">(</span><span class="pl-en">len</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">n1</span> <span class="pl-en">n2</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat{</span><span class="pl-en">n</span> &lt; <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-c1">8</span> * <span class="pl-en">len</span><span class="pl-c1">)})):</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">n_to_le</span> <span class="pl-en">len</span> <span class="pl-en">n1</span> <span class="pl-c1">==</span> <span class="pl-en">n_to_le</span> <span class="pl-en">len</span> <span class="pl-en">n2</span><span class="pl-c1">))</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">n1</span> <span class="pl-c1">==</span> <span class="pl-en">n2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">n_to_be_inj</span> <span class="pl-c1">(</span><span class="pl-en">len</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">n1</span> <span class="pl-en">n2</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat{</span><span class="pl-en">n</span> &lt; <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-c1">8</span> * <span class="pl-en">len</span><span class="pl-c1">)}))</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">n_to_be</span> <span class="pl-en">len</span> <span class="pl-en">n1</span> <span class="pl-c1">==</span> <span class="pl-en">n_to_be</span> <span class="pl-en">len</span> <span class="pl-en">n2</span><span class="pl-c1">))</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">n1</span> <span class="pl-c1">==</span> <span class="pl-en">n2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">be_to_n_inj</span>
+  <span class="pl-c1">(</span><span class="pl-en">b1</span> <span class="pl-en">b2</span><span class="pl-c1">:</span> <span class="pl-smi">Seq.</span><span class="pl-en">seq</span> <span class="pl-smi">U8.</span><span class="pl-en">t</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">b1</span> <span class="pl-c1">==</span> <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">b2</span> <span class="pl-c1">/\</span> <span class="pl-en">be_to_n</span> <span class="pl-en">b1</span> <span class="pl-c1">==</span> <span class="pl-en">be_to_n</span> <span class="pl-en">b2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">equal</span> <span class="pl-en">b1</span> <span class="pl-en">b2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">b1</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">le_to_n_inj</span>
+  <span class="pl-c1">(</span><span class="pl-en">b1</span> <span class="pl-en">b2</span><span class="pl-c1">:</span> <span class="pl-smi">Seq.</span><span class="pl-en">seq</span> <span class="pl-smi">U8.</span><span class="pl-en">t</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">b1</span> <span class="pl-c1">==</span> <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">b2</span> <span class="pl-c1">/\</span> <span class="pl-en">le_to_n</span> <span class="pl-en">b1</span> <span class="pl-c1">==</span> <span class="pl-en">le_to_n</span> <span class="pl-en">b2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">equal</span> <span class="pl-en">b1</span> <span class="pl-en">b2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">b1</span><span class="pl-c1">))</span></pre></div>
+<blockquote>
+<h2>
+<a id="user-content-roundtripping" class="anchor" href="#roundtripping" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Roundtripping</h2>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">n_to_be_be_to_n</span> <span class="pl-c1">(</span><span class="pl-en">len</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-smi">Seq.</span><span class="pl-en">seq</span> <span class="pl-smi">U8.</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">==</span> <span class="pl-en">len</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span>
+    <span class="pl-en">be_to_n</span> <span class="pl-en">s</span> &lt; <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-c1">8</span> * <span class="pl-en">len</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">n_to_be</span> <span class="pl-en">len</span> <span class="pl-c1">(</span><span class="pl-en">be_to_n</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">s</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">n_to_be</span> <span class="pl-en">len</span> <span class="pl-c1">(</span><span class="pl-en">be_to_n</span> <span class="pl-en">s</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">n_to_le_le_to_n</span> <span class="pl-c1">(</span><span class="pl-en">len</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-smi">Seq.</span><span class="pl-en">seq</span> <span class="pl-smi">U8.</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">==</span> <span class="pl-en">len</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span>
+    <span class="pl-en">le_to_n</span> <span class="pl-en">s</span> &lt; <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-c1">8</span> * <span class="pl-en">len</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">n_to_le</span> <span class="pl-en">len</span> <span class="pl-c1">(</span><span class="pl-en">le_to_n</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">s</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">n_to_le</span> <span class="pl-en">len</span> <span class="pl-c1">(</span><span class="pl-en">le_to_n</span> <span class="pl-en">s</span><span class="pl-c1">))]</span></pre></div>
+<blockquote>
+<h2>
+<a id="user-content-specializations-for-f-machine-integers" class="anchor" href="#specializations-for-f-machine-integers" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Specializations for F* machine integers</h2>
+<p>These are useful because they take care of calling the right <code>*_is_bounded</code> lemmas.</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">uint32_of_le</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">bytes</span> <span class="pl-c1">{</span> <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">4</span> <span class="pl-c1">})</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-en">le_to_n</span> <span class="pl-en">b</span> <span class="pl-k">in</span>
+  <span class="pl-en">lemma_le_to_n_is_bounded</span> <span class="pl-en">b</span><span class="pl-c1">;</span>
+  <span class="pl-smi">UInt32.</span><span class="pl-en">uint_to_t</span> <span class="pl-en">n</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">le_of_uint32</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">):</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span><span class="pl-c1">{</span> <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">4</span> <span class="pl-c1">}</span> <span class="pl-c1">=</span>
+  <span class="pl-en">n_to_le</span> <span class="pl-c1">4</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">uint32_of_be</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">bytes</span> <span class="pl-c1">{</span> <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">4</span> <span class="pl-c1">})</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-en">be_to_n</span> <span class="pl-en">b</span> <span class="pl-k">in</span>
+  <span class="pl-en">lemma_be_to_n_is_bounded</span> <span class="pl-en">b</span><span class="pl-c1">;</span>
+  <span class="pl-smi">UInt32.</span><span class="pl-en">uint_to_t</span> <span class="pl-en">n</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">be_of_uint32</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">):</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span><span class="pl-c1">{</span> <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">4</span> <span class="pl-c1">}</span> <span class="pl-c1">=</span>
+  <span class="pl-en">n_to_be</span> <span class="pl-c1">4</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">uint64_of_le</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">bytes</span> <span class="pl-c1">{</span> <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">8</span> <span class="pl-c1">})</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-en">le_to_n</span> <span class="pl-en">b</span> <span class="pl-k">in</span>
+  <span class="pl-en">lemma_le_to_n_is_bounded</span> <span class="pl-en">b</span><span class="pl-c1">;</span>
+  <span class="pl-smi">UInt64.</span><span class="pl-en">uint_to_t</span> <span class="pl-en">n</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">le_of_uint64</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-smi">UInt64.</span><span class="pl-en">t</span><span class="pl-c1">):</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span><span class="pl-c1">{</span> <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">8</span> <span class="pl-c1">}</span> <span class="pl-c1">=</span>
+  <span class="pl-en">n_to_le</span> <span class="pl-c1">8</span> <span class="pl-c1">(</span><span class="pl-smi">UInt64.</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">uint64_of_be</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">bytes</span> <span class="pl-c1">{</span> <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">8</span> <span class="pl-c1">})</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-en">be_to_n</span> <span class="pl-en">b</span> <span class="pl-k">in</span>
+  <span class="pl-en">lemma_be_to_n_is_bounded</span> <span class="pl-en">b</span><span class="pl-c1">;</span>
+  <span class="pl-smi">UInt64.</span><span class="pl-en">uint_to_t</span> <span class="pl-en">n</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">be_of_uint64</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-smi">UInt64.</span><span class="pl-en">t</span><span class="pl-c1">):</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span><span class="pl-c1">{</span> <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">8</span> <span class="pl-c1">}</span> <span class="pl-c1">=</span>
+  <span class="pl-en">n_to_be</span> <span class="pl-c1">8</span> <span class="pl-c1">(</span><span class="pl-smi">UInt64.</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<h2>
+<a id="user-content-lifting-lebeto_n--n_tolebe-to-sequences" class="anchor" href="#lifting-lebeto_n--n_tolebe-to-sequences" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Lifting {le,be}<em>to_n / n_to</em>{le,be} to sequences</h2>
+<p>TODO: 16-bit (but is it really needed?)
+TODO: should these be specializations of generic functions that chop on
+N-byte boundaries, and operate on bounded nats instead of uints?</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">seq_uint32_of_le</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">bytes</span><span class="pl-c1">{</span> <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">4</span> * <span class="pl-en">l</span> <span class="pl-c1">}):</span>
+  <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">S.</span><span class="pl-en">seq</span> <span class="pl-smi">UInt32.</span><span class="pl-en">t</span> <span class="pl-c1">{</span> <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-en">l</span> <span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">le_of_seq_uint32</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-smi">S.</span><span class="pl-en">seq</span> <span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">):</span>
+  <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span> <span class="pl-c1">{</span> <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">4</span> * <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">})</span>
+    <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">seq_uint32_of_be</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">bytes</span><span class="pl-c1">{</span> <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">4</span> * <span class="pl-en">l</span> <span class="pl-c1">}):</span>
+  <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">S.</span><span class="pl-en">seq</span> <span class="pl-smi">UInt32.</span><span class="pl-en">t</span> <span class="pl-c1">{</span> <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-en">l</span> <span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">be_of_seq_uint32</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-smi">S.</span><span class="pl-en">seq</span> <span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">):</span>
+  <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span> <span class="pl-c1">{</span> <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">4</span> * <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">})</span>
+    <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">seq_uint64_of_le</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">bytes</span><span class="pl-c1">{</span> <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">8</span> * <span class="pl-en">l</span> <span class="pl-c1">}):</span>
+  <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">S.</span><span class="pl-en">seq</span> <span class="pl-smi">UInt64.</span><span class="pl-en">t</span> <span class="pl-c1">{</span> <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-en">l</span> <span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">le_of_seq_uint64</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-smi">S.</span><span class="pl-en">seq</span> <span class="pl-smi">UInt64.</span><span class="pl-en">t</span><span class="pl-c1">):</span>
+  <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span> <span class="pl-c1">{</span> <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">8</span> * <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">})</span>
+    <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">seq_uint64_of_be</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">bytes</span><span class="pl-c1">{</span> <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">8</span> * <span class="pl-en">l</span> <span class="pl-c1">}):</span>
+  <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">S.</span><span class="pl-en">seq</span> <span class="pl-smi">UInt64.</span><span class="pl-en">t</span> <span class="pl-c1">{</span> <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-en">l</span> <span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">be_of_seq_uint64</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-smi">S.</span><span class="pl-en">seq</span> <span class="pl-smi">UInt64.</span><span class="pl-en">t</span><span class="pl-c1">):</span>
+  <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span> <span class="pl-c1">{</span> <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">8</span> * <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">})</span>
+    <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">))</span></pre></div>
+<blockquote>
+<h2>
+<a id="user-content-complete-specification-of-the-combinators-above-relating-them-to-lebeto--n_to_lebe" class="anchor" href="#complete-specification-of-the-combinators-above-relating-them-to-lebeto--n_to_lebe" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Complete specification of the combinators above, relating them to {le,be}<em>to</em> / n_to_{le,be}</h2>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">offset_uint32_be</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">bytes</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-c1">nat):</span>
+  <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span>
+      <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">4</span> * <span class="pl-en">n</span> <span class="pl-c1">/\</span>
+      <span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span>
+      <span class="pl-smi">S.</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">seq_uint32_of_be</span> <span class="pl-en">n</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-en">uint32_of_be</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">slice</span> <span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-c1">4</span> * <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-c1">4</span> * <span class="pl-en">i</span> <span class="pl-c1">+</span> <span class="pl-c1">4</span><span class="pl-c1">))))</span>
+    <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span>
+      <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+    <span class="pl-c1">[</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">seq_uint32_of_be</span> <span class="pl-en">n</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">offset_uint32_le</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">bytes</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-c1">nat):</span>
+  <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span>
+      <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">4</span> * <span class="pl-en">n</span> <span class="pl-c1">/\</span>
+      <span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span>
+      <span class="pl-smi">S.</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">seq_uint32_of_le</span> <span class="pl-en">n</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-en">uint32_of_le</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">slice</span> <span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-c1">4</span> * <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-c1">4</span> * <span class="pl-en">i</span> <span class="pl-c1">+</span> <span class="pl-c1">4</span><span class="pl-c1">))))</span>
+    <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span>
+      <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+    <span class="pl-c1">[</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">seq_uint32_of_le</span> <span class="pl-en">n</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">offset_uint64_be</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">bytes</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-c1">nat):</span>
+  <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span>
+      <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">8</span> * <span class="pl-en">n</span> <span class="pl-c1">/\</span>
+      <span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span>
+      <span class="pl-smi">S.</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">seq_uint64_of_be</span> <span class="pl-en">n</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-en">uint64_of_be</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">slice</span> <span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-c1">8</span> * <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-c1">8</span> * <span class="pl-en">i</span> <span class="pl-c1">+</span> <span class="pl-c1">8</span><span class="pl-c1">))))</span>
+    <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span>
+      <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+    <span class="pl-c1">[</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">seq_uint64_of_be</span> <span class="pl-en">n</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">offset_uint64_le</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">bytes</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-c1">nat):</span>
+  <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span>
+      <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">8</span> * <span class="pl-en">n</span> <span class="pl-c1">/\</span>
+      <span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span>
+      <span class="pl-smi">S.</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">seq_uint64_of_le</span> <span class="pl-en">n</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-en">uint64_of_le</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">slice</span> <span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-c1">8</span> * <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-c1">8</span> * <span class="pl-en">i</span> <span class="pl-c1">+</span> <span class="pl-c1">8</span><span class="pl-c1">))))</span>
+    <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span>
+      <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+    <span class="pl-c1">[</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">seq_uint64_of_le</span> <span class="pl-en">n</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">]</span></pre></div>
+<blockquote>
+<h2>
+<a id="user-content-reasoning-about-appending-such-sequences" class="anchor" href="#reasoning-about-appending-such-sequences" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Reasoning about appending such sequences</h2>
+<p>TODO: this is fairly incomplete
+TODO: the *_base cases seem ad-hoc and derivable trivially from offset above; why have them?</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">be_of_seq_uint32_base</span> <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span> <span class="pl-smi">S.</span><span class="pl-en">seq</span> <span class="pl-smi">U32.</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-smi">S.</span><span class="pl-en">seq</span> <span class="pl-smi">U8.</span><span class="pl-en">t</span><span class="pl-c1">):</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span>
+    <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s1</span> <span class="pl-c1">=</span> <span class="pl-c1">1</span> <span class="pl-c1">/\</span>
+    <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s2</span> <span class="pl-c1">=</span> <span class="pl-c1">4</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">be_to_n</span> <span class="pl-en">s2</span> <span class="pl-c1">=</span> <span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">index</span> <span class="pl-en">s1</span> <span class="pl-c1">0</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">equal</span> <span class="pl-en">s2</span> <span class="pl-c1">(</span><span class="pl-en">be_of_seq_uint32</span> <span class="pl-en">s1</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">[</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">be_to_n</span> <span class="pl-en">s2</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">index</span> <span class="pl-en">s1</span> <span class="pl-c1">0</span><span class="pl-c1">))</span> <span class="pl-c1">]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">le_of_seq_uint32_base</span> <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span> <span class="pl-smi">S.</span><span class="pl-en">seq</span> <span class="pl-smi">U32.</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-smi">S.</span><span class="pl-en">seq</span> <span class="pl-smi">U8.</span><span class="pl-en">t</span><span class="pl-c1">):</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span>
+    <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s1</span> <span class="pl-c1">=</span> <span class="pl-c1">1</span> <span class="pl-c1">/\</span>
+    <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s2</span> <span class="pl-c1">=</span> <span class="pl-c1">4</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">le_to_n</span> <span class="pl-en">s2</span> <span class="pl-c1">=</span> <span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">index</span> <span class="pl-en">s1</span> <span class="pl-c1">0</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">equal</span> <span class="pl-en">s2</span> <span class="pl-c1">(</span><span class="pl-en">le_of_seq_uint32</span> <span class="pl-en">s1</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">[</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">le_to_n</span> <span class="pl-en">s2</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">index</span> <span class="pl-en">s1</span> <span class="pl-c1">0</span><span class="pl-c1">))</span> <span class="pl-c1">]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">be_of_seq_uint64_base</span> <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span> <span class="pl-smi">S.</span><span class="pl-en">seq</span> <span class="pl-smi">U64.</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-smi">S.</span><span class="pl-en">seq</span> <span class="pl-smi">U8.</span><span class="pl-en">t</span><span class="pl-c1">):</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span>
+    <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s1</span> <span class="pl-c1">=</span> <span class="pl-c1">1</span> <span class="pl-c1">/\</span>
+    <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s2</span> <span class="pl-c1">=</span> <span class="pl-c1">8</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">be_to_n</span> <span class="pl-en">s2</span> <span class="pl-c1">=</span> <span class="pl-smi">U64.</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">index</span> <span class="pl-en">s1</span> <span class="pl-c1">0</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">equal</span> <span class="pl-en">s2</span> <span class="pl-c1">(</span><span class="pl-en">be_of_seq_uint64</span> <span class="pl-en">s1</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">[</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">be_to_n</span> <span class="pl-en">s2</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">U64.</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">index</span> <span class="pl-en">s1</span> <span class="pl-c1">0</span><span class="pl-c1">))</span> <span class="pl-c1">]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">be_of_seq_uint32_append</span> <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-smi">S.</span><span class="pl-en">seq</span> <span class="pl-smi">U32.</span><span class="pl-en">t</span><span class="pl-c1">):</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span>
+    <span class="pl-smi">S.</span><span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-en">be_of_seq_uint32</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+      <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">be_of_seq_uint32</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">be_of_seq_uint32</span> <span class="pl-en">s2</span><span class="pl-c1">))))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span>
+    <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s1</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">be_of_seq_uint32</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">be_of_seq_uint32</span> <span class="pl-en">s2</span><span class="pl-c1">))</span> <span class="pl-c1">]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">le_of_seq_uint32_append</span> <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-smi">S.</span><span class="pl-en">seq</span> <span class="pl-smi">U32.</span><span class="pl-en">t</span><span class="pl-c1">):</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span>
+    <span class="pl-smi">S.</span><span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-en">le_of_seq_uint32</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+      <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">le_of_seq_uint32</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">le_of_seq_uint32</span> <span class="pl-en">s2</span><span class="pl-c1">))))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span>
+    <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s1</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">le_of_seq_uint32</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">le_of_seq_uint32</span> <span class="pl-en">s2</span><span class="pl-c1">))</span> <span class="pl-c1">]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">be_of_seq_uint64_append</span> <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-smi">S.</span><span class="pl-en">seq</span> <span class="pl-smi">U64.</span><span class="pl-en">t</span><span class="pl-c1">):</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span>
+    <span class="pl-smi">S.</span><span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-en">be_of_seq_uint64</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+      <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">be_of_seq_uint64</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">be_of_seq_uint64</span> <span class="pl-en">s2</span><span class="pl-c1">))))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span>
+    <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s1</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">be_of_seq_uint64</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">be_of_seq_uint64</span> <span class="pl-en">s2</span><span class="pl-c1">))</span> <span class="pl-c1">]</span></pre></div>
+<blockquote>
+<h2>
+<a id="user-content-roundtripping-1" class="anchor" href="#roundtripping-1" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Roundtripping</h2>
+<p>TODO: also incomplete</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">seq_uint32_of_be_be_of_seq_uint32</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-smi">S.</span><span class="pl-en">seq</span> <span class="pl-smi">U32.</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">==</span> <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">seq_uint32_of_be</span> <span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">be_of_seq_uint32</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">`</span><span class="pl-smi">S.</span><span class="pl-en">equal</span><span class="pl-c1">`</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">seq_uint32_of_be</span> <span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">be_of_seq_uint32</span> <span class="pl-en">s</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">be_of_seq_uint32_seq_uint32_of_be</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-smi">S.</span><span class="pl-en">seq</span> <span class="pl-smi">U8.</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">4</span> * <span class="pl-en">n</span> <span class="pl-c1">==</span> <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">be_of_seq_uint32</span> <span class="pl-c1">(</span><span class="pl-en">seq_uint32_of_be</span> <span class="pl-en">n</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">`</span><span class="pl-smi">S.</span><span class="pl-en">equal</span><span class="pl-c1">`</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">be_of_seq_uint32</span> <span class="pl-c1">(</span><span class="pl-en">seq_uint32_of_be</span> <span class="pl-en">n</span> <span class="pl-en">s</span><span class="pl-c1">))]</span></pre></div>
+<blockquote>
+<h2>
+<a id="user-content-reasoning-about-slicing-such-sequences" class="anchor" href="#reasoning-about-slicing-such-sequences" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Reasoning about slicing such sequences</h2>
+<p>(Needs SMTPats above for roundtripping in their proof, hence why they're at the end.)</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">slice_seq_uint32_of_be</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-smi">S.</span><span class="pl-en">seq</span> <span class="pl-smi">U8.</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">lo</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">hi</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">4</span> * <span class="pl-en">n</span> <span class="pl-c1">==</span> <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">/\</span> <span class="pl-en">lo</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">hi</span> <span class="pl-c1">/\</span> <span class="pl-en">hi</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">slice</span> <span class="pl-c1">(</span><span class="pl-en">seq_uint32_of_be</span> <span class="pl-en">n</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">lo</span> <span class="pl-en">hi</span><span class="pl-c1">)</span> <span class="pl-c1">`</span><span class="pl-smi">S.</span><span class="pl-en">equal</span><span class="pl-c1">`</span> <span class="pl-en">seq_uint32_of_be</span> <span class="pl-c1">(</span><span class="pl-en">hi</span> <span class="pl-c1">-</span> <span class="pl-en">lo</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-c1">4</span> * <span class="pl-en">lo</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-c1">4</span> * <span class="pl-en">hi</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">be_of_seq_uint32_slice</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-smi">S.</span><span class="pl-en">seq</span> <span class="pl-smi">U32.</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">lo</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">hi</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">lo</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">hi</span> <span class="pl-c1">/\</span> <span class="pl-en">hi</span> &lt;<span class="pl-c1">=</span> <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">be_of_seq_uint32</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">lo</span> <span class="pl-en">hi</span><span class="pl-c1">)</span> <span class="pl-c1">`</span><span class="pl-smi">S.</span><span class="pl-en">equal</span><span class="pl-c1">`</span> <span class="pl-smi">S.</span><span class="pl-en">slice</span> <span class="pl-c1">(</span><span class="pl-en">be_of_seq_uint32</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-c1">4</span> * <span class="pl-en">lo</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-c1">4</span> * <span class="pl-en">hi</span><span class="pl-c1">)))</span></pre></div>
+<blockquote>
+<p>Some reasoning about zero bytes</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">le_to_n_zeros</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">bytes</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span>
+      <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat).</span> <span class="pl-en">i</span> &lt; <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">==&gt;</span> <span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-c1">0uy</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">le_to_n</span> <span class="pl-en">s</span> <span class="pl-c1">==</span> <span class="pl-c1">0</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-en">reveal_le_to_n</span> <span class="pl-en">s</span><span class="pl-c1">;</span>
+    <span class="pl-k">if</span> <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-c1">()</span>
+    <span class="pl-k">else</span> <span class="pl-en">le_to_n_zeros</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">tail</span> <span class="pl-en">s</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">be_to_n_zeros</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">bytes</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span>
+      <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat).</span> <span class="pl-en">i</span> &lt; <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">==&gt;</span> <span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-c1">0uy</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">be_to_n</span> <span class="pl-en">s</span> <span class="pl-c1">==</span> <span class="pl-c1">0</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-en">reveal_be_to_n</span> <span class="pl-en">s</span><span class="pl-c1">;</span>
+    <span class="pl-k">if</span> <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-c1">()</span>
+    <span class="pl-k">else</span> <span class="pl-en">be_to_n_zeros</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-c1">0</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">))</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Exn.html b/docs/FStar.Exn.html
index d1076f4..4dd2f06 100644
--- a/docs/FStar.Exn.html
+++ b/docs/FStar.Exn.html
@@ -1,16 +1,19 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Exn</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.exn">module FStar.Exn</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarexn" class="anchor" href="#fstarexn" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Exn</h1>
+<h4>
+<a id="user-content-raise" class="anchor" href="#raise" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>raise</h4>
+<p>Providing the signature of <a href="#raise"><code>raise</code></a>,
+that is implemented natively in FStar_Exn.ml as primitive raise</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">assume</span>
+<span class="pl-k">val</span> <span class="pl-en">raise</span> <span class="pl-c1">(</span><span class="pl-en">e</span><span class="pl-c1">:</span> <span class="pl-en">exn</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Exn</span> <span class="pl-smi">'a</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-c1">E</span> <span class="pl-en">e</span><span class="pl-c1">))</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Fin.html b/docs/FStar.Fin.html
index 293c890..79913fc 100644
--- a/docs/FStar.Fin.html
+++ b/docs/FStar.Fin.html
@@ -1,16 +1,87 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Fin</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.fin">module FStar.Fin</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarfin" class="anchor" href="#fstarfin" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Fin</h1>
+<blockquote>
+<p>This module is supposed to contain various lemmas about
+finiteness. For now, it mainly provides a basic pigeonhole
+principle</p>
+<p>TODO: We might generalize this to also support general utilities
+for reasoning about cardinality, relation with injections and
+surjections, etc.</p>
+</blockquote>
+<ul>
+<li>Aliases module <a href="FStar.List.Tot.html"> FStar.List.Tot</a> as <code>L </code>
+</li>
+<li>Aliases module <a href="FStar.Seq.html"> FStar.Seq</a> as <code>S </code>
+</li>
+</ul>
+<h4>
+<a id="user-content-fin" class="anchor" href="#fin" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>fin</h4>
+<p>The type of natural numbers bounded by <code>n</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">fin</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">=</span> <span class="pl-en">k</span><span class="pl-c1">:</span> <span class="pl-c1">int{</span><span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">k</span> <span class="pl-c1">/\</span> <span class="pl-en">k</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span></pre></div>
+<h4>
+<a id="user-content-vect" class="anchor" href="#vect" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>vect</h4>
+<p>Length-indexed list</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">vect</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">=</span> <span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span> <span class="pl-c1">{</span><span class="pl-smi">L.</span><span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">}</span></pre></div>
+<h4>
+<a id="user-content-seqn" class="anchor" href="#seqn" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>seqn</h4>
+<p>Length-indexed sequence</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">seqn</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">=</span> <span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-smi">S.</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">{</span><span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">}</span></pre></div>
+<h4>
+<a id="user-content-in_" class="anchor" href="#in_" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>in_</h4>
+<p><code>in_ s</code> is the type of a valid index into the sequence <code>s</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">in_</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-smi">S.</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">nat{</span><span class="pl-en">n</span> &lt; <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span></pre></div>
+<h4>
+<a id="user-content-find" class="anchor" href="#find" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>find</h4>
+<p>Find an index of an element in <code>s</code> startig from <code>i</code> that validates <code>p</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">find</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-smi">S.</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">bool))</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-en">in_</span> <span class="pl-en">s</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">option</span> <span class="pl-c1">(</span><span class="pl-en">in_</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+      <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">ensures</span>
+        <span class="pl-c1">(</span><span class="pl-k">function</span>
+          <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:</span> <span class="pl-c1">nat{</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">k</span> <span class="pl-c1">/\</span> <span class="pl-en">k</span> &lt; <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}).</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">k</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">false</span><span class="pl-c1">)</span>
+          <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">j</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span> <span class="pl-c1">/\</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">j</span><span class="pl-c1">)))</span>
+      <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">-</span> <span class="pl-en">i</span><span class="pl-c1">))</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-k">then</span> <span class="pl-c1">Some</span> <span class="pl-en">i</span> <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">i</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span> &lt; <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-k">then</span> <span class="pl-en">find</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">s</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-k">else</span> <span class="pl-c1">None</span></pre></div>
+<h4>
+<a id="user-content-pigeonhole" class="anchor" href="#pigeonhole" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>pigeonhole</h4>
+<p>Given a sequence <code>s</code> all of whose elements are at most <code>n</code>, if the
+length of <code>s</code> is greater than <code>n</code>, then there are two distinct
+indexes in <code>s</code> that contain the same element</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">pigeonhole</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-smi">S.</span><span class="pl-en">seq</span> <span class="pl-c1">(</span><span class="pl-en">fin</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">in_</span> <span class="pl-en">s</span> * <span class="pl-en">in_</span> <span class="pl-en">s</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-en">n</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">i1</span><span class="pl-c1">,</span> <span class="pl-en">i2</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i1</span> &lt; <span class="pl-en">i2</span> <span class="pl-c1">/\</span> <span class="pl-smi">S.</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">i1</span> <span class="pl-c1">=</span> <span class="pl-smi">S.</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">i2</span><span class="pl-c1">))</span>
+      <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span>
+  <span class="pl-k">then</span> <span class="pl-c1">(</span><span class="pl-k">match</span> <span class="pl-smi">S.</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-c1">0</span> <span class="pl-k">with</span> <span class="pl-c1">)</span>
+  <span class="pl-k">else</span>
+    <span class="pl-k">if</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">1</span>
+    <span class="pl-k">then</span>
+      <span class="pl-c1">(</span><span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-c1">0</span> <span class="pl-c1">=</span> <span class="pl-smi">S.</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-c1">1</span><span class="pl-c1">);</span>
+        <span class="pl-c1">0</span><span class="pl-c1">,</span> <span class="pl-c1">1</span><span class="pl-c1">)</span>
+    <span class="pl-k">else</span>
+      <span class="pl-k">let</span> <span class="pl-en">k0</span> <span class="pl-c1">=</span> <span class="pl-smi">S.</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-c1">0</span> <span class="pl-k">in</span>
+      <span class="pl-k">match</span> <span class="pl-en">find</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">k</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">k</span> <span class="pl-c1">=</span> <span class="pl-en">k0</span><span class="pl-c1">)</span> <span class="pl-c1">1</span> <span class="pl-k">with</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">i</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">0</span><span class="pl-c1">,</span> <span class="pl-en">i</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">let</span> <span class="pl-en">reduced_s</span><span class="pl-c1">:</span><span class="pl-smi">S.</span><span class="pl-en">seq</span> <span class="pl-c1">(</span><span class="pl-en">fin</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">))</span> <span class="pl-c1">=</span>
+          <span class="pl-smi">S.</span><span class="pl-en">init</span> <span class="pl-c1">#(</span><span class="pl-en">fin</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">))</span>
+            <span class="pl-en">n</span>
+            <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">i</span> <span class="pl-c1">-&gt;</span>
+                <span class="pl-k">let</span> <span class="pl-en">k</span><span class="pl-c1">:nat</span> <span class="pl-c1">=</span> <span class="pl-smi">S.</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+                <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">k</span> &lt;&gt; <span class="pl-en">k0</span><span class="pl-c1">);</span>
+                <span class="pl-k">if</span> <span class="pl-en">k</span> &lt; <span class="pl-en">k0</span> <span class="pl-k">then</span> <span class="pl-c1">(</span><span class="pl-en">k</span> <span class="pl-c1">&lt;:</span> <span class="pl-en">fin</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">))</span> <span class="pl-k">else</span> <span class="pl-c1">(</span><span class="pl-en">k</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span> <span class="pl-c1">&lt;:</span> <span class="pl-en">fin</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)))</span>
+        <span class="pl-k">in</span>
+        <span class="pl-k">let</span> <span class="pl-en">i1</span><span class="pl-c1">,</span> <span class="pl-en">i2</span> <span class="pl-c1">=</span> <span class="pl-en">pigeonhole</span> <span class="pl-en">reduced_s</span> <span class="pl-k">in</span>
+        <span class="pl-en">i1</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">,</span> <span class="pl-en">i2</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Float.html b/docs/FStar.Float.html
index 5184b50..3556508 100644
--- a/docs/FStar.Float.html
+++ b/docs/FStar.Float.html
@@ -1,16 +1,20 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Float</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.float">module FStar.Float</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarfloat" class="anchor" href="#fstarfloat" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Float</h1>
+<blockquote>
+<p>Support for floating point numbers in F* is nearly non-existent.
+This module is a placeholder</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">assume</span> <span class="pl-k">new</span>
+<span class="pl-k">type</span> <span class="pl-en">float</span> <span class="pl-c1">:</span> <span class="pl-c1">Type0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">double</span> <span class="pl-c1">=</span> <span class="pl-en">float</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.FunctionalExtensionality.html b/docs/FStar.FunctionalExtensionality.html
index 7f5d1a8..4700565 100644
--- a/docs/FStar.FunctionalExtensionality.html
+++ b/docs/FStar.FunctionalExtensionality.html
@@ -1,59 +1,199 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.FunctionalExtensionality</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.functionalextensionality">module FStar.FunctionalExtensionality</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">* MAIN AXIOM **</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">*
- * DUPLICATED FOR GHOST FUNCTIONS
- **</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> extensionality_g:a:Type -&gt; b:Unidentified product: [a] Type -&gt; f:arrow_g a b -&gt; g:arrow_g a b -&gt; (Lemma ((ensures (&lt;==&gt;(feq_g #a #b f g, ==(on_domain_g a f, on_domain_g a g))))) (Prims<span class="kw">.</span>Cons (SMTPat (feq_g #a #b f g)) (Prims<span class="kw">.</span>Nil )))</code></pre></div>
+<h1>
+<a id="user-content-fstarfunctionalextensionality" class="anchor" href="#fstarfunctionalextensionality" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.FunctionalExtensionality</h1>
+<blockquote>
+<p>Functional extensionality asserts the equality of pointwise-equal
+functions.</p>
+<p>The formulation of this axiom is particularly subtle in F* because
+of its interaction with subtyping. In fact, prior formulations of
+this axiom were discovered to be unsound by Aseem Rastogi.</p>
+<p>The predicate <code>feq #a #b f g</code> asserts that <code>f, g: x:a -&gt; (b x)</code> are
+pointwise equal on the domain <code>a</code>.</p>
+<p>However, due to subtyping <code>f</code> and <code>g</code> may also be defined on some
+domain larger than <code>a</code>. We need to be careful to ensure that merely
+proving <code>f</code> and <code>g</code> equal on their sub-domain <code>a</code> does not lead us
+to conclude that they are equal everywhere.</p>
+<p>For more context on how functional extensionality works in F*, see</p>
+<ol>
+<li>tests/micro-benchmarks/Test.FunctionalExtensionality.fst</li>
+<li>ulib/FStar.Map.fst and ulib/FStar.Map.fsti</li>
+<li>Issue #1542 on github.com/FStarLang/FStar/issues/1542</li>
+</ol>
+</blockquote>
+<h4>
+<a id="user-content-arrow" class="anchor" href="#arrow" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>arrow</h4>
+<p>The type of total, dependent functions</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">arrow</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">=</span> <span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-efun" class="anchor" href="#efun" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>efun</h4>
+<p>Using <a href="#arrow"><code>arrow</code></a> instead</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@ <span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>use arrow instead<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">let</span> <span class="pl-en">efun</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">=</span> <span class="pl-en">arrow</span> <span class="pl-en">a</span> <span class="pl-en">b</span></pre></div>
+<h4>
+<a id="user-content-feq" class="anchor" href="#feq" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>feq</h4>
+<p>feq #a #b f g: pointwise equality of <code>f</code> and <code>g</code> on domain <code>a</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">feq</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">g</span><span class="pl-c1">:</span> <span class="pl-en">arrow</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-c1">{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">)\/(</span><span class="pl-en">g</span> <span class="pl-en">x</span><span class="pl-c1">)}</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">g</span> <span class="pl-en">x</span></pre></div>
+<h4>
+<a id="user-content-on_domain" class="anchor" href="#on_domain" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>on_domain</h4>
+<p><code>on_domain a f</code>:</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">inline_for_extraction</span>
+<span class="pl-k">val</span> <span class="pl-en">on_domain</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-en">arrow</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">arrow</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<p>This is a key function provided by the module. It has several
+features.</p>
+<ol>
+<li>
+<p>Intuitively, <code>on_domain a f</code> can be seen as a function whose
+maximal domain is <code>a</code>.</p>
+</li>
+<li>
+<p>While, <code>on_domain a f</code> is proven to be <em>pointwise</em> equal to <code>f</code>,
+crucially it is not provably equal to <code>f</code>, since <code>f</code> may
+actually have a domain larger than <code>a</code>.</p>
+</li>
+<li>
+<p><a href="#on_domain"><code>on_domain</code></a> is idempotent</p>
+</li>
+<li>
+<p><code>on_domain a f x</code> has special treatment in F*'s normalizer. It
+reduces to <code>f x</code>, reflecting the pointwise equality of
+<code>on_domain a f</code> and <code>f</code>.</p>
+</li>
+<li>
+<p><a href="#on_domain"><code>on_domain</code></a> is marked <code>inline_for_extraction</code>, to eliminate the
+overhead of an indirection in extracted code. (This feature
+will be exercised as part of cross-module inlining across
+interface boundaries)</p>
+</li>
+</ol>
+<h4>
+<a id="user-content-feq_on_domain" class="anchor" href="#feq_on_domain" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>feq_on_domain</h4>
+<p>feq_on_domain:
+<code>on_domain a f</code> is pointwise equal to <code>f</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">feq_on_domain</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-en">arrow</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">feq</span> <span class="pl-c1">(</span><span class="pl-en">on_domain</span> <span class="pl-en">a</span> <span class="pl-en">f</span><span class="pl-c1">)</span> <span class="pl-en">f</span><span class="pl-c1">)</span> <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">on_domain</span> <span class="pl-en">a</span> <span class="pl-en">f</span><span class="pl-c1">)]</span></pre></div>
+<h4>
+<a id="user-content-idempotence_on_domain" class="anchor" href="#idempotence_on_domain" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>idempotence_on_domain</h4>
+<p>on_domain is idempotent</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">idempotence_on_domain</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-en">arrow</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">on_domain</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">on_domain</span> <span class="pl-en">a</span> <span class="pl-en">f</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">on_domain</span> <span class="pl-en">a</span> <span class="pl-en">f</span><span class="pl-c1">)</span> <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">on_domain</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">on_domain</span> <span class="pl-en">a</span> <span class="pl-en">f</span><span class="pl-c1">))]</span></pre></div>
+<h4>
+<a id="user-content-is_restricted" class="anchor" href="#is_restricted" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>is_restricted</h4>
+<p><code>is_restricted a f</code>:</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">is_restricted</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-en">arrow</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">on_domain</span> <span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-c1">==</span> <span class="pl-en">f</span></pre></div>
+<p>Though stated indirectly, <code>is_restricted a f</code> is valid when <code>f</code>
+is a function whose maximal domain is equal to <code>a</code>.</p>
+<p>Equivalently, one may see its definition as
+<code>exists g. f == on_domain a g</code></p>
+<h4>
+<a id="user-content-restricted_t" class="anchor" href="#restricted_t" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>restricted_t</h4>
+<p>restricted_t a b:
+Lifts the <a href="#is_restricted"><code>is_restricted</code></a> predicate into a refinement type</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">restricted_t</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">=</span> <span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-en">arrow</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">{</span><span class="pl-en">is_restricted</span> <span class="pl-en">a</span> <span class="pl-en">f</span><span class="pl-c1">}</span></pre></div>
+<p>This is the type of functions whose maximal domain is <code>a</code>
+and whose (dependent) co-domain is <code>b</code>.</p>
+<h4>
+<a id="user-content-op_hat_subtraction_greater" class="anchor" href="#op_hat_subtraction_greater" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>op_Hat_Subtraction_Greater</h4>
+<p><code>a ^-&gt; b</code>:</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">op_Hat_Subtraction_Greater</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">=</span> <span class="pl-en">restricted_t</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<p>Notation for non-dependent restricted functions from <code>a</code> to <code>b</code>.
+The first symbol <code>^</code> makes it right associative, as expected for
+arrows.</p>
+<h4>
+<a id="user-content-on_dom" class="anchor" href="#on_dom" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>on_dom</h4>
+<p><code>on_dom a f</code>:
+A convenience function to introduce a restricted, dependent function</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">on_dom</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-en">arrow</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">restricted_t</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">on_domain</span> <span class="pl-en">a</span> <span class="pl-en">f</span></pre></div>
+<h4>
+<a id="user-content-on" class="anchor" href="#on" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>on</h4>
+<p><code>on a f</code>:
+A convenience function to introduce a restricted, non-dependent function</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">on</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">^-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">on_dom</span> <span class="pl-en">a</span> <span class="pl-en">f</span></pre></div>
+<h2>
+<a id="user-content-main-axiom" class="anchor" href="#main-axiom" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>MAIN AXIOM</h2>
+<h4>
+<a id="user-content-extensionality" class="anchor" href="#extensionality" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>extensionality</h4>
+<p><a href="#extensionality"><code>extensionality</code></a>:</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">extensionality</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">g</span><span class="pl-c1">:</span> <span class="pl-en">arrow</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">feq</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-en">f</span> <span class="pl-en">g</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">on_domain</span> <span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-c1">==</span> <span class="pl-en">on_domain</span> <span class="pl-en">a</span> <span class="pl-en">g</span><span class="pl-c1">))</span> <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">feq</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-en">f</span> <span class="pl-en">g</span><span class="pl-c1">)]</span></pre></div>
+<p>The main axiom of this module states that functions <code>f</code> and <code>g</code>
+that are pointwise equal on domain <code>a</code> are provably equal when
+restricted to <code>a</code></p>
+<h2>
+<a id="user-content-duplicated-for-ghost-functions" class="anchor" href="#duplicated-for-ghost-functions" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>DUPLICATED FOR GHOST FUNCTIONS</h2>
+<h4>
+<a id="user-content-arrow_g" class="anchor" href="#arrow_g" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>arrow_g</h4>
+<p>The type of ghost, total, dependent functions</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">arrow_g</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">=</span> <span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-efun_g" class="anchor" href="#efun_g" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>efun_g</h4>
+<p>Use <a href="#arrow_g"><code>arrow_g</code></a> instead</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@ <span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>use arrow_g instead<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">let</span> <span class="pl-en">efun_g</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">=</span> <span class="pl-en">arrow_g</span> <span class="pl-en">a</span> <span class="pl-en">b</span></pre></div>
+<h4>
+<a id="user-content-feq_g" class="anchor" href="#feq_g" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>feq_g</h4>
+<p><code>feq_g #a #b f g</code>: pointwise equality of <code>f</code> and <code>g</code> on domain <code>a</code> *</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">feq_g</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">g</span><span class="pl-c1">:</span> <span class="pl-en">arrow_g</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-c1">{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">)\/(</span><span class="pl-en">g</span> <span class="pl-en">x</span><span class="pl-c1">)}</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">g</span> <span class="pl-en">x</span></pre></div>
+<h4>
+<a id="user-content-on_domain_g" class="anchor" href="#on_domain_g" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>on_domain_g</h4>
+<p>The counterpart of <a href="#on_domain"><code>on_domain</code></a> for ghost functions</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">on_domain_g</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-en">arrow_g</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">arrow_g</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-feq_on_domain_g" class="anchor" href="#feq_on_domain_g" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>feq_on_domain_g</h4>
+<p><code>on_domain_g a f</code> is pointwise equal to <code>f</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">feq_on_domain_g</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-en">arrow_g</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">feq_g</span> <span class="pl-c1">(</span><span class="pl-en">on_domain_g</span> <span class="pl-en">a</span> <span class="pl-en">f</span><span class="pl-c1">)</span> <span class="pl-en">f</span><span class="pl-c1">)</span> <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">on_domain_g</span> <span class="pl-en">a</span> <span class="pl-en">f</span><span class="pl-c1">)]</span></pre></div>
+<h4>
+<a id="user-content-idempotence_on_domain_g" class="anchor" href="#idempotence_on_domain_g" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>idempotence_on_domain_g</h4>
+<p>on_domain_g is idempotent</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">idempotence_on_domain_g</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-en">arrow_g</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">on_domain_g</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">on_domain_g</span> <span class="pl-en">a</span> <span class="pl-en">f</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">on_domain_g</span> <span class="pl-en">a</span> <span class="pl-en">f</span><span class="pl-c1">)</span>
+      <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">on_domain_g</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">on_domain_g</span> <span class="pl-en">a</span> <span class="pl-en">f</span><span class="pl-c1">))]</span></pre></div>
+<h4>
+<a id="user-content-is_restricted_g" class="anchor" href="#is_restricted_g" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>is_restricted_g</h4>
+<p>Counterpart of <a href="#is_restricted"><code>is_restricted</code></a> for ghost functions</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">is_restricted_g</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-en">arrow_g</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">on_domain_g</span> <span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-c1">==</span> <span class="pl-en">f</span></pre></div>
+<h4>
+<a id="user-content-restricted_g_t" class="anchor" href="#restricted_g_t" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>restricted_g_t</h4>
+<p>Counterpart of <a href="#restricted_t"><code>restricted_t</code></a> for ghost functions</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">restricted_g_t</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">=</span> <span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-en">arrow_g</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">{</span><span class="pl-en">is_restricted_g</span> <span class="pl-en">a</span> <span class="pl-en">f</span><span class="pl-c1">}</span></pre></div>
+<h4>
+<a id="user-content-op_hat_subtraction_greater_greater" class="anchor" href="#op_hat_subtraction_greater_greater" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>op_Hat_Subtraction_Greater_Greater</h4>
+<p><code>a ^-&gt;&gt; b</code>:</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">op_Hat_Subtraction_Greater_Greater</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">=</span> <span class="pl-en">restricted_g_t</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<p>Notation for ghost, non-dependent restricted functions from <code>a</code>
+a to <code>b</code>.</p>
+<h4>
+<a id="user-content-on_dom_g" class="anchor" href="#on_dom_g" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>on_dom_g</h4>
+<p><code>on_dom_g a f</code>:
+A convenience function to introduce a restricted, ghost, dependent function</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">on_dom_g</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-en">arrow_g</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">restricted_g_t</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">on_domain_g</span> <span class="pl-en">a</span> <span class="pl-en">f</span></pre></div>
+<h4>
+<a id="user-content-on_g" class="anchor" href="#on_g" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>on_g</h4>
+<p><code>on_g a f</code>:
+A convenience function to introduce a restricted, ghost, non-dependent function</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">on_g</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">^-&gt;</span>&gt; <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">on_dom_g</span> <span class="pl-en">a</span> <span class="pl-en">f</span></pre></div>
+<h4>
+<a id="user-content-extensionality_g" class="anchor" href="#extensionality_g" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>extensionality_g</h4>
 <p>Main axiom for ghost functions *</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">extensionality_g</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">g</span><span class="pl-c1">:</span> <span class="pl-en">arrow_g</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">feq_g</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-en">f</span> <span class="pl-en">g</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">on_domain_g</span> <span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-c1">==</span> <span class="pl-en">on_domain_g</span> <span class="pl-en">a</span> <span class="pl-en">g</span><span class="pl-c1">))</span>
+      <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">feq_g</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-en">f</span> <span class="pl-en">g</span><span class="pl-c1">)]</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.GSet.html b/docs/FStar.GSet.html
index fc7f1c2..5300e72 100644
--- a/docs/FStar.GSet.html
+++ b/docs/FStar.GSet.html
@@ -1,55 +1,101 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.GSet</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.gset">module FStar.GSet</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">pragma</code></pre></div>
+<h1>
+<a id="user-content-fstargset" class="anchor" href="#fstargset" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.GSet</h1>
 <p>Computatiional sets (on Types): membership is a boolean function</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#set-options</span> "<span class="pl-s">--initial_fuel 0 --max_fuel 0 --initial_ifuel 0 --max_ifuel 0</span>"</pre></div>
+<ul>
+<li>AR: mark it must_erase_for_extraction temporarily until CMI comes in</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">must_erase_for_extraction</span><span class="pl-c1">]</span>
+<span class="pl-k">val</span> <span class="pl-en">set</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">equal</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Type0</span></pre></div>
+<p>destructors</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mem</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">bool</span></pre></div>
+<p>constructors</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">empty</span>      <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-k">val</span> <span class="pl-en">singleton</span>  <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-k">val</span> <span class="pl-en">union</span>      <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-k">val</span> <span class="pl-en">intersect</span>  <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-k">val</span> <span class="pl-en">complement</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-k">val</span> <span class="pl-en">comprehend</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">bool))</span> <span class="pl-c1">:</span> <span class="pl-en">set</span> <span class="pl-en">a</span>
+<span class="pl-k">val</span> <span class="pl-en">of_set</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">set</span> <span class="pl-en">a</span></pre></div>
+<p>a property about sets</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">disjoint</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span> <span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-en">intersect</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-en">empty</span></pre></div>
+<p>ops</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">subset</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:Type0</span> <span class="pl-c1">=</span> <span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s1</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s2</span></pre></div>
+<p>Properties</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mem_empty</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+   <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+   <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">empty</span><span class="pl-c1">)))</span>
+   <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">empty</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mem_singleton</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+   <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+   <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">y</span> <span class="pl-c1">(</span><span class="pl-en">singleton</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">==</span><span class="pl-en">y</span><span class="pl-c1">)))</span>
+   <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">y</span> <span class="pl-c1">(</span><span class="pl-en">singleton</span> <span class="pl-en">x</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mem_union</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+   <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+   <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">union</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s1</span> <span class="pl-c1">||</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s2</span><span class="pl-c1">)))</span>
+   <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">union</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mem_intersect</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+   <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+   <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">intersect</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s1</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s2</span><span class="pl-c1">)))</span>
+   <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">intersect</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mem_complement</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+   <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+   <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">complement</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s</span><span class="pl-c1">)))</span>
+   <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">complement</span> <span class="pl-en">s</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mem_subset</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+   <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s1</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+   <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">subset</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+   <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">subset</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">subset_mem</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+   <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">subset</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+   <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s1</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+   <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">subset</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">comprehend_mem</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">bool))</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">comprehend</span> <span class="pl-en">f</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+          <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">comprehend</span> <span class="pl-en">f</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mem_of_set</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">of_set</span> <span class="pl-en">f</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-smi">Set.</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">f</span><span class="pl-c1">))</span>
+          <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">of_set</span> <span class="pl-en">f</span><span class="pl-c1">))]</span></pre></div>
+<p>extensionality</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_equal_intro</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span>  <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s1</span> <span class="pl-c1">=</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_equal_elim</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-c1">==</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_equal_refl</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-c1">==</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">disjoint_not_in_both</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">disjoint</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">\/</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s2</span><span class="pl-c1">)}</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s1</span> <span class="pl-c1">==&gt;</span> <span class="pl-c1">~(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s2</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">disjoint</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)]</span>
+<span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(~(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">intersect</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)))</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+  <span class="pl-smi">FStar.Classical.</span><span class="pl-en">forall_intro</span> <span class="pl-en">f</span></pre></div>
+<p>Converting lists to sets</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">#</span><span class="pl-en">reset</span><span class="pl-c1">-</span><span class="pl-en">options</span> <span class="pl-c">//restore fuel usage here</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">as_set'</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">empty</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">union</span> <span class="pl-c1">(</span><span class="pl-en">singleton</span> <span class="pl-en">hd</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">as_set'</span> <span class="pl-en">tl</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lemma_disjoint_subset</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s3</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">disjoint</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span> <span class="pl-c1">/\</span> <span class="pl-en">subset</span> <span class="pl-en">s3</span> <span class="pl-en">s1</span><span class="pl-c1">))</span>
+          <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">disjoint</span> <span class="pl-en">s3</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Ghost.html b/docs/FStar.Ghost.html
index 7b78a50..705e1b2 100644
--- a/docs/FStar.Ghost.html
+++ b/docs/FStar.Ghost.html
@@ -1,16 +1,161 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Ghost</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.ghost">module FStar.Ghost</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarghost" class="anchor" href="#fstarghost" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Ghost</h1>
+<blockquote>
+<p>This module provides an erased type to abstract computationally
+irrelevant values.</p>
+<p>It relies on the GHOST effect defined in Prims.</p>
+<p><code>erased a</code> is decorated with the erasable attribute. As such,</p>
+<ol>
+<li>
+<p>The type is considered non-informative.</p>
+<p>So, <code>Ghost (erased a)</code> can be subsumed to <code>Pure (erased a)</code></p>
+</li>
+<li>
+<p>The compiler extracts <code>erased a</code> to <code>unit</code></p>
+<p>The type is <code>erased a</code> is in a bijection with <code>a</code>, as
+witnessed by the <code>hide</code> and <a href="#reveal"><code>reveal</code></a> function.</p>
+</li>
+</ol>
+<p>Importantly, computationally relevant code cannot use <a href="#reveal"><code>reveal</code></a>
+(it's marked <code>GTot</code>)</p>
+<p>Just like Coq's prop, it is okay to use erased types
+freely as long as we produce an erased type.</p>
+<p><a href="#reveal"><code>reveal</code></a> and <code>hide</code> are coercions: the typechecker will
+automatically insert them when required. That is, if the type of
+an expression is <code>erased X</code>, and the expected type is NOT an
+<code>erased Y</code>, it will insert <a href="#reveal"><code>reveal</code></a>, and viceversa for <code>hide</code>.</p>
+</blockquote>
+<h4>
+<a id="user-content-erased" class="anchor" href="#erased" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>erased</h4>
+<p><code>erased t</code> is the computationally irrelevant counterpart of <code>t</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@ <span class="pl-en">erasable</span><span class="pl-c1">]</span>
+<span class="pl-k">val</span> <span class="pl-en">erased</span><span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span></pre></div>
+<h4>
+<a id="user-content-reveal" class="anchor" href="#reveal" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>reveal</h4>
+<p><code>erased t</code> is in a bijection with <code>t</code>, as witnessed by <a href="#reveal"><code>reveal</code></a>
+and <code>hide</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">reveal</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">erased</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">hide</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">erased</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">hide_reveal</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">erased</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">hide</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">))</span> <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">x</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">reveal_hide</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-c1">(</span><span class="pl-en">hide</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">))</span> <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">hide</span> <span class="pl-en">x</span><span class="pl-c1">)]</span></pre></div>
+<blockquote>
+<p>The rest of this module includes several well-defined defined
+notions. They are not trusted.</p>
+</blockquote>
+<h4>
+<a id="user-content-tot_to_gtot" class="anchor" href="#tot_to_gtot" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>tot_to_gtot</h4>
+<p><code>Tot</code> is a sub-effect of <code>GTot</code> F* will usually subsume <code>Tot</code>
+computations to <code>GTot</code> computations, though, occasionally, it may
+be useful to apply this coercion explicitly.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">tot_to_gtot</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-smi">'b</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-smi">'b</span> <span class="pl-c1">=</span> <span class="pl-en">f</span> <span class="pl-en">x</span></pre></div>
+<h4>
+<a id="user-content-return" class="anchor" href="#return" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>return</h4>
+<p><a href="#erased"><code>erased</code></a>: Injecting a value into <a href="#erased"><code>erased</code></a>; just an alias of <code>hide</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">return</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">erased</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">hide</span> <span class="pl-en">x</span></pre></div>
+<h4>
+<a id="user-content-bind" class="anchor" href="#bind" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>bind</h4>
+<p>Sequential composition of erased</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">bind</span> <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">erased</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">erased</span> <span class="pl-en">b</span><span class="pl-c1">)))</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">erased</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">reveal</span> <span class="pl-en">x</span> <span class="pl-k">in</span>
+  <span class="pl-en">f</span> <span class="pl-en">y</span></pre></div>
+<h4>
+<a id="user-content-elift1" class="anchor" href="#elift1" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>elift1</h4>
+<p>Unary map</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">irreducible</span>
+<span class="pl-k">let</span> <span class="pl-en">elift1</span> <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">erased</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">erased</span> <span class="pl-en">b</span> <span class="pl-c1">{</span><span class="pl-en">reveal</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">x</span><span class="pl-c1">)})</span> <span class="pl-c1">=</span> <span class="pl-en">xx</span> <span class="pl-c1">&lt;--</span> <span class="pl-en">x</span> <span class="pl-c1">;</span> <span class="pl-en">return</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">xx</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-elift2" class="anchor" href="#elift2" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>elift2</h4>
+<p>Binary map</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">irreducible</span>
+<span class="pl-k">let</span> <span class="pl-en">elift2</span> <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-en">c</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">erased</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">erased</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">erased</span> <span class="pl-en">c</span> <span class="pl-c1">{</span><span class="pl-en">reveal</span> <span class="pl-en">z</span> <span class="pl-c1">==</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">y</span><span class="pl-c1">)})</span> <span class="pl-c1">=</span>
+  <span class="pl-en">xx</span> <span class="pl-c1">&lt;--</span> <span class="pl-en">x</span> <span class="pl-c1">;</span> <span class="pl-en">yy</span> <span class="pl-c1">&lt;--</span> <span class="pl-en">y</span> <span class="pl-c1">;</span> <span class="pl-en">return</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">xx</span> <span class="pl-en">yy</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-elift3" class="anchor" href="#elift3" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>elift3</h4>
+<p>Ternary map</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">irreducible</span>
+<span class="pl-k">let</span> <span class="pl-en">elift3</span>
+      <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-c1">#</span><span class="pl-en">d</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+      <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-en">d</span><span class="pl-c1">))</span>
+      <span class="pl-c1">(</span><span class="pl-en">ga</span><span class="pl-c1">:</span> <span class="pl-en">erased</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">gb</span><span class="pl-c1">:</span> <span class="pl-en">erased</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">gc</span><span class="pl-c1">:</span> <span class="pl-en">erased</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">gd</span><span class="pl-c1">:</span> <span class="pl-en">erased</span> <span class="pl-en">d</span> <span class="pl-c1">{</span><span class="pl-en">reveal</span> <span class="pl-en">gd</span> <span class="pl-c1">==</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">ga</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">gb</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">gc</span><span class="pl-c1">)})</span> <span class="pl-c1">=</span>
+  <span class="pl-en">a</span> <span class="pl-c1">&lt;--</span> <span class="pl-en">ga</span> <span class="pl-c1">;</span> <span class="pl-en">b</span> <span class="pl-c1">&lt;--</span> <span class="pl-en">gb</span> <span class="pl-c1">;</span> <span class="pl-en">c</span> <span class="pl-c1">&lt;--</span> <span class="pl-en">gc</span> <span class="pl-c1">;</span> <span class="pl-en">return</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-push_refinement" class="anchor" href="#push_refinement" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>push_refinement</h4>
+<p>Pushing a refinement type under the <a href="#erased"><code>erased</code></a> constructor</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">push_refinement</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0))</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-en">erased</span> <span class="pl-en">a</span> <span class="pl-c1">{</span><span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">r</span><span class="pl-c1">)})</span>
+    <span class="pl-c1">:</span> <span class="pl-en">erased</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-c1">/\</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">reveal</span> <span class="pl-en">r</span><span class="pl-c1">})</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">x</span><span class="pl-c1">:(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">})</span> <span class="pl-c1">=</span> <span class="pl-en">reveal</span> <span class="pl-en">r</span> <span class="pl-k">in</span>
+  <span class="pl-en">return</span> <span class="pl-en">x</span></pre></div>
+<h4>
+<a id="user-content-elift1_p" class="anchor" href="#elift1_p" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>elift1_p</h4>
+<p>Mapping a function with a refined domain over a refined erased value</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">irreducible</span>
+<span class="pl-k">let</span> <span class="pl-en">elift1_p</span>
+      <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">($</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+      <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-en">erased</span> <span class="pl-en">a</span> <span class="pl-c1">{</span><span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">r</span><span class="pl-c1">)})</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">erased</span> <span class="pl-en">b</span> <span class="pl-c1">{</span><span class="pl-en">reveal</span> <span class="pl-en">z</span> <span class="pl-c1">==</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">r</span><span class="pl-c1">)})</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">x</span><span class="pl-c1">:(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">})</span> <span class="pl-c1">=</span> <span class="pl-en">reveal</span> <span class="pl-en">r</span> <span class="pl-k">in</span>
+  <span class="pl-en">return</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-elift2_p" class="anchor" href="#elift2_p" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>elift2_p</h4>
+<p>Mapping a binary function with a refined domain over a pair of
+refined erased values</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">irreducible</span>
+<span class="pl-k">let</span> <span class="pl-en">elift2_p</span>
+      <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">($</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">xa</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">xb</span><span class="pl-c1">:</span> <span class="pl-en">b</span><span class="pl-c1">{</span><span class="pl-en">p</span> <span class="pl-en">xa</span> <span class="pl-en">xb</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-en">c</span><span class="pl-c1">))</span>
+      <span class="pl-c1">(</span><span class="pl-en">ra</span><span class="pl-c1">:</span> <span class="pl-en">erased</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">rb</span><span class="pl-c1">:</span> <span class="pl-en">erased</span> <span class="pl-en">b</span> <span class="pl-c1">{</span><span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">ra</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">rb</span><span class="pl-c1">)})</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">rc</span><span class="pl-c1">:</span> <span class="pl-en">erased</span> <span class="pl-en">c</span> <span class="pl-c1">{</span><span class="pl-en">reveal</span> <span class="pl-en">rc</span> <span class="pl-c1">==</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">ra</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">rb</span><span class="pl-c1">)})</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">reveal</span> <span class="pl-en">ra</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">y</span><span class="pl-c1">:(</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span><span class="pl-c1">{</span><span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">})</span> <span class="pl-c1">=</span> <span class="pl-en">reveal</span> <span class="pl-en">rb</span> <span class="pl-k">in</span>
+  <span class="pl-en">return</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-elift1_pq" class="anchor" href="#elift1_pq" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>elift1_pq</h4>
+<p>Mapping a function with a refined domain and co-domain over a
+refined erased value producing a refined erased value</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">irreducible</span>
+<span class="pl-k">let</span> <span class="pl-en">elift1_pq</span>
+      <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">(#</span><span class="pl-en">q</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">($</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span><span class="pl-c1">{</span><span class="pl-en">q</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">})))</span>
+      <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-en">erased</span> <span class="pl-en">a</span> <span class="pl-c1">{</span><span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">r</span><span class="pl-c1">)})</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">erased</span> <span class="pl-en">b</span> <span class="pl-c1">{</span><span class="pl-en">reveal</span> <span class="pl-en">z</span> <span class="pl-c1">==</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">r</span><span class="pl-c1">)})</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">x</span><span class="pl-c1">:(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">})</span> <span class="pl-c1">=</span> <span class="pl-en">reveal</span> <span class="pl-en">r</span> <span class="pl-k">in</span>
+  <span class="pl-en">return</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-elift2_pq" class="anchor" href="#elift2_pq" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>elift2_pq</h4>
+<p>Mapping a binary function with a refined domain and co-domain over
+a pair of refined erased values producing a refined erased value</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">irreducible</span>
+<span class="pl-k">let</span> <span class="pl-en">elift2_pq</span>
+      <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">(#</span><span class="pl-en">q</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span><span class="pl-c1">{</span><span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">($</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span><span class="pl-c1">{</span><span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">c</span><span class="pl-c1">{</span><span class="pl-en">q</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">})))</span>
+      <span class="pl-c1">(</span><span class="pl-en">ra</span><span class="pl-c1">:</span> <span class="pl-en">erased</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">rb</span><span class="pl-c1">:</span> <span class="pl-en">erased</span> <span class="pl-en">b</span> <span class="pl-c1">{</span><span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">ra</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">rb</span><span class="pl-c1">)})</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">erased</span> <span class="pl-en">c</span> <span class="pl-c1">{</span><span class="pl-en">reveal</span> <span class="pl-en">z</span> <span class="pl-c1">==</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">ra</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">rb</span><span class="pl-c1">)})</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">reveal</span> <span class="pl-en">ra</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">y</span><span class="pl-c1">:(</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span><span class="pl-c1">{</span><span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">})</span> <span class="pl-c1">=</span> <span class="pl-en">reveal</span> <span class="pl-en">rb</span> <span class="pl-k">in</span>
+  <span class="pl-en">return</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Heap.html b/docs/FStar.Heap.html
index 0f8f76d..e2025e6 100644
--- a/docs/FStar.Heap.html
+++ b/docs/FStar.Heap.html
@@ -1,16 +1,20 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Heap</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.heap">module FStar.Heap</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarheap" class="anchor" href="#fstarheap" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Heap</h1>
+<ul>
+<li>Includes module <a href="FStar.Monotonic.Heap.html">FStar.Monotonic.Heap</a>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">trivial_rel</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">:</span><span class="pl-smi">Preorder.</span><span class="pl-en">relation</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">trivial_preorder</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">:</span><span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">trivial_rel</span> <span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">ref</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">=</span> <span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">trivial_preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.HyperStack.All.html b/docs/FStar.HyperStack.All.html
index 8e5b511..c45c628 100644
--- a/docs/FStar.HyperStack.All.html
+++ b/docs/FStar.HyperStack.All.html
@@ -1,16 +1,36 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.HyperStack.All</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.hyperstack.all">module FStar.HyperStack.All</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarhyperstackall" class="anchor" href="#fstarhyperstackall" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.HyperStack.All</h1>
+<ul>
+<li>Includes module <a href="FStar.HyperStack.ST.html">FStar.HyperStack.ST</a>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">all_pre</span> <span class="pl-c1">=</span> <span class="pl-en">all_pre_h</span> <span class="pl-smi">HyperStack.</span><span class="pl-en">mem</span>
+<span class="pl-k">let</span> <span class="pl-en">all_post'</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">pre</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-en">all_post_h'</span> <span class="pl-smi">HyperStack.</span><span class="pl-en">mem</span> <span class="pl-en">a</span> <span class="pl-en">pre</span>
+<span class="pl-k">let</span> <span class="pl-en">all_post</span>  <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-en">all_post_h</span> <span class="pl-smi">HyperStack.</span><span class="pl-en">mem</span> <span class="pl-en">a</span>
+<span class="pl-k">let</span> <span class="pl-en">all_wp</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-en">all_wp_h</span> <span class="pl-smi">HyperStack.</span><span class="pl-en">mem</span> <span class="pl-en">a</span>
+<span class="pl-k">new_effect</span> <span class="pl-c1">ALL</span> <span class="pl-c1">=</span> <span class="pl-c1">ALL_h</span> <span class="pl-smi">HyperStack.</span><span class="pl-en">mem</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">lift_state_all</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp</span><span class="pl-c1">:</span><span class="pl-en">st_wp</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">all_post</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>  <span class="pl-en">wp</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-c1">V</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+<span class="pl-en">sub_effect</span> <span class="pl-c1">STATE</span> <span class="pl-c1">~&gt;</span> <span class="pl-c1">ALL</span> <span class="pl-c1">=</span> <span class="pl-en">lift_state_all</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">lift_exn_all</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp</span><span class="pl-c1">:</span><span class="pl-en">ex_wp</span> <span class="pl-en">a</span><span class="pl-c1">)</span>   <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">all_post</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-smi">HyperStack.</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">wp</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">ra</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-en">ra</span> <span class="pl-en">h</span><span class="pl-c1">)</span>
+<span class="pl-en">sub_effect</span> <span class="pl-c1">EXN</span>   <span class="pl-c1">~&gt;</span> <span class="pl-c1">ALL</span> <span class="pl-c1">=</span> <span class="pl-en">lift_exn_all</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">effect</span> <span class="pl-c1">All</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">pre</span><span class="pl-c1">:</span><span class="pl-en">all_pre</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">post</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">h0</span><span class="pl-c1">:</span><span class="pl-smi">HyperStack.</span><span class="pl-en">mem</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">all_post'</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">pre</span> <span class="pl-en">h0</span><span class="pl-c1">))))</span> <span class="pl-c1">=</span>
+       <span class="pl-c1">ALL</span> <span class="pl-en">a</span>
+           <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">all_post</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-smi">HyperStack.</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">pre</span> <span class="pl-en">h</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">ra</span> <span class="pl-en">h1</span><span class="pl-c1">.</span> <span class="pl-en">post</span> <span class="pl-en">h</span> <span class="pl-en">ra</span> <span class="pl-en">h1</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">p</span> <span class="pl-en">ra</span> <span class="pl-en">h1</span><span class="pl-c1">))</span> <span class="pl-c"><span class="pl-c">(*</span> WP  <span class="pl-c">*)</span></span>
+<span class="pl-en">effect</span> <span class="pl-c1">ML</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">ALL</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">all_post</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-c1">_</span><span class="pl-c1">:</span><span class="pl-smi">HyperStack.</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">result</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-smi">HyperStack.</span><span class="pl-en">mem</span><span class="pl-c1">).</span> <span class="pl-en">p</span> <span class="pl-en">a</span> <span class="pl-en">h</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">pipe_right</span><span class="pl-c1">:</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-smi">'b</span>
+<span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">pipe_left</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-smi">'b</span>
+<span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-k">failwith</span><span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">All</span> <span class="pl-smi">'a</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">h'</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Err</span><span class="pl-c1">?</span> <span class="pl-en">a</span> <span class="pl-c1">/\</span> <span class="pl-en">h</span><span class="pl-c1">==</span><span class="pl-en">h'</span><span class="pl-c1">)</span>
+<span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">exit</span><span class="pl-c1">:</span> <span class="pl-c1">int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-smi">'a</span>
+<span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">try_with</span><span class="pl-c1">:</span> <span class="pl-c1">(unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">exn</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-smi">'a</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.HyperStack.ST.html b/docs/FStar.HyperStack.ST.html
index 38288ef..ba0b85e 100644
--- a/docs/FStar.HyperStack.ST.html
+++ b/docs/FStar.HyperStack.ST.html
@@ -1,106 +1,280 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.HyperStack.ST</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.hyperstack.st">module FStar.HyperStack.ST</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">*** Global ST (GST) effect <span class="kw">with</span> put, get, witness, <span class="kw">and</span> recall ****</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">typeabbrev </code></pre></div>
-<pre><code>WARNING: this effect is unsafe, for C/C++ extraction it shall only be used by
-code that would later extract to OCaml or by library functions</code></pre>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">**** defining predicates <span class="kw">for</span> equal refs <span class="kw">in</span> some regions *****</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">typeabbrev </code></pre></div>
+<h1>
+<a id="user-content-fstarhyperstackst" class="anchor" href="#fstarhyperstackst" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.HyperStack.ST</h1>
+<ul>
+<li>
+<p>Opens module <a href="FStar.HyperStack.html">FStar.HyperStack</a></p>
+</li>
+<li>
+<p>Aliases module <a href="FStar.Monotonic.Witnessed.html"> FStar.Monotonic.Witnessed</a> as <code>W  </code></p>
+</li>
+<li>
+<p>Aliases module <a href="FStar.HyperStack.html"> FStar.HyperStack</a> as <code>HS </code></p>
+</li>
+<li>
+<p>Opens module <a href="FStar.Preorder.html">FStar.Preorder</a></p>
+</li>
+</ul>
+<p>Setting up the preorder for mem</p>
+<p>Starting the predicates that constitute the preorder</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-s"><span class="pl-pds">"</span>opaque_to_smt<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">private</span> <span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">contains_region</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">get_hmap</span> <span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span></pre></div>
+<p>The preorder is the conjunction of above predicates</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mem_rel</span> <span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">mem</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">mem_predicate</span> <span class="pl-c1">=</span> <span class="pl-en">mem</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0</span></pre></div>
+<p>Predicates that we will witness with regions and refs</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">region_contains_pred</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-en">mem_predicate</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">ref_contains_pred</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-en">mem_predicate</span></pre></div>
+<h3>
+<a id="user-content-global-st-gst-effect-with-put-get-witness-and-recall-" class="anchor" href="#global-st-gst-effect-with-put-get-witness-and-recall-" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Global ST (GST) effect with put, get, witness, and recall ****</h3>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">new_effect</span> <span class="pl-c1">GST</span> <span class="pl-c1">=</span> <span class="pl-c1">STATE_h</span> <span class="pl-en">mem</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">gst_pre</span>           <span class="pl-c1">=</span> <span class="pl-en">st_pre_h</span> <span class="pl-en">mem</span>
+<span class="pl-k">let</span> <span class="pl-en">gst_post'</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">pre</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-en">st_post_h'</span> <span class="pl-en">mem</span> <span class="pl-en">a</span> <span class="pl-en">pre</span>
+<span class="pl-k">let</span> <span class="pl-en">gst_post</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-en">st_post_h</span> <span class="pl-en">mem</span> <span class="pl-en">a</span>
+<span class="pl-k">let</span> <span class="pl-en">gst_wp</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span>   <span class="pl-c1">=</span> <span class="pl-en">st_wp_h</span> <span class="pl-en">mem</span> <span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">lift_div_gst</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp</span><span class="pl-c1">:</span><span class="pl-en">pure_wp</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">gst_post</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">wp</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-en">a</span> <span class="pl-en">h</span><span class="pl-c1">)</span>
+<span class="pl-en">sub_effect</span> <span class="pl-c1">DIV</span> <span class="pl-c1">~&gt;</span> <span class="pl-c1">GST</span> <span class="pl-c1">=</span> <span class="pl-en">lift_div_gst</span></pre></div>
+<ul>
+<li>AR: A few notes about the interface:</li>
+<li>
+<pre><code>- The interface closely mimics the interface we formalized in our POPL'18 paper
+</code></pre>
+</li>
+<li>
+<pre><code>- Specifically, `witnessed` is defined for any mem_predicate (not necessarily stable ones)
+</code></pre>
+</li>
+<li>
+<pre><code>- `stable p` is a precondition for `gst_witness`
+</code></pre>
+</li>
+<li>
+<pre><code>- `gst_recall` does not have a precondition for `stable p`, since `gst_witness` is the only way
+</code></pre>
+</li>
+<li>
+<pre><code>  clients would have obtained `witnessed p`, and so, `p` should already be stable
+</code></pre>
+</li>
+<li>
+<pre><code>- `lemma_functoriality` does not require stablility for either `p` or `q`
+</code></pre>
+</li>
+<li>
+<pre><code>  Our metatheory ensures that this is sound (without requiring stability of `q`)
+</code></pre>
+</li>
+<li>
+<pre><code>  This form is useful in defining the MRRef interface (see mr_witness)
+</code></pre>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">stable</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">mem_predicate</span><span class="pl-c1">)</span> <span class="pl-c1">:Type0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">mem_predicate</span><span class="pl-c1">)</span> <span class="pl-c1">:Type0</span></pre></div>
+<p>TODO: we should derive these using DM4F</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">gst_get</span><span class="pl-c1">:</span> <span class="pl-c1">unit</span>    <span class="pl-c1">-&gt;</span> <span class="pl-c1">GST</span> <span class="pl-en">mem</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">p</span> <span class="pl-en">h0</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-en">h0</span> <span class="pl-en">h0</span><span class="pl-c1">)</span>
+<span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">gst_put</span><span class="pl-c1">:</span> <span class="pl-en">h1</span><span class="pl-c1">:</span><span class="pl-en">mem</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GST</span> <span class="pl-c1">unit</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">p</span> <span class="pl-en">h0</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mem_rel</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span> <span class="pl-en">p</span> <span class="pl-c1">()</span> <span class="pl-en">h1</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">gst_witness</span><span class="pl-c1">:</span> <span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">mem_predicate</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GST</span> <span class="pl-c1">unit</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">post</span> <span class="pl-en">h0</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-en">h0</span> <span class="pl-c1">/\</span> <span class="pl-en">stable</span> <span class="pl-en">p</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-en">witnessed</span> <span class="pl-en">p</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">post</span> <span class="pl-c1">()</span> <span class="pl-en">h0</span><span class="pl-c1">))</span>
+<span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">gst_recall</span><span class="pl-c1">:</span>  <span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">mem_predicate</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GST</span> <span class="pl-c1">unit</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">post</span> <span class="pl-en">h0</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">witnessed</span> <span class="pl-en">p</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">h0</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">post</span> <span class="pl-c1">()</span> <span class="pl-en">h0</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_functoriality</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">mem_predicate</span><span class="pl-c1">{</span><span class="pl-en">witnessed</span> <span class="pl-en">p</span><span class="pl-c1">})</span> <span class="pl-c1">(</span><span class="pl-en">q</span><span class="pl-c1">:</span><span class="pl-en">mem_predicate</span><span class="pl-c1">{(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">).</span> <span class="pl-en">p</span> <span class="pl-en">h</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">q</span> <span class="pl-en">h</span><span class="pl-c1">)})</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">witnessed</span> <span class="pl-en">q</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">st_pre</span>   <span class="pl-c1">=</span> <span class="pl-en">gst_pre</span>
+<span class="pl-k">let</span> <span class="pl-en">st_post'</span> <span class="pl-c1">=</span> <span class="pl-en">gst_post'</span>
+<span class="pl-k">let</span> <span class="pl-en">st_post</span>  <span class="pl-c1">=</span> <span class="pl-en">gst_post</span>
+<span class="pl-k">let</span> <span class="pl-en">st_wp</span>    <span class="pl-c1">=</span> <span class="pl-en">gst_wp</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">new_effect</span> <span class="pl-c1">STATE</span> <span class="pl-c1">=</span> <span class="pl-c1">GST</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">lift_gst_state</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp</span><span class="pl-c1">:</span><span class="pl-en">gst_wp</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">wp</span>
+<span class="pl-en">sub_effect</span> <span class="pl-c1">GST</span> <span class="pl-c1">~&gt;</span> <span class="pl-c1">STATE</span> <span class="pl-c1">=</span> <span class="pl-en">lift_gst_state</span></pre></div>
+<p>effect State (a:Type) (wp:st_wp a) =</p>
+<p>STATE a wp</p>
+<h4>
+<a id="user-content-unsafe" class="anchor" href="#unsafe" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Unsafe</h4>
+<p>WARNING: this effect is unsafe, for C/C++ extraction it shall only be used by
+code that would later extract to OCaml or by library functions</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">effect</span> <span class="pl-c1">Unsafe</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">pre</span><span class="pl-c1">:</span><span class="pl-en">st_pre</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">post</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">m0</span><span class="pl-c1">:</span><span class="pl-en">mem</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">st_post'</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">pre</span> <span class="pl-en">m0</span><span class="pl-c1">))))</span> <span class="pl-c1">=</span>
+       <span class="pl-c1">STATE</span> <span class="pl-en">a</span>
+             <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">st_post</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">pre</span> <span class="pl-en">h</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">a</span> <span class="pl-en">h1</span><span class="pl-c1">.</span> <span class="pl-en">pre</span> <span class="pl-en">h</span> <span class="pl-c1">/\</span> <span class="pl-en">post</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">h1</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">p</span> <span class="pl-en">a</span> <span class="pl-en">h1</span><span class="pl-c1">))</span> <span class="pl-c"><span class="pl-c">(*</span> WP <span class="pl-c">*)</span></span></pre></div>
+<p>***** defining predicates for equal refs in some regions *****</p>
+<p>//  * AR: (may be this is an overkill)
+//  *     various effects below talk about refs being equal in some regions (all regions, stack regions, etc.)
+//  *     this was done by defining, for example, an equal_dom predicate with a (forall (r:rid)) quantifier
+//  *     this quantifier was only guarded with Map.contains (HS.get_hmap m) r
+//  *     which meant it could fire for all the contained regions
+//  *
+//  *     instead now we define abstract predicates, e.g. same_refs_in_all_regions, and provide intro and elim forms
+//  *     the advantage is that, the (lemma) quantifiers are now guarded additionally by same_refs_in_all_regions kind
+//  *       of predicates, and hence should fire more contextually
+//  *     should profile the queries to see if it actually helps
+//</p>
+<p>//  * marking these opaque, since expect them to be unfolded away beforehand
+//</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-s"><span class="pl-pds">"</span>opaque_to_smt<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">unfold</span> <span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">equal_heap_dom</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">:Type0</span>
+  <span class="pl-c1">=</span> <span class="pl-smi">Heap.</span><span class="pl-en">equal_dom</span> <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-en">m0</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">sel</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-en">m1</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">sel</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-s"><span class="pl-pds">"</span>opaque_to_smt<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">unfold</span> <span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">contained_region</span> <span class="pl-c1">:</span><span class="pl-en">mem</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mem</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">rid</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0</span>
+  <span class="pl-c1">=</span> <span class="pl-k">fun</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m0</span> <span class="pl-c1">`</span><span class="pl-en">contains_region</span><span class="pl-c1">`</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span> <span class="pl-en">m1</span> <span class="pl-c1">`</span><span class="pl-en">contains_region</span><span class="pl-c1">`</span> <span class="pl-en">r</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-s"><span class="pl-pds">"</span>opaque_to_smt<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">unfold</span> <span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">contained_stack_region</span> <span class="pl-c1">:</span><span class="pl-en">mem</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mem</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">rid</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0</span>
+  <span class="pl-c1">=</span> <span class="pl-k">fun</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">is_stack_region</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span> <span class="pl-en">contained_region</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span> <span class="pl-en">r</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-s"><span class="pl-pds">"</span>opaque_to_smt<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">unfold</span> <span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">contained_non_tip_region</span> <span class="pl-c1">:</span><span class="pl-en">mem</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mem</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">rid</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0</span>
+  <span class="pl-c1">=</span> <span class="pl-k">fun</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span> <span class="pl-c1">=</span>!<span class="pl-c1">=</span> <span class="pl-en">get_tip</span> <span class="pl-en">m0</span> <span class="pl-c1">/\</span> <span class="pl-en">r</span> <span class="pl-c1">=</span>!<span class="pl-c1">=</span> <span class="pl-en">get_tip</span> <span class="pl-en">m1</span> <span class="pl-c1">/\</span> <span class="pl-en">contained_region</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span> <span class="pl-en">r</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-s"><span class="pl-pds">"</span>opaque_to_smt<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">unfold</span> <span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">contained_non_tip_stack_region</span> <span class="pl-c1">:</span><span class="pl-en">mem</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mem</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">rid</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0</span>
+  <span class="pl-c1">=</span> <span class="pl-k">fun</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">is_stack_region</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span> <span class="pl-en">contained_non_tip_region</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span> <span class="pl-en">r</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-s"><span class="pl-pds">"</span>opaque_to_smt<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">unfold</span> <span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">same_refs_common</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">mem</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mem</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">rid</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">(</span><span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">).</span> <span class="pl-en">p</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span> <span class="pl-en">r</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">equal_heap_dom</span> <span class="pl-en">r</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span></pre></div>
+<p>predicates</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">same_refs_in_all_regions</span> <span class="pl-c1">(</span><span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">:Type0</span>
+<span class="pl-k">val</span> <span class="pl-en">same_refs_in_stack_regions</span> <span class="pl-c1">(</span><span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">:Type0</span>
+<span class="pl-k">val</span> <span class="pl-en">same_refs_in_non_tip_regions</span> <span class="pl-c1">(</span><span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">:Type0</span>
+<span class="pl-k">val</span> <span class="pl-en">same_refs_in_non_tip_stack_regions</span> <span class="pl-c1">(</span><span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">:Type0</span></pre></div>
+<p>intro and elim forms</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_same_refs_in_all_regions_intro</span> <span class="pl-c1">(</span><span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">same_refs_common</span> <span class="pl-en">contained_region</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">same_refs_in_all_regions</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">))</span>
+     <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">same_refs_in_all_regions</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">)]</span>
+<span class="pl-k">val</span> <span class="pl-en">lemma_same_refs_in_all_regions_elim</span> <span class="pl-c1">(</span><span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">same_refs_in_all_regions</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span> <span class="pl-c1">/\</span> <span class="pl-en">contained_region</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span> <span class="pl-en">r</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">equal_heap_dom</span> <span class="pl-en">r</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">))</span>
+     <span class="pl-c1">[</span><span class="pl-k">SMTPatOr</span> <span class="pl-c1">[[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">same_refs_in_all_regions</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">m0</span> <span class="pl-c1">`</span><span class="pl-en">contains_region</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">)];</span>
+                    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">same_refs_in_all_regions</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">m1</span> <span class="pl-c1">`</span><span class="pl-en">contains_region</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">)]]]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_same_refs_in_stack_regions_intro</span> <span class="pl-c1">(</span><span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">same_refs_common</span> <span class="pl-en">contained_stack_region</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">same_refs_in_stack_regions</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">))</span>
+     <span class="pl-c1">[</span><span class="pl-k">SMTPat</span>  <span class="pl-c1">(</span><span class="pl-en">same_refs_in_stack_regions</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">)]</span>
+<span class="pl-k">val</span> <span class="pl-en">lemma_same_refs_in_stack_regions_elim</span> <span class="pl-c1">(</span><span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">same_refs_in_stack_regions</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span> <span class="pl-c1">/\</span> <span class="pl-en">contained_stack_region</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span> <span class="pl-en">r</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">equal_heap_dom</span> <span class="pl-en">r</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">))</span>
+     <span class="pl-c1">[</span><span class="pl-k">SMTPatOr</span> <span class="pl-c1">[[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">same_refs_in_stack_regions</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">is_stack_region</span> <span class="pl-en">r</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">m0</span> <span class="pl-c1">`</span><span class="pl-en">contains_region</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">)];</span>
+                    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">same_refs_in_stack_regions</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">is_stack_region</span> <span class="pl-en">r</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">m1</span> <span class="pl-c1">`</span><span class="pl-en">contains_region</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">)]]]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_same_refs_in_non_tip_regions_intro</span> <span class="pl-c1">(</span><span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">same_refs_common</span> <span class="pl-en">contained_non_tip_region</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">same_refs_in_non_tip_regions</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">))</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">same_refs_in_non_tip_regions</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_same_refs_in_non_tip_regions_elim</span> <span class="pl-c1">(</span><span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">same_refs_in_non_tip_regions</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span> <span class="pl-c1">/\</span> <span class="pl-en">contained_non_tip_region</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span> <span class="pl-en">r</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">equal_heap_dom</span> <span class="pl-en">r</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">))</span>
+     <span class="pl-c1">[</span><span class="pl-k">SMTPatOr</span> <span class="pl-c1">[[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">same_refs_in_non_tip_regions</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">m0</span> <span class="pl-c1">`</span><span class="pl-en">contains_region</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">)];</span>
+                    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">same_refs_in_non_tip_regions</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">m1</span> <span class="pl-c1">`</span><span class="pl-en">contains_region</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">)]]]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_same_refs_in_non_tip_stack_regions_intro</span> <span class="pl-c1">(</span><span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">same_refs_common</span> <span class="pl-en">contained_non_tip_stack_region</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">same_refs_in_non_tip_stack_regions</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">))</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">same_refs_in_non_tip_stack_regions</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">)]</span>
+<span class="pl-k">val</span> <span class="pl-en">lemma_same_refs_in_non_tip_stack_regions_elim</span> <span class="pl-c1">(</span><span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">same_refs_in_non_tip_stack_regions</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span> <span class="pl-c1">/\</span> <span class="pl-en">contained_non_tip_stack_region</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">equal_heap_dom</span> <span class="pl-en">r</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">))</span>
+     <span class="pl-c1">[</span><span class="pl-k">SMTPatOr</span> <span class="pl-c1">[[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">same_refs_in_non_tip_stack_regions</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">is_stack_region</span> <span class="pl-en">r</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">m0</span> <span class="pl-c1">`</span><span class="pl-en">contains_region</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">);];</span>
+                    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">same_refs_in_non_tip_stack_regions</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">is_stack_region</span> <span class="pl-en">r</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">m1</span> <span class="pl-c1">`</span><span class="pl-en">contains_region</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">)]]]</span></pre></div>
+<hr>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">equal_domains</span> <span class="pl-c1">(</span><span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">get_tip</span> <span class="pl-en">m0</span> <span class="pl-c1">==</span> <span class="pl-en">get_tip</span> <span class="pl-en">m1</span> <span class="pl-c1">/\</span>
+  <span class="pl-smi">Set.</span><span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-smi">Map.</span><span class="pl-en">domain</span> <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-en">m0</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-smi">Map.</span><span class="pl-en">domain</span> <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-en">m1</span><span class="pl-c1">))</span> <span class="pl-c1">/\</span>
+  <span class="pl-en">same_refs_in_all_regions</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_equal_domains_trans</span> <span class="pl-c1">(</span><span class="pl-en">m0</span> <span class="pl-en">m1</span> <span class="pl-en">m2</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">equal_domains</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span> <span class="pl-c1">/\</span> <span class="pl-en">equal_domains</span> <span class="pl-en">m1</span> <span class="pl-en">m2</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">equal_domains</span> <span class="pl-en">m0</span> <span class="pl-en">m2</span><span class="pl-c1">))</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">equal_domains</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">equal_domains</span> <span class="pl-en">m1</span> <span class="pl-en">m2</span><span class="pl-c1">)]</span></pre></div>
+<h4>
+<a id="user-content-stack" class="anchor" href="#stack" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Stack</h4>
 <ul>
 <li>Effect of stacked based code: the 'equal_domains' clause enforces that</li>
-<li><ul>
+<li>
+<ul>
 <li>both mem have the same tip</li>
-</ul></li>
-<li><ul>
+</ul>
+</li>
+<li>
+<ul>
 <li>both mem reference the same heaps (their map: rid -&gt; heap have the same domain)</li>
-</ul></li>
-<li><ul>
+</ul>
+</li>
+<li>
+<ul>
 <li>in each region id, the corresponding heaps contain the same references on both sides</li>
-</ul></li>
 </ul>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">typeabbrev </code></pre></div>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">effect</span> <span class="pl-c1">Stack</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">pre</span><span class="pl-c1">:</span><span class="pl-en">st_pre</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">post</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">m0</span><span class="pl-c1">:</span><span class="pl-en">mem</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">st_post'</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">pre</span> <span class="pl-en">m0</span><span class="pl-c1">))))</span> <span class="pl-c1">=</span>
+       <span class="pl-c1">STATE</span> <span class="pl-en">a</span>
+             <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">st_post</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">pre</span> <span class="pl-en">h</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">a</span> <span class="pl-en">h1</span><span class="pl-c1">.</span> <span class="pl-c1">(</span><span class="pl-en">pre</span> <span class="pl-en">h</span> <span class="pl-c1">/\</span> <span class="pl-en">post</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span> <span class="pl-en">equal_domains</span> <span class="pl-en">h</span> <span class="pl-en">h1</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">p</span> <span class="pl-en">a</span> <span class="pl-en">h1</span><span class="pl-c1">))</span> <span class="pl-c"><span class="pl-c">(*</span> WP <span class="pl-c">*)</span></span></pre></div>
+<h4>
+<a id="user-content-heap" class="anchor" href="#heap" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Heap</h4>
 <ul>
 <li>Effect of heap-based code.</li>
-<li><ul>
+<li>
+<ul>
 <li>assumes that the stack is empty (tip = root)</li>
-</ul></li>
-<li><ul>
+</ul>
+</li>
+<li>
+<ul>
 <li>corresponds to the HyperHeap ST effect</li>
-</ul></li>
-<li><ul>
+</ul>
+</li>
+<li>
+<ul>
 <li>can call to Stack and ST code freely</li>
-</ul></li>
-<li><ul>
+</ul>
+</li>
+<li>
+<ul>
 <li>respects the stack invariant: the stack has to be empty when returning</li>
-</ul></li>
 </ul>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">typeabbrev </code></pre></div>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">effect</span> <span class="pl-c1">Heap</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">pre</span><span class="pl-c1">:</span><span class="pl-en">st_pre</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">post</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">m0</span><span class="pl-c1">:</span><span class="pl-en">mem</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">st_post'</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">pre</span> <span class="pl-en">m0</span><span class="pl-c1">))))</span> <span class="pl-c1">=</span>
+       <span class="pl-c1">STATE</span> <span class="pl-en">a</span>
+             <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">st_post</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">pre</span> <span class="pl-en">h</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">a</span> <span class="pl-en">h1</span><span class="pl-c1">.</span> <span class="pl-c1">(</span><span class="pl-en">pre</span> <span class="pl-en">h</span> <span class="pl-c1">/\</span> <span class="pl-en">post</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span> <span class="pl-en">get_tip</span> <span class="pl-en">h</span> <span class="pl-c1">=</span> <span class="pl-smi">HS.</span><span class="pl-en">root</span> <span class="pl-c1">/\</span> <span class="pl-en">get_tip</span> <span class="pl-en">h1</span> <span class="pl-c1">=</span> <span class="pl-smi">HS.</span><span class="pl-en">root</span> <span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">p</span> <span class="pl-en">a</span> <span class="pl-en">h1</span><span class="pl-c1">))</span> <span class="pl-c"><span class="pl-c">(*</span> WP <span class="pl-c">*)</span></span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">equal_stack_domains</span> <span class="pl-c1">(</span><span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">get_tip</span> <span class="pl-en">m0</span> <span class="pl-c1">==</span> <span class="pl-en">get_tip</span> <span class="pl-en">m1</span> <span class="pl-c1">/\</span>
+  <span class="pl-en">same_refs_in_stack_regions</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span></pre></div>
+<h4>
+<a id="user-content-st" class="anchor" href="#st" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>ST</h4>
 <ul>
 <li>Effect of low-level code:</li>
-<li><ul>
+<li>
+<ul>
 <li>maintains the allocation invariant on the stack: no allocation unless in a new frame that has to be popped before returning</li>
-</ul></li>
-<li><ul>
+</ul>
+</li>
+<li>
+<ul>
 <li>not constraints on heap allocation</li>
-</ul></li>
 </ul>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">typeabbrev </code></pre></div>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">effect</span> <span class="pl-c1">ST</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">pre</span><span class="pl-c1">:</span><span class="pl-en">st_pre</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">post</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">m0</span><span class="pl-c1">:</span><span class="pl-en">mem</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">st_post'</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">pre</span> <span class="pl-en">m0</span><span class="pl-c1">))))</span> <span class="pl-c1">=</span>
+       <span class="pl-c1">STATE</span> <span class="pl-en">a</span>
+             <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">st_post</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">pre</span> <span class="pl-en">h</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">a</span> <span class="pl-en">h1</span><span class="pl-c1">.</span> <span class="pl-c1">(</span><span class="pl-en">pre</span> <span class="pl-en">h</span> <span class="pl-c1">/\</span> <span class="pl-en">post</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span> <span class="pl-en">equal_stack_domains</span> <span class="pl-en">h</span> <span class="pl-en">h1</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">p</span> <span class="pl-en">a</span> <span class="pl-en">h1</span><span class="pl-c1">))</span> <span class="pl-c"><span class="pl-c">(*</span> WP <span class="pl-c">*)</span></span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">effect</span> <span class="pl-c1">St</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-c1">ST</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">inline_stack_inv</span> <span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span> <span class="pl-c1">=</span></pre></div>
+<p>The frame invariant is enforced</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">get_tip</span> <span class="pl-en">h</span> <span class="pl-c1">==</span> <span class="pl-en">get_tip</span> <span class="pl-en">h'</span> <span class="pl-c1">/\</span></pre></div>
+<p>The heap structure is unchanged</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-smi">Map.</span><span class="pl-en">domain</span> <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-en">h</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-smi">Map.</span><span class="pl-en">domain</span> <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-en">h'</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span></pre></div>
+<p>Any region that is not the tip has no seen any allocation</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">same_refs_in_non_tip_regions</span> <span class="pl-en">h</span> <span class="pl-en">h'</span></pre></div>
+<h4>
+<a id="user-content-stackinline" class="anchor" href="#stackinline" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>StackInline</h4>
 <ul>
 <li>Effect that indicates to the Kremlin compiler that allocation may occur in the caller's frame.</li>
 <li>In other terms, the backend has to unfold the body into the caller's body.</li>
 <li>This effect maintains the stack AND the heap invariant: it can be inlined in the Stack effect</li>
 <li>function body as well as in a Heap effect function body</li>
 </ul>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">typeabbrev </code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">effect</span> <span class="pl-c1">StackInline</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">pre</span><span class="pl-c1">:</span><span class="pl-en">st_pre</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">post</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">m0</span><span class="pl-c1">:</span><span class="pl-en">mem</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">st_post'</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">pre</span> <span class="pl-en">m0</span><span class="pl-c1">))))</span> <span class="pl-c1">=</span>
+       <span class="pl-c1">STATE</span> <span class="pl-en">a</span>
+             <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">st_post</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">pre</span> <span class="pl-en">h</span> <span class="pl-c1">/\</span> <span class="pl-en">is_stack_region</span> <span class="pl-c1">(</span><span class="pl-en">get_tip</span> <span class="pl-en">h</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">a</span> <span class="pl-en">h1</span><span class="pl-c1">.</span> <span class="pl-c1">(</span><span class="pl-en">pre</span> <span class="pl-en">h</span> <span class="pl-c1">/\</span> <span class="pl-en">post</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span> <span class="pl-en">inline_stack_inv</span> <span class="pl-en">h</span> <span class="pl-en">h1</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">p</span> <span class="pl-en">a</span> <span class="pl-en">h1</span><span class="pl-c1">))</span> <span class="pl-c"><span class="pl-c">(*</span> WP <span class="pl-c">*)</span></span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">inline_inv</span> <span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span> <span class="pl-c1">=</span></pre></div>
+<p>The stack invariant is enforced</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">get_tip</span> <span class="pl-en">h</span> <span class="pl-c1">==</span> <span class="pl-en">get_tip</span> <span class="pl-en">h'</span> <span class="pl-c1">/\</span></pre></div>
+<p>No frame may have received an allocation but the tip</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">same_refs_in_non_tip_stack_regions</span> <span class="pl-en">h</span> <span class="pl-en">h'</span></pre></div>
+<h4>
+<a id="user-content-inline" class="anchor" href="#inline" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Inline</h4>
 <ul>
 <li>Effect that indicates to the Kremlin compiler that allocation may occur in the caller's frame.</li>
 <li>In other terms, the backend has to unfold the body into the caller's body.</li>
@@ -109,45 +283,300 @@ <h1 id="module-fstar.hyperstack.st">module FStar.HyperStack.ST</h1>
 <li>Region allocation is not constrained.</li>
 <li>Heap allocation is not constrained.</li>
 </ul>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">typeabbrev </code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">effect</span> <span class="pl-c1">Inline</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">pre</span><span class="pl-c1">:</span><span class="pl-en">st_pre</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">post</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">m0</span><span class="pl-c1">:</span><span class="pl-en">mem</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">st_post'</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">pre</span> <span class="pl-en">m0</span><span class="pl-c1">))))</span> <span class="pl-c1">=</span>
+       <span class="pl-c1">STATE</span> <span class="pl-en">a</span>
+             <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">st_post</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">pre</span> <span class="pl-en">h</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">a</span> <span class="pl-en">h1</span><span class="pl-c1">.</span> <span class="pl-c1">(</span><span class="pl-en">pre</span> <span class="pl-en">h</span> <span class="pl-c1">/\</span> <span class="pl-en">post</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span> <span class="pl-en">inline_inv</span> <span class="pl-en">h</span> <span class="pl-en">h1</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">p</span> <span class="pl-en">a</span> <span class="pl-en">h1</span><span class="pl-c1">))</span> <span class="pl-c"><span class="pl-c">(*</span> WP <span class="pl-c">*)</span></span></pre></div>
+<h4>
+<a id="user-content-stl" class="anchor" href="#stl" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>STL</h4>
 <ul>
 <li>TODO:</li>
 <li>REMOVE AS SOON AS CONSENSUS IS REACHED ON NEW LOW EFFECT NAMES</li>
 </ul>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> push_frame:uu___80:<span class="dt">unit</span> -&gt; (Unsafe <span class="dt">unit</span> ((requires ((<span class="kw">fun</span> m -&gt; True)))) ((ensures ((<span class="kw">fun</span> (m0:mem) _ (m1:mem) -&gt; fresh_frame m0 m1)))))</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">effect</span> <span class="pl-c1">STL</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">pre</span><span class="pl-c1">:</span><span class="pl-en">st_pre</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">post</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">m0</span><span class="pl-c1">:</span><span class="pl-en">mem</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">st_post'</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">pre</span> <span class="pl-en">m0</span><span class="pl-c1">))))</span> <span class="pl-c1">=</span> <span class="pl-c1">Stack</span> <span class="pl-en">a</span> <span class="pl-en">pre</span> <span class="pl-en">post</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">sub_effect</span>
+  <span class="pl-c1">DIV</span>   <span class="pl-c1">~&gt;</span> <span class="pl-c1">STATE</span> <span class="pl-c1">=</span> <span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp</span><span class="pl-c1">:</span><span class="pl-en">pure_wp</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">st_post</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">wp</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-en">a</span> <span class="pl-en">h</span><span class="pl-c1">)</span></pre></div>
+<ul>
+<li>AR: The clients should open HyperStack.ST after the memory model files (as with Heap and FStar.ST)</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">mreference</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">{</span><span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">ref_contains_pred</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+                        <span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">region_contains_pred</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">r</span><span class="pl-c1">))}</span>
+<span class="pl-k">type</span> <span class="pl-en">mstackref</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-smi">HS.</span><span class="pl-en">mstackref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">{</span><span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">ref_contains_pred</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+                       <span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">region_contains_pred</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">r</span><span class="pl-c1">))}</span>
+<span class="pl-k">type</span> <span class="pl-en">mref</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-smi">HS.</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">{</span><span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">ref_contains_pred</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+                  <span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">region_contains_pred</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">r</span><span class="pl-c1">))}</span>
+<span class="pl-k">type</span> <span class="pl-en">mmmstackref</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-smi">HS.</span><span class="pl-en">mmmstackref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">{</span><span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">ref_contains_pred</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+                         <span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">region_contains_pred</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">r</span><span class="pl-c1">))}</span>
+<span class="pl-k">type</span> <span class="pl-en">mmmref</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-smi">HS.</span><span class="pl-en">mmmref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">{</span><span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">ref_contains_pred</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+                    <span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">region_contains_pred</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">r</span><span class="pl-c1">))}</span>
+<span class="pl-k">type</span> <span class="pl-en">s_mref</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-smi">HS.</span><span class="pl-en">s_mref</span> <span class="pl-en">i</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">{</span><span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">ref_contains_pred</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+                      <span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">region_contains_pred</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">r</span><span class="pl-c1">))}</span>
+<span class="pl-k">type</span> <span class="pl-en">reference</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-smi">Heap.</span><span class="pl-en">trivial_preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-k">type</span> <span class="pl-en">stackref</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-en">mstackref</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-smi">Heap.</span><span class="pl-en">trivial_preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-k">type</span> <span class="pl-en">ref</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-smi">Heap.</span><span class="pl-en">trivial_preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-k">type</span> <span class="pl-en">mmstackref</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-en">mmmstackref</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-smi">Heap.</span><span class="pl-en">trivial_preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-k">type</span> <span class="pl-en">mmref</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-en">mmmref</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-smi">Heap.</span><span class="pl-en">trivial_preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-k">type</span> <span class="pl-en">s_ref</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-en">s_mref</span> <span class="pl-en">i</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-smi">Heap.</span><span class="pl-en">trivial_preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">is_eternal_region</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">:Type0</span>
+  <span class="pl-c1">=</span> <span class="pl-smi">HS.</span><span class="pl-en">is_eternal_region_hs</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-smi">HS.</span><span class="pl-en">root</span> <span class="pl-c1">\/</span> <span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">region_contains_pred</span> <span class="pl-en">r</span><span class="pl-c1">))</span></pre></div>
+<ul>
+<li>AR: The change to using ST.rid may not be that bad itself,</li>
+<li>
+<pre><code>since subtyping should take care of most instances in the client usage.
+</code></pre>
+</li>
+<li>
+<pre><code>However, one case where it could be an issue is modifies clauses that use
+</code></pre>
+</li>
+<li>
+<pre><code>Set.set rid.
+</code></pre>
+</li>
+</ul>
+<h4>
+<a id="user-content-push_frame" class="anchor" href="#push_frame" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>push_frame</h4>
 <p>Pushes a new empty frame on the stack *</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> pop_frame:uu___81:<span class="dt">unit</span> -&gt; (Unsafe <span class="dt">unit</span> ((requires ((<span class="kw">fun</span> m -&gt; poppable m)))) ((ensures ((<span class="kw">fun</span> (m0:mem) _ (m1:mem) -&gt; /\(/\(poppable m0, ==(m1, pop m0)), popped m0 m1))))))</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">push_frame</span> <span class="pl-c1">(</span><span class="pl-c1">_</span><span class="pl-c1">:unit)</span> <span class="pl-c1">:</span><span class="pl-c1">Unsafe</span> <span class="pl-c1">unit</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">m</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">m0</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">_</span> <span class="pl-c1">(</span><span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fresh_frame</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-pop_frame" class="anchor" href="#pop_frame" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>pop_frame</h4>
 <p>Removes old frame from the stack *</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> salloc:#a:Type -&gt; #rel:preorder a -&gt; init:a -&gt; (StackInline (mstackref a rel) ((requires ((<span class="kw">fun</span> m -&gt; is_stack_region (get_tip m))))) ((ensures salloc_post init)))</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">pop_frame</span> <span class="pl-c1">(</span><span class="pl-c1">_</span><span class="pl-c1">:unit)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Unsafe</span> <span class="pl-c1">unit</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">m</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">poppable</span> <span class="pl-en">m</span><span class="pl-c1">))</span>
+               <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">m0</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">_</span> <span class="pl-c1">(</span><span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">poppable</span> <span class="pl-en">m0</span> <span class="pl-c1">/\</span> <span class="pl-en">m1</span> <span class="pl-c1">==</span> <span class="pl-en">pop</span> <span class="pl-en">m0</span> <span class="pl-c1">/\</span> <span class="pl-en">popped</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">salloc_post</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">init</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m0</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+                <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">{</span><span class="pl-en">is_stack_region</span> <span class="pl-c1">(</span><span class="pl-en">frameOf</span> <span class="pl-en">s</span><span class="pl-c1">)})</span> <span class="pl-c1">(</span><span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-en">is_stack_region</span> <span class="pl-c1">(</span><span class="pl-en">get_tip</span> <span class="pl-en">m0</span><span class="pl-c1">)</span>                          <span class="pl-c1">/\</span>
+    <span class="pl-smi">Map.</span><span class="pl-en">domain</span> <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-en">m0</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-smi">Map.</span><span class="pl-en">domain</span> <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-en">m1</span><span class="pl-c1">)</span>  <span class="pl-c1">/\</span>
+    <span class="pl-en">get_tip</span> <span class="pl-en">m0</span> <span class="pl-c1">==</span> <span class="pl-en">get_tip</span> <span class="pl-en">m1</span>                              <span class="pl-c1">/\</span>
+    <span class="pl-en">frameOf</span> <span class="pl-en">s</span>   <span class="pl-c1">=</span> <span class="pl-en">get_tip</span> <span class="pl-en">m1</span>                              <span class="pl-c1">/\</span>
+    <span class="pl-smi">HS.</span><span class="pl-en">fresh_ref</span> <span class="pl-en">s</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span>                                  <span class="pl-c1">/\</span>  <span class="pl-c">//it's a fresh reference in the top frame</span>
+    <span class="pl-en">m1</span> <span class="pl-c1">==</span> <span class="pl-smi">HyperStack.</span><span class="pl-en">upd</span> <span class="pl-en">m0</span> <span class="pl-en">s</span> <span class="pl-en">init</span>  <span class="pl-c">//and it's been initialized</span></pre></div>
+<h4>
+<a id="user-content-salloc" class="anchor" href="#salloc" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>salloc</h4>
 <ul>
 <li>Allocates on the top-most stack frame</li>
 </ul>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> op_Colon_Equals:#a:Type -&gt; #rel:preorder a -&gt; r:mreference a rel -&gt; v:a -&gt; (STL <span class="dt">unit</span> ((requires ((<span class="kw">fun</span> m -&gt; /\(is_live_for_rw_in r m, rel (HS<span class="kw">.</span>sel m r) v))))) ((ensures (assign_post r v))))</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">salloc</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">init</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">StackInline</span> <span class="pl-c1">(</span><span class="pl-en">mstackref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">m</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">is_stack_region</span> <span class="pl-c1">(</span><span class="pl-en">get_tip</span> <span class="pl-en">m</span><span class="pl-c1">)))</span>
+                                 <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-en">salloc_post</span> <span class="pl-en">init</span><span class="pl-c1">)</span></pre></div>
+<p>JP, AR: these are not supported in C, and <a href="#salloc"><code>salloc</code></a> already benefits from
+automatic memory management.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@ <span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>use salloc instead<span class="pl-pds">"</span></span><span class="pl-c1">)</span> <span class="pl-c1">]</span>
+<span class="pl-k">val</span> <span class="pl-en">salloc_mm</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">init</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">StackInline</span> <span class="pl-c1">(</span><span class="pl-en">mmmstackref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">m</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">is_stack_region</span> <span class="pl-c1">(</span><span class="pl-en">get_tip</span> <span class="pl-en">m</span><span class="pl-c1">)))</span>
+                                   <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-en">salloc_post</span> <span class="pl-en">init</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@ <span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>use salloc instead<span class="pl-pds">"</span></span><span class="pl-c1">)</span> <span class="pl-c1">]</span>
+<span class="pl-k">val</span> <span class="pl-en">sfree</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mmmstackref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">StackInline</span> <span class="pl-c1">unit</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">m0</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">frameOf</span> <span class="pl-en">r</span> <span class="pl-c1">=</span> <span class="pl-en">get_tip</span> <span class="pl-en">m0</span> <span class="pl-c1">/\</span> <span class="pl-en">m0</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+                    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">m0</span> <span class="pl-c1">_</span> <span class="pl-en">m1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m0</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span> <span class="pl-en">m1</span> <span class="pl-c1">==</span> <span class="pl-smi">HS.</span><span class="pl-en">free</span> <span class="pl-en">r</span> <span class="pl-en">m0</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">new_region_post_common</span> <span class="pl-c1">(</span><span class="pl-en">r0</span> <span class="pl-en">r1</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">r1</span> <span class="pl-c1">`</span><span class="pl-smi">HS.</span><span class="pl-en">extends</span><span class="pl-c1">`</span> <span class="pl-en">r0</span> <span class="pl-c1">/\</span>
+  <span class="pl-smi">HS.</span><span class="pl-en">fresh_region</span> <span class="pl-en">r1</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span> <span class="pl-c1">/\</span>
+  <span class="pl-en">get_hmap</span> <span class="pl-en">m1</span> <span class="pl-c1">==</span> <span class="pl-smi">Map.</span><span class="pl-en">upd</span> <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-en">m0</span><span class="pl-c1">)</span> <span class="pl-en">r1</span> <span class="pl-smi">Heap.</span><span class="pl-en">emp</span> <span class="pl-c1">/\</span>
+  <span class="pl-en">get_tip</span> <span class="pl-en">m1</span> <span class="pl-c1">==</span> <span class="pl-en">get_tip</span> <span class="pl-en">m0</span> <span class="pl-c1">/\</span>
+  <span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">m0</span> <span class="pl-en">r0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">new_region</span> <span class="pl-c1">(</span><span class="pl-en">r0</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">ST</span> <span class="pl-en">rid</span>
+      <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">m</span>        <span class="pl-c1">-&gt;</span> <span class="pl-en">is_eternal_region</span> <span class="pl-en">r0</span><span class="pl-c1">))</span>
+      <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">m0</span> <span class="pl-en">r1</span> <span class="pl-en">m1</span> <span class="pl-c1">-&gt;</span>
+                 <span class="pl-en">new_region_post_common</span> <span class="pl-en">r0</span> <span class="pl-en">r1</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span>               <span class="pl-c1">/\</span>
+         <span class="pl-smi">HS.</span><span class="pl-en">color</span> <span class="pl-en">r1</span> <span class="pl-c1">=</span> <span class="pl-smi">HS.</span><span class="pl-en">color</span> <span class="pl-en">r0</span>                        <span class="pl-c1">/\</span>
+         <span class="pl-en">is_eternal_region</span> <span class="pl-en">r1</span>                             <span class="pl-c1">/\</span>
+                 <span class="pl-c1">(</span><span class="pl-en">r1</span><span class="pl-c1">,</span> <span class="pl-en">m1</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-smi">HS.</span><span class="pl-en">new_eternal_region</span> <span class="pl-en">m0</span> <span class="pl-en">r0</span> <span class="pl-c1">None</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">new_colored_region</span> <span class="pl-c1">(</span><span class="pl-en">r0</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:int)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">ST</span> <span class="pl-en">rid</span>
+      <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">m</span>       <span class="pl-c1">-&gt;</span> <span class="pl-smi">HS.</span><span class="pl-en">is_heap_color</span> <span class="pl-en">c</span> <span class="pl-c1">/\</span> <span class="pl-en">is_eternal_region</span> <span class="pl-en">r0</span><span class="pl-c1">))</span>
+      <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">m0</span> <span class="pl-en">r1</span> <span class="pl-en">m1</span> <span class="pl-c1">-&gt;</span>
+                <span class="pl-en">new_region_post_common</span> <span class="pl-en">r0</span> <span class="pl-en">r1</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span>               <span class="pl-c1">/\</span>
+            <span class="pl-smi">HS.</span><span class="pl-en">color</span> <span class="pl-en">r1</span> <span class="pl-c1">=</span> <span class="pl-en">c</span>                                  <span class="pl-c1">/\</span>
+        <span class="pl-en">is_eternal_region</span> <span class="pl-en">r1</span>                             <span class="pl-c1">/\</span>
+                <span class="pl-c1">(</span><span class="pl-en">r1</span><span class="pl-c1">,</span> <span class="pl-en">m1</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-smi">HS.</span><span class="pl-en">new_eternal_region</span> <span class="pl-en">m0</span> <span class="pl-en">r0</span> <span class="pl-c1">(</span><span class="pl-c1">Some</span> <span class="pl-en">c</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">ralloc_post</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">init</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m0</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+                       <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">region_i</span> <span class="pl-c1">=</span> <span class="pl-en">get_hmap</span> <span class="pl-en">m0</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">sel</span><span class="pl-c1">`</span> <span class="pl-en">i</span> <span class="pl-k">in</span>
+  <span class="pl-en">as_ref</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-smi">Heap.</span><span class="pl-en">unused_in</span><span class="pl-c1">`</span> <span class="pl-en">region_i</span> <span class="pl-c1">/\</span>
+  <span class="pl-en">i</span> <span class="pl-c1">`</span><span class="pl-en">is_in</span><span class="pl-c1">`</span> <span class="pl-en">get_hmap</span> <span class="pl-en">m0</span>              <span class="pl-c1">/\</span>
+  <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">frameOf</span> <span class="pl-en">x</span>                      <span class="pl-c1">/\</span>
+  <span class="pl-en">m1</span> <span class="pl-c1">==</span> <span class="pl-en">upd</span> <span class="pl-en">m0</span> <span class="pl-en">x</span> <span class="pl-en">init</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">ralloc</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">init</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">ST</span> <span class="pl-c1">(</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">m</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">is_eternal_region</span> <span class="pl-en">i</span><span class="pl-c1">))</span>
+                   <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">ralloc_post</span> <span class="pl-en">i</span> <span class="pl-en">init</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">ralloc_mm</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">init</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">ST</span> <span class="pl-c1">(</span><span class="pl-en">mmmref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">m</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">is_eternal_region</span> <span class="pl-en">i</span><span class="pl-c1">))</span>
+                     <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">ralloc_post</span> <span class="pl-en">i</span> <span class="pl-en">init</span><span class="pl-c1">))</span></pre></div>
+<ul>
+<li>AR: 12/26: For a ref to be readable/writable/free-able,</li>
+<li>
+<pre><code>       the client can either prove contains
+</code></pre>
+</li>
+<li>
+<pre><code>       or give us enough so that we can use monotonicity to derive contains
+</code></pre>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">is_live_for_rw_in</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">:Type0</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">(</span><span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">\/</span>
+    <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">r</span> <span class="pl-k">in</span>
+     <span class="pl-c1">(</span><span class="pl-en">is_eternal_region</span> <span class="pl-en">i</span> <span class="pl-c1">\/</span> <span class="pl-en">i</span> <span class="pl-c1">`</span><span class="pl-smi">HS.</span><span class="pl-en">is_above</span><span class="pl-c1">`</span> <span class="pl-en">get_tip</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+     <span class="pl-c1">(</span><span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-en">is_mm</span> <span class="pl-en">r</span><span class="pl-c1">)</span>       <span class="pl-c1">\/</span> <span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-smi">HS.</span><span class="pl-en">contains_ref_in_its_region</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">rfree</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">{</span><span class="pl-smi">HS.</span><span class="pl-en">is_mm</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span> <span class="pl-smi">HS.</span><span class="pl-en">is_heap_color</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">color</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">r</span><span class="pl-c1">))})</span>
+  <span class="pl-c1">:</span><span class="pl-c1">ST</span> <span class="pl-c1">unit</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">m0</span>     <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">is_live_for_rw_in</span><span class="pl-c1">`</span> <span class="pl-en">m0</span><span class="pl-c1">))</span>
+           <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">m0</span> <span class="pl-c1">_</span> <span class="pl-en">m1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m0</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span> <span class="pl-en">m1</span> <span class="pl-c1">==</span> <span class="pl-smi">HS.</span><span class="pl-en">free</span> <span class="pl-en">r</span> <span class="pl-en">m0</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">assign_post</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m0</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-c1">_</span><span class="pl-c1">:unit)</span> <span class="pl-c1">(</span><span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">m0</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span> <span class="pl-en">m1</span> <span class="pl-c1">==</span> <span class="pl-smi">HyperStack.</span><span class="pl-en">upd</span> <span class="pl-en">m0</span> <span class="pl-en">r</span> <span class="pl-en">v</span></pre></div>
+<h4>
+<a id="user-content-op_colon_equals" class="anchor" href="#op_colon_equals" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>op_Colon_Equals</h4>
 <ul>
 <li>Assigns, provided that the reference exists.</li>
 <li>Guaranties the strongest low-level effect: Stack</li>
 </ul>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> op_Bang:#a:Type -&gt; #rel:preorder a -&gt; r:mreference a rel -&gt; (Stack a ((requires ((<span class="kw">fun</span> m -&gt; is_live_for_rw_in r m)))) ((ensures (deref_post r))))</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">op_Colon_Equals</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">STL</span> <span class="pl-c1">unit</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">m</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">is_live_for_rw_in</span><span class="pl-c1">`</span> <span class="pl-en">m</span> <span class="pl-c1">/\</span> <span class="pl-en">rel</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">m</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">v</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">assign_post</span> <span class="pl-en">r</span> <span class="pl-en">v</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">deref_post</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m0</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">m1</span> <span class="pl-c1">==</span> <span class="pl-en">m0</span> <span class="pl-c1">/\</span> <span class="pl-en">m0</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-smi">HyperStack.</span><span class="pl-en">sel</span> <span class="pl-en">m0</span> <span class="pl-en">r</span></pre></div>
+<h4>
+<a id="user-content-op_bang" class="anchor" href="#op_bang" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>op_Bang</h4>
 <ul>
 <li>Dereferences, provided that the reference exists.</li>
 <li>Guaranties the strongest low-level effect: Stack</li>
 </ul>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> get:uu___82:<span class="dt">unit</span> -&gt; (Stack mem ((requires ((<span class="kw">fun</span> m -&gt; True)))) ((ensures ((<span class="kw">fun</span> m0 x m1 -&gt; /\(==(m0, x), ==(m1, m0)))))))</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">op_Bang</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Stack</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">m</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">is_live_for_rw_in</span><span class="pl-c1">`</span> <span class="pl-en">m</span><span class="pl-c1">))</span>
+           <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">deref_post</span> <span class="pl-en">r</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">modifies_none</span> <span class="pl-c1">(</span><span class="pl-en">h0</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h1</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">modifies</span> <span class="pl-smi">Set.</span><span class="pl-en">empty</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span></pre></div>
+<p>NS: This version is just fine; all the operation on mem are ghost
+and we can rig it so that mem just get erased at the end</p>
+<h4>
+<a id="user-content-get" class="anchor" href="#get" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>get</h4>
 <ul>
 <li>Returns the current stack of heaps --- it should be erased</li>
 </ul>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> recall:#a:Type -&gt; #rel:preorder a -&gt; r:r:mreference a rel:{<span class="kw">not</span> (HS<span class="kw">.</span>is_mm r)} -&gt; (Stack <span class="dt">unit</span> ((requires ((<span class="kw">fun</span> m -&gt; \/(is_eternal_region (HS<span class="kw">.</span>frameOf r), contains_region m (HS<span class="kw">.</span>frameOf r)))))) ((ensures ((<span class="kw">fun</span> m0 _ m1 -&gt; /\(==(m0, m1), contains m1 r))))))</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">get</span> <span class="pl-c1">(</span><span class="pl-c1">_</span><span class="pl-c1">:unit)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Stack</span> <span class="pl-en">mem</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">m</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span>
+             <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">m0</span> <span class="pl-en">x</span> <span class="pl-en">m1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m0</span> <span class="pl-c1">==</span> <span class="pl-en">x</span> <span class="pl-c1">/\</span> <span class="pl-en">m1</span> <span class="pl-c1">==</span> <span class="pl-en">m0</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-recall" class="anchor" href="#recall" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>recall</h4>
 <ul>
 <li>We can only recall refs with mm bit unset, not stack refs</li>
 </ul>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> recall_region:i:i:rid:{is_eternal_region i} -&gt; (Stack <span class="dt">unit</span> ((requires ((<span class="kw">fun</span> m -&gt; True)))) ((ensures ((<span class="kw">fun</span> m0 _ m1 -&gt; /\(==(m0, m1), is_in i get_hmap m1))))))</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">recall</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">{</span><span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">is_mm</span> <span class="pl-en">r</span><span class="pl-c1">)})</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Stack</span> <span class="pl-c1">unit</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">m</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">is_eternal_region</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">\/</span> <span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-en">contains_region</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">r</span><span class="pl-c1">)))</span>
+              <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">m0</span> <span class="pl-c1">_</span> <span class="pl-en">m1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m0</span> <span class="pl-c1">==</span> <span class="pl-en">m1</span> <span class="pl-c1">/\</span> <span class="pl-en">m1</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-recall_region" class="anchor" href="#recall_region" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>recall_region</h4>
 <ul>
 <li>We can only recall eternal regions, not stack regions</li>
 </ul>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> MR witness etc. *</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">**** Begin: preferred API <span class="kw">for</span> witnessing <span class="kw">and</span> recalling predicates *****</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">**** End: preferred API <span class="kw">for</span> witnessing <span class="kw">and</span> recalling predicates *****</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">**** logical properties <span class="kw">of</span> witnessed *****</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">* Support <span class="kw">for</span> dynamic regions **</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">recall_region</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">{</span><span class="pl-en">is_eternal_region</span> <span class="pl-en">i</span><span class="pl-c1">})</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Stack</span> <span class="pl-c1">unit</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">m</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span>
+              <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">m0</span> <span class="pl-c1">_</span> <span class="pl-en">m1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m0</span> <span class="pl-c1">==</span> <span class="pl-en">m1</span> <span class="pl-c1">/\</span> <span class="pl-en">i</span> <span class="pl-c1">`</span><span class="pl-en">is_in</span><span class="pl-c1">`</span> <span class="pl-en">get_hmap</span> <span class="pl-en">m1</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">witness_region</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Stack</span> <span class="pl-c1">unit</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">m0</span>      <span class="pl-c1">-&gt;</span> <span class="pl-smi">HS.</span><span class="pl-en">is_eternal_region_hs</span> <span class="pl-en">i</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">i</span> <span class="pl-c1">`</span><span class="pl-en">is_in</span><span class="pl-c1">`</span> <span class="pl-en">get_hmap</span> <span class="pl-en">m0</span><span class="pl-c1">))</span>
+              <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">m0</span> <span class="pl-c1">_</span> <span class="pl-en">m1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m0</span> <span class="pl-c1">==</span> <span class="pl-en">m1</span> <span class="pl-c1">/\</span> <span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">region_contains_pred</span> <span class="pl-en">i</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">witness_hsref</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">ST</span> <span class="pl-c1">unit</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span>      <span class="pl-c1">-&gt;</span> <span class="pl-en">h0</span> <span class="pl-c1">`</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">)</span>
+           <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-c1">_</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">h0</span> <span class="pl-c1">==</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span> <span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">ref_contains_pred</span> <span class="pl-en">r</span><span class="pl-c1">))</span></pre></div>
+<p>MR witness etc. *</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">erid</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">{</span><span class="pl-en">is_eternal_region</span> <span class="pl-en">r</span><span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">m_rref</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">erid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">{</span><span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">}</span></pre></div>
+<p>states that p is preserved by any valid updates on r; note that h0 and h1 may differ arbitrarily elsewhere, hence proving stability usually requires that p depends only on r's content.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">type</span> <span class="pl-en">stable_on</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">mem_predicate</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">h0</span> <span class="pl-en">h1</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">).{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">h0</span><span class="pl-c1">);</span> <span class="pl-en">rel</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h0</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h1</span> <span class="pl-en">r</span><span class="pl-c1">)}</span>
+                  <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">h0</span> <span class="pl-c1">/\</span> <span class="pl-en">rel</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h0</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h1</span> <span class="pl-en">r</span><span class="pl-c1">))</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">p</span> <span class="pl-en">h1</span></pre></div>
+<ul>
+<li>The stable_on_t and mr_witness API is here for legacy reasons,</li>
+<li>the preferred API is stable_on and witness_p</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">type</span> <span class="pl-en">stable_on_t</span> <span class="pl-c1">(#</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">erid</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+                        <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">m_rref</span> <span class="pl-en">i</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">mem_predicate</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-en">stable_on</span> <span class="pl-en">p</span> <span class="pl-en">r</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mr_witness</span> <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">erid</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+               <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">m_rref</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">mem_predicate</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">ST</span> <span class="pl-c1">unit</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span>      <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-en">h0</span>   <span class="pl-c1">/\</span> <span class="pl-en">stable_on_t</span> <span class="pl-en">m</span> <span class="pl-en">p</span><span class="pl-c1">))</span>
+           <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-c1">_</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">h0</span><span class="pl-c1">==</span><span class="pl-en">h1</span> <span class="pl-c1">/\</span> <span class="pl-en">witnessed</span> <span class="pl-en">p</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">weaken_witness</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">q</span><span class="pl-c1">:</span><span class="pl-en">mem_predicate</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-k">forall</span> <span class="pl-en">h</span><span class="pl-c1">.</span> <span class="pl-en">p</span> <span class="pl-en">h</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">q</span> <span class="pl-en">h</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">witnessed</span> <span class="pl-en">p</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">witnessed</span> <span class="pl-en">q</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">testify</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">mem_predicate</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">ST</span> <span class="pl-c1">unit</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span>      <span class="pl-c1">-&gt;</span>  <span class="pl-en">witnessed</span> <span class="pl-en">p</span><span class="pl-c1">))</span>
+           <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-c1">_</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">h0</span><span class="pl-c1">==</span><span class="pl-en">h1</span> <span class="pl-c1">/\</span> <span class="pl-en">p</span> <span class="pl-en">h1</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">testify_forall</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mem</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0))</span>
+  <span class="pl-c1">($</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">c</span><span class="pl-c1">).</span> <span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">:</span><span class="pl-c1">ST</span> <span class="pl-c1">unit</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h</span>      <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span>
+           <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-c1">_</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">h0</span><span class="pl-c1">==</span><span class="pl-en">h1</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">c</span><span class="pl-c1">).</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">h1</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">testify_forall_region_contains_pred</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-en">rid</span><span class="pl-c1">))</span>
+  <span class="pl-c1">($</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">c</span><span class="pl-c1">).</span> <span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">region_contains_pred</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">))))</span>
+  <span class="pl-c1">:</span><span class="pl-c1">ST</span> <span class="pl-c1">unit</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span>       <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span>
+           <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-c1">_</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">h0</span> <span class="pl-c1">==</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span>
+                              <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">c</span><span class="pl-c1">).</span> <span class="pl-smi">HS.</span><span class="pl-en">is_eternal_region_hs</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">h1</span> <span class="pl-c1">`</span><span class="pl-en">contains_region</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">))))</span></pre></div>
+<p>***** Begin: preferred API for witnessing and recalling predicates *****</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">token_p</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">mem_predicate</span><span class="pl-c1">)</span> <span class="pl-c1">:Type0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">witness_p</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">mem_predicate</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">ST</span> <span class="pl-c1">unit</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span>      <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-en">h0</span> <span class="pl-c1">/\</span> <span class="pl-en">p</span> <span class="pl-c1">`</span><span class="pl-en">stable_on</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">)</span>
+           <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-c1">_</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">h0</span> <span class="pl-c1">==</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span> <span class="pl-en">token_p</span> <span class="pl-en">r</span> <span class="pl-en">p</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">recall_p</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">mem_predicate</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">ST</span> <span class="pl-c1">unit</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span>      <span class="pl-c1">-&gt;</span> <span class="pl-c1">((</span><span class="pl-en">is_eternal_region</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">is_mm</span> <span class="pl-en">r</span><span class="pl-c1">))</span> <span class="pl-c1">\/</span> <span class="pl-en">h0</span> <span class="pl-c1">`</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">token_p</span> <span class="pl-en">r</span> <span class="pl-en">p</span><span class="pl-c1">)</span>
+           <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-c1">_</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">h0</span> <span class="pl-c1">==</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span> <span class="pl-en">h0</span> <span class="pl-c1">`</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span> <span class="pl-en">p</span> <span class="pl-en">h0</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">token_functoriality</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">mem_predicate</span><span class="pl-c1">{</span><span class="pl-en">token_p</span> <span class="pl-en">r</span> <span class="pl-en">p</span><span class="pl-c1">})</span> <span class="pl-c1">(</span><span class="pl-en">q</span><span class="pl-c1">:</span><span class="pl-en">mem_predicate</span><span class="pl-c1">{</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">).</span> <span class="pl-en">p</span> <span class="pl-en">h</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">q</span> <span class="pl-en">h</span><span class="pl-c1">})</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">token_p</span> <span class="pl-en">r</span> <span class="pl-en">q</span><span class="pl-c1">)</span></pre></div>
+<p>***** End: preferred API for witnessing and recalling predicates *****</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">ex_rid</span> <span class="pl-c1">=</span> <span class="pl-en">erid</span></pre></div>
+<p>***** logical properties of witnessed *****</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_witnessed_constant</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:Type0)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">p</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_witnessed_nested</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">mem_predicate</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">witnessed</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">witnessed</span> <span class="pl-en">p</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_witnessed_and</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">q</span><span class="pl-c1">:</span><span class="pl-en">mem_predicate</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">s</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-en">s</span> <span class="pl-c1">/\</span> <span class="pl-en">q</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">(</span><span class="pl-en">witnessed</span> <span class="pl-en">p</span> <span class="pl-c1">/\</span> <span class="pl-en">witnessed</span> <span class="pl-en">q</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_witnessed_or</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">q</span><span class="pl-c1">:</span><span class="pl-en">mem_predicate</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">witnessed</span> <span class="pl-en">p</span> <span class="pl-c1">\/</span> <span class="pl-en">witnessed</span> <span class="pl-en">q</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">s</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-en">s</span> <span class="pl-c1">\/</span> <span class="pl-en">q</span> <span class="pl-en">s</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_witnessed_impl</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">q</span><span class="pl-c1">:</span><span class="pl-en">mem_predicate</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">s</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-en">s</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">q</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">witnessed</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">witnessed</span> <span class="pl-en">q</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_witnessed_forall</span> <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mem_predicate</span><span class="pl-c1">))</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">s</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">s</span><span class="pl-c1">))</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_witnessed_exists</span> <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mem_predicate</span><span class="pl-c1">))</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-k">exists</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">))</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">s</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">exists</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">s</span><span class="pl-c1">))</span></pre></div>
+<h3>
+<a id="user-content-support-for-dynamic-regions-" class="anchor" href="#support-for-dynamic-regions-" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Support for dynamic regions **</h3>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">is_freeable_heap_region</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Type0</span> <span class="pl-c1">=</span>
+  <span class="pl-smi">HS.</span><span class="pl-en">is_heap_color</span> <span class="pl-c1">(</span><span class="pl-en">color</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-smi">HS.</span><span class="pl-en">rid_freeable</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span> <span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">region_contains_pred</span> <span class="pl-en">r</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">d_hrid</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">{</span><span class="pl-en">is_freeable_heap_region</span> <span class="pl-en">r</span><span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">drgn</span> <span class="pl-c1">:</span> <span class="pl-c1">Type0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">rid_of_drgn</span> <span class="pl-c1">(</span><span class="pl-en">d</span><span class="pl-c1">:</span><span class="pl-en">drgn</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">d_hrid</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">new_drgn</span> <span class="pl-c1">(</span><span class="pl-en">r0</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">ST</span> <span class="pl-en">drgn</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-k">fun</span> <span class="pl-en">m</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">is_eternal_region</span> <span class="pl-en">r0</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-k">fun</span> <span class="pl-en">m0</span> <span class="pl-en">d</span> <span class="pl-en">m1</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">let</span> <span class="pl-en">r1</span> <span class="pl-c1">=</span> <span class="pl-en">rid_of_drgn</span> <span class="pl-en">d</span> <span class="pl-k">in</span>
+    <span class="pl-en">new_region_post_common</span> <span class="pl-en">r0</span> <span class="pl-en">r1</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span> <span class="pl-c1">/\</span>
+    <span class="pl-smi">HS.</span><span class="pl-en">color</span> <span class="pl-en">r1</span> <span class="pl-c1">==</span> <span class="pl-smi">HS.</span><span class="pl-en">color</span> <span class="pl-en">r0</span> <span class="pl-c1">/\</span>
+    <span class="pl-c1">(</span><span class="pl-en">r1</span><span class="pl-c1">,</span> <span class="pl-en">m1</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-smi">HS.</span><span class="pl-en">new_freeable_heap_region</span> <span class="pl-en">m0</span> <span class="pl-en">r0</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">free_drgn</span> <span class="pl-c1">(</span><span class="pl-en">d</span><span class="pl-c1">:</span><span class="pl-en">drgn</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">ST</span> <span class="pl-c1">unit</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-k">fun</span> <span class="pl-en">m</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">contains_region</span> <span class="pl-en">m</span> <span class="pl-c1">(</span><span class="pl-en">rid_of_drgn</span> <span class="pl-en">d</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-k">fun</span> <span class="pl-en">m0</span> <span class="pl-c1">_</span> <span class="pl-en">m1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m1</span> <span class="pl-c1">==</span> <span class="pl-smi">HS.</span><span class="pl-en">free_heap_region</span> <span class="pl-en">m0</span> <span class="pl-c1">(</span><span class="pl-en">rid_of_drgn</span> <span class="pl-en">d</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">ralloc_drgn</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">d</span><span class="pl-c1">:</span><span class="pl-en">drgn</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">init</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">ST</span> <span class="pl-c1">(</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-k">fun</span> <span class="pl-en">m</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-en">contains_region</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">rid_of_drgn</span> <span class="pl-en">d</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-k">fun</span> <span class="pl-en">m0</span> <span class="pl-en">r</span> <span class="pl-en">m1</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">is_mm</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">ralloc_post</span> <span class="pl-c1">(</span><span class="pl-en">rid_of_drgn</span> <span class="pl-en">d</span><span class="pl-c1">)</span> <span class="pl-en">init</span> <span class="pl-en">m0</span> <span class="pl-en">r</span> <span class="pl-en">m1</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">ralloc_drgn_mm</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">d</span><span class="pl-c1">:</span><span class="pl-en">drgn</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">init</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">ST</span> <span class="pl-c1">(</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-k">fun</span> <span class="pl-en">m</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-en">contains_region</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">rid_of_drgn</span> <span class="pl-en">d</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-k">fun</span> <span class="pl-en">m0</span> <span class="pl-en">r</span> <span class="pl-en">m1</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-smi">HS.</span><span class="pl-en">is_mm</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">ralloc_post</span> <span class="pl-c1">(</span><span class="pl-en">rid_of_drgn</span> <span class="pl-en">d</span><span class="pl-c1">)</span> <span class="pl-en">init</span> <span class="pl-en">m0</span> <span class="pl-en">r</span> <span class="pl-en">m1</span><span class="pl-c1">)</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.HyperStack.html b/docs/FStar.HyperStack.html
index 68e07cd..5abd4b6 100644
--- a/docs/FStar.HyperStack.html
+++ b/docs/FStar.HyperStack.html
@@ -1,16 +1,37 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.HyperStack</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.hyperstack">module FStar.HyperStack</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarhyperstack" class="anchor" href="#fstarhyperstack" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.HyperStack</h1>
+<ul>
+<li>Includes module <a href="FStar.Monotonic.HyperStack.html">FStar.Monotonic.HyperStack</a>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">reference</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-smi">Heap.</span><span class="pl-en">trivial_preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">stackref</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-en">mstackref</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-smi">Heap.</span><span class="pl-en">trivial_preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">ref</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-smi">Heap.</span><span class="pl-en">trivial_preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mmstackref</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-en">mmmstackref</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-smi">Heap.</span><span class="pl-en">trivial_preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">mmref</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-en">mmmref</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-smi">Heap.</span><span class="pl-en">trivial_preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-k">type</span> <span class="pl-en">s_ref</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-en">s_mref</span> <span class="pl-en">i</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-smi">Heap.</span><span class="pl-en">trivial_preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<p>Two references with different reads are disjoint.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">reference_distinct_sel_disjoint</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r1</span><span class="pl-c1">:</span> <span class="pl-en">reference</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r2</span><span class="pl-c1">:</span> <span class="pl-en">reference</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span>
+    <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r1</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r2</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">frameOf</span> <span class="pl-en">r1</span> <span class="pl-c1">==</span> <span class="pl-en">frameOf</span> <span class="pl-en">r2</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">as_addr</span> <span class="pl-en">r1</span> <span class="pl-c1">==</span> <span class="pl-en">as_addr</span> <span class="pl-en">r2</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span>
+    <span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">r1</span> <span class="pl-c1">==</span> <span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">r2</span>
+  <span class="pl-c1">))</span>
+<span class="pl-c1">=</span> <span class="pl-en">mreference_distinct_sel_disjoint</span> <span class="pl-en">h</span> <span class="pl-en">r1</span> <span class="pl-en">r2</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.IFC.html b/docs/FStar.IFC.html
index d533a70..7c87b52 100644
--- a/docs/FStar.IFC.html
+++ b/docs/FStar.IFC.html
@@ -1,58 +1,136 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.IFC</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.ifc">module FStar.IFC</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">
- * FStar<span class="kw">.</span>IFC provides a simple, generic abstraction
- * <span class="kw">for</span> monadic information-flow control
- * based on a user-defined (semi-)lattice <span class="kw">of</span> information flow labels
- *</code></pre></div>
+<h1>
+<a id="user-content-fstarifc" class="anchor" href="#fstarifc" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.IFC</h1>
+<blockquote>
+<p>FStar.IFC provides a simple, generic abstraction for monadic
+information-flow control based on a user-defined (semi-)lattice of
+information flow labels.</p>
+<p>The main idea is to provide an abstract type <code>protected a l</code>,
+encapsulating values of type <code>a</code> carrying information at
+confidentiality level <code>l</code>. Operations that compute on the
+underlying <code>a</code> are instrumented to reflect the sensitivity of
+their arguments on their results.</p>
+<p>Several papers develop this idea, ranging from</p>
+<p>Fable: A language for enforcing user-defined security policies
+<a href="http://www.cs.umd.edu/~nswamy/papers/fable-tr.pdf" rel="nofollow">http://www.cs.umd.edu/~nswamy/papers/fable-tr.pdf</a></p>
+<p>To more modern variants like
+<a href="https://hackage.haskell.org/package/lio" rel="nofollow">https://hackage.haskell.org/package/lio</a></p>
+</blockquote>
+<h2>
+<a id="user-content-basic-definitions-for-a-join-semilattice" class="anchor" href="#basic-definitions-for-a-join-semilattice" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Basic definitions for a join semilattice</h2>
+<h4>
+<a id="user-content-associative" class="anchor" href="#associative" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>associative</h4>
+<p>The <a href="#lub"><code>lub</code></a> is associative</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">associative</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">))</span> <span class="pl-c1">=</span> <span class="pl-k">forall</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">.</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-en">z</span> <span class="pl-c1">==</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-commutative" class="anchor" href="#commutative" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>commutative</h4>
+<p>The <a href="#lub"><code>lub</code></a> is commutative</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">commutative</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">))</span> <span class="pl-c1">=</span> <span class="pl-k">forall</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">.</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">f</span> <span class="pl-en">y</span> <span class="pl-en">x</span></pre></div>
+<h4>
+<a id="user-content-idempotent" class="anchor" href="#idempotent" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>idempotent</h4>
+<p>The <a href="#lub"><code>lub</code></a> is idempotent</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">idempotent</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">))</span> <span class="pl-c1">=</span> <span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">x</span></pre></div>
+<h4>
+<a id="user-content-semilattice" class="anchor" href="#semilattice" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>semilattice</h4>
+<p>A semilattice has a top element and a
+associative-commutative-idempotent least upper bound operator.
+This is effectvely the typeclass of a semilattice, however, we
+program explicitly with semilattice, rather than use typeclass
+instantiation.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">noeq</span>
+<span class="pl-k">type</span> <span class="pl-en">semilattice</span> <span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#(</span><span class="pl-en">c</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">SemiLattice</span> <span class="pl-c1">:</span>
+      <span class="pl-c1">#</span><span class="pl-en">carrier</span><span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">c</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">top</span><span class="pl-c1">:</span> <span class="pl-en">carrier</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">lub</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">carrier</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">carrier</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">carrier</span><span class="pl-c1">){</span><span class="pl-en">associative</span> <span class="pl-en">f</span> <span class="pl-c1">/\</span> <span class="pl-en">commutative</span> <span class="pl-en">f</span> <span class="pl-c1">/\</span> <span class="pl-en">idempotent</span> <span class="pl-en">f</span><span class="pl-c1">})</span>
+    <span class="pl-c1">-&gt;</span> <span class="pl-en">semilattice</span></pre></div>
+<h4>
+<a id="user-content-sltype" class="anchor" href="#sltype" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>sl:Type</h4>
+<p>For most of the rest of this development, we'll use an erased
+counterpart of a semilattice</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">sl</span><span class="pl-c1">:Type</span> <span class="pl-c1">u#(</span><span class="pl-en">c</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-smi">FStar.Ghost.</span><span class="pl-en">erased</span> <span class="pl-en">semilattice</span></pre></div>
+<h4>
+<a id="user-content-lattice_element" class="anchor" href="#lattice_element" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lattice_element</h4>
+<p>A lattice element is just an element of the carrier type</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lattice_element</span> <span class="pl-c1">(</span><span class="pl-en">sl</span><span class="pl-c1">:</span> <span class="pl-en">sl</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">Ghost</span><span class="pl-c1">.</span><span class="pl-en">erased</span> <span class="pl-c1">(</span><span class="pl-c1">SemiLattice</span><span class="pl-c1">?.</span><span class="pl-en">carrier</span> <span class="pl-c1">(</span><span class="pl-c1">Ghost</span><span class="pl-c1">.</span><span class="pl-en">reveal</span> <span class="pl-en">sl</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-lub" class="anchor" href="#lub" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lub</h4>
+<p>A convenience for joining elements in the lattice</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">lub</span> <span class="pl-c1">#</span><span class="pl-en">sl</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">lattice_element</span> <span class="pl-en">sl</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">lattice_element</span> <span class="pl-en">sl</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">lattice_element</span> <span class="pl-en">sl</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">Ghost</span><span class="pl-c1">.</span><span class="pl-en">hide</span> <span class="pl-c1">(</span><span class="pl-c1">SemiLattice</span><span class="pl-c1">?.</span><span class="pl-en">lub</span> <span class="pl-c1">(</span><span class="pl-c1">Ghost</span><span class="pl-c1">.</span><span class="pl-en">reveal</span> <span class="pl-en">sl</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-c1">Ghost</span><span class="pl-c1">.</span><span class="pl-en">reveal</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-c1">Ghost</span><span class="pl-c1">.</span><span class="pl-en">reveal</span> <span class="pl-en">y</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-protected" class="anchor" href="#protected" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>protected</h4>
+<p>The main type provided by this module is <code>protected l b</code> i.e,, a
+<code>b</code>-typed value protected at IFC level <code>l</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">protected</span> <span class="pl-c1">(#</span><span class="pl-en">sl</span><span class="pl-c1">:</span> <span class="pl-en">sl</span> <span class="pl-c1">u#</span><span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">lattice_element</span> <span class="pl-en">sl</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">b</span></pre></div>
+<p><code>protected b l</code> is in a bijection with <code>b</code>, as shown by <a href="#reveal"><code>reveal</code></a>
+and <a href="#hide"><code>hide</code></a> below</p>
+<h4>
+<a id="user-content-reveal" class="anchor" href="#reveal" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>reveal</h4>
+<p><a href="#reveal"><code>reveal</code></a> projects a <code>b</code> from a <code>protected b l</code>, but incurs a ghost effect</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">reveal</span> <span class="pl-c1">(#</span><span class="pl-en">sl</span><span class="pl-c1">:</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">lattice_element</span> <span class="pl-en">sl</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">protected</span> <span class="pl-en">l</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-en">b</span></pre></div>
+<h4>
+<a id="user-content-hide" class="anchor" href="#hide" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>hide</h4>
+<p><a href="#hide"><code>hide</code></a> injects a <code>b</code> into a <code>protected b l</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">hide</span> <span class="pl-c1">(#</span><span class="pl-en">sl</span><span class="pl-c1">:</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">lattice_element</span> <span class="pl-en">sl</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">protected</span> <span class="pl-en">l</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<p>Note, any <code>b</code> can be promoted to a <code>protected l b</code> i.e.,
+<code>protected l b</code> is only meant to enforce confidentiality</p>
+<h4>
+<a id="user-content-reveal_hide" class="anchor" href="#reveal_hide" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>reveal_hide</h4>
+<p>The next pair of lemmas show that reveal/hide are inverses</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">reveal_hide</span> <span class="pl-c1">(#</span><span class="pl-en">l</span> <span class="pl-c1">#</span><span class="pl-en">t</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-c1">(</span><span class="pl-en">hide</span> <span class="pl-c1">#</span><span class="pl-en">l</span> <span class="pl-c1">#</span><span class="pl-en">t</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">hide</span> <span class="pl-c1">#</span><span class="pl-en">l</span> <span class="pl-c1">#</span><span class="pl-en">t</span> <span class="pl-en">x</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">hide_reveal</span> <span class="pl-c1">(#</span><span class="pl-en">sl</span><span class="pl-c1">:</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">lattice_element</span> <span class="pl-en">sl</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">protected</span> <span class="pl-en">l</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">hide</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">x</span><span class="pl-c1">)]</span></pre></div>
+<blockquote>
+<p><code>protected l b</code> is a form of parameterized monad
+It provides:
+-- <code>return</code> (via <a href="#hide"><code>hide</code></a>)
+-- <a href="#map"><code>map</code></a>    (i.e., it's a functor)
+-- <a href="#join"><code>join</code></a>   (so it's also a monad)
+Which we package up as a <a href="#bind"><code>bind</code></a></p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">return</span> <span class="pl-c1">#</span><span class="pl-en">sl</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">lattice_element</span> <span class="pl-en">sl</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">protected</span> <span class="pl-en">l</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">hide</span> <span class="pl-en">x</span></pre></div>
+<h4>
+<a id="user-content-map" class="anchor" href="#map" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>map</h4>
+<p>This is just a map of <code>f</code> over <code>x</code> But, notice the order of
+arguments is flipped We write <code>map x f</code> instead of <code>map f x</code> so
+that <code>f</code>'s type can depend on <code>x</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">map</span> <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">#</span><span class="pl-en">sl</span><span class="pl-c1">:</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">lattice_element</span> <span class="pl-en">sl</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">protected</span> <span class="pl-en">l</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">reveal</span> <span class="pl-en">x</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">protected</span> <span class="pl-en">l</span> <span class="pl-en">b</span> <span class="pl-c1">{</span><span class="pl-en">reveal</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">x</span><span class="pl-c1">)})</span></pre></div>
+<h4>
+<a id="user-content-join" class="anchor" href="#join" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>join</h4>
+<p>This is almost a regular monadic <a href="#join"><code>join</code></a>
+Except notice that the label of the result is the <a href="#lub"><code>lub</code></a>
+of the both the labels in the argument</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">join</span> <span class="pl-c1">(#</span><span class="pl-en">sl</span><span class="pl-c1">:</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">l1</span> <span class="pl-c1">#</span><span class="pl-en">l2</span><span class="pl-c1">:</span> <span class="pl-en">lattice_element</span> <span class="pl-en">sl</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">protected</span> <span class="pl-en">l1</span> <span class="pl-c1">(</span><span class="pl-en">protected</span> <span class="pl-en">l2</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">protected</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-c1">`</span><span class="pl-en">lub</span><span class="pl-c1">`</span> <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-en">a</span> <span class="pl-c1">{</span><span class="pl-en">reveal</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">reveal</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">x</span><span class="pl-c1">)})</span></pre></div>
+<h4>
+<a id="user-content-bind" class="anchor" href="#bind" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>bind</h4>
+<p>This is almost like a regular bind, except like <a href="#map"><code>map</code></a> the type of
+the continuation's argument depends on the argument <code>x</code>; and, like
+<a href="#join"><code>join</code></a>, the indexes on the result are at least as high as the
+indexes of the argument</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">bind</span>
+      <span class="pl-c1">#</span><span class="pl-en">sl</span>
+      <span class="pl-c1">(#</span><span class="pl-en">l1</span><span class="pl-c1">:</span> <span class="pl-en">lattice_element</span> <span class="pl-en">sl</span><span class="pl-c1">)</span>
+      <span class="pl-c1">#</span><span class="pl-en">a</span>
+      <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">protected</span> <span class="pl-en">l1</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">l2</span><span class="pl-c1">:</span> <span class="pl-en">lattice_element</span> <span class="pl-en">sl</span><span class="pl-c1">)</span>
+      <span class="pl-c1">#</span><span class="pl-en">b</span>
+      <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">reveal</span> <span class="pl-en">x</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">protected</span> <span class="pl-en">l2</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">protected</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-c1">`</span><span class="pl-en">lub</span><span class="pl-c1">`</span> <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">join</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">x</span> <span class="pl-en">f</span><span class="pl-c1">)</span></pre></div>
+<p>As such, any computation that observes the protected value held in
+<code>x</code> has a secrecy level at least as secret as <code>x</code> itself</p>
+
 </body>
 </html>
diff --git a/docs/FStar.IO.html b/docs/FStar.IO.html
index 2a100da..5d54ddf 100644
--- a/docs/FStar.IO.html
+++ b/docs/FStar.IO.html
@@ -1,16 +1,65 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.IO</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.io">module FStar.IO</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstario" class="anchor" href="#fstario" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.IO</h1>
+<ul>
+<li>Opens module <a href="FStar.All.html">FStar.All</a>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">exception</span> <span class="pl-c1">EOF</span>
+<span class="pl-k">assume</span> <span class="pl-k">new</span> <span class="pl-k">type</span> <span class="pl-en">fd_read</span> <span class="pl-c1">:</span> <span class="pl-c1">Type0</span>
+<span class="pl-k">assume</span> <span class="pl-k">new</span> <span class="pl-k">type</span> <span class="pl-en">fd_write</span> <span class="pl-c1">:</span> <span class="pl-c1">Type0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">stdin</span> <span class="pl-c1">:</span> <span class="pl-en">fd_read</span>
+<span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">stdout</span> <span class="pl-c1">:</span> <span class="pl-en">fd_write</span>
+<span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">stderr</span> <span class="pl-c1">:</span> <span class="pl-en">fd_write</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">print_newline</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">unit</span>
+<span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">print_string</span> <span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">unit</span></pre></div>
+<p>assume val print_nat_hex : nat -&gt; ML unit</p>
+<p>assume val print_nat_dec : nat -&gt; ML unit</p>
+<p>Print as hexadecimal with a leading 0x</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">print_uint8</span> <span class="pl-c1">:</span> <span class="pl-smi">FStar.UInt8.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">unit</span>
+<span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">print_uint16</span> <span class="pl-c1">:</span> <span class="pl-smi">FStar.UInt16.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">unit</span>
+<span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">print_uint32</span> <span class="pl-c1">:</span> <span class="pl-smi">FStar.UInt32.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">unit</span>
+<span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">print_uint64</span> <span class="pl-c1">:</span> <span class="pl-smi">FStar.UInt64.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">unit</span></pre></div>
+<p>Print as decimal</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">print_uint8_dec</span> <span class="pl-c1">:</span> <span class="pl-smi">FStar.UInt8.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">unit</span>
+<span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">print_uint16_dec</span> <span class="pl-c1">:</span> <span class="pl-smi">FStar.UInt16.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">unit</span>
+<span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">print_uint32_dec</span> <span class="pl-c1">:</span> <span class="pl-smi">FStar.UInt32.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">unit</span>
+<span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">print_uint64_dec</span> <span class="pl-c1">:</span> <span class="pl-smi">FStar.UInt64.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">unit</span></pre></div>
+<p>Print as hex in fixed width, no leading 0x</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">print_uint8_hex_pad</span> <span class="pl-c1">:</span> <span class="pl-smi">FStar.UInt8.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">unit</span>
+<span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">print_uint16_hex_pad</span> <span class="pl-c1">:</span> <span class="pl-smi">FStar.UInt16.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">unit</span>
+<span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">print_uint32_hex_pad</span> <span class="pl-c1">:</span> <span class="pl-smi">FStar.UInt32.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">unit</span>
+<span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">print_uint64_hex_pad</span> <span class="pl-c1">:</span> <span class="pl-smi">FStar.UInt64.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">unit</span></pre></div>
+<p>Print as decimal, zero padded to maximum possible length</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">print_uint8_dec_pad</span> <span class="pl-c1">:</span> <span class="pl-smi">FStar.UInt8.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">unit</span>
+<span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">print_uint16_dec_pad</span> <span class="pl-c1">:</span> <span class="pl-smi">FStar.UInt16.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">unit</span>
+<span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">print_uint32_dec_pad</span> <span class="pl-c1">:</span> <span class="pl-smi">FStar.UInt32.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">unit</span>
+<span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">print_uint64_dec_pad</span> <span class="pl-c1">:</span> <span class="pl-smi">FStar.UInt64.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">unit</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">print_any</span> <span class="pl-c1">:</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">unit</span>
+<span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">input_line</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">string</span>
+<span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">input_int</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">int</span>
+<span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">input_float</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-smi">FStar.Float.</span><span class="pl-en">float</span>
+<span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">open_read_file</span> <span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-en">fd_read</span>
+<span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">open_write_file</span> <span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-en">fd_write</span>
+<span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">close_read_file</span> <span class="pl-c1">:</span> <span class="pl-en">fd_read</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">unit</span>
+<span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">close_write_file</span> <span class="pl-c1">:</span> <span class="pl-en">fd_write</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">unit</span>
+<span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">read_line</span> <span class="pl-c1">:</span> <span class="pl-en">fd_read</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">string</span>
+<span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">write_string</span> <span class="pl-c1">:</span> <span class="pl-en">fd_write</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">unit</span></pre></div>
+<p>An UNSOUND escape hatch for printf-debugging;
+Although it always returns false, we mark it
+as returning a bool, so that extraction doesn't
+erase this call.</p>
+<p>Note: no guarantees are provided regarding the order
+of eassume valuation of this function; since it is marked as pure,
+the compiler may re-order or replicate it.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">debug_print_string</span> <span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.IndefiniteDescription.html b/docs/FStar.IndefiniteDescription.html
index 1985b98..9815091 100644
--- a/docs/FStar.IndefiniteDescription.html
+++ b/docs/FStar.IndefiniteDescription.html
@@ -1,16 +1,102 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.IndefiniteDescription</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.indefinitedescription">module FStar.IndefiniteDescription</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarindefinitedescription" class="anchor" href="#fstarindefinitedescription" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.IndefiniteDescription</h1>
+<blockquote>
+<p>Indefinite description is an axiom that allows picking a witness
+for existentially quantified predicate.</p>
+<p>Many other axioms can be derived from this one: Use it with care!</p>
+<p>For some background on the axiom, see:</p>
+<p><a href="https://github.com/coq/coq/wiki/CoqAndAxioms#indefinite-description--hilberts-epsilon-operator">https://github.com/coq/coq/wiki/CoqAndAxioms#indefinite-description--hilberts-epsilon-operator</a>
+<a href="https://en.wikipedia.org/wiki/Theory_of_descriptions#Indefinite_descriptions" rel="nofollow">https://en.wikipedia.org/wiki/Theory_of_descriptions#Indefinite_descriptions</a></p>
+</blockquote>
+<h4>
+<a id="user-content-indefinite_description_tot" class="anchor" href="#indefinite_description_tot" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>indefinite_description_tot</h4>
+<p>The main axiom:</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">assume</span>
+<span class="pl-k">val</span> <span class="pl-en">indefinite_description_tot</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">prop</span><span class="pl-c1">)</span> <span class="pl-c1">{</span> <span class="pl-k">exists</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-c1">})</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">w</span><span class="pl-c1">:</span><span class="pl-c1">Ghost</span><span class="pl-c1">.</span><span class="pl-en">erased</span> <span class="pl-en">a</span><span class="pl-c1">{</span> <span class="pl-en">p</span> <span class="pl-en">w</span> <span class="pl-c1">})</span></pre></div>
+<p>Given a classical proof of <code>exists x. p x</code>, we can exhibit an erased
+(computationally irrelevant) a witness <code>x:erased a</code> validating
+<code>p x</code>.</p>
+<h4>
+<a id="user-content-indefinite_description_ghost" class="anchor" href="#indefinite_description_ghost" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>indefinite_description_ghost</h4>
+<p>A version in ghost is easily derivable</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">indefinite_description_ghost</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">prop</span><span class="pl-c1">)</span> <span class="pl-c1">{</span> <span class="pl-k">exists</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-c1">})</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">{</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-c1">})</span>
+  <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-en">w</span> <span class="pl-c1">=</span> <span class="pl-en">indefinite_description_tot</span> <span class="pl-en">a</span> <span class="pl-en">p</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">Ghost</span><span class="pl-c1">.</span><span class="pl-en">reveal</span> <span class="pl-en">w</span> <span class="pl-k">in</span>
+    <span class="pl-en">x</span></pre></div>
+<h4>
+<a id="user-content-indefinite_description" class="anchor" href="#indefinite_description" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>indefinite_description</h4>
+<p>An alternate formulation, mainly for legacy reasons.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>Consider using indefinite_description_ghost instead<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">assume</span>
+<span class="pl-k">val</span> <span class="pl-en">indefinite_description</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type0))</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Ghost</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">&amp;</span> <span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span></pre></div>
+<p>Given a classical proof of <code>exists x. p x</code>, we can exhibit (ghostly) a
+witness <code>x:a</code> validating <code>p x</code>.</p>
+<p>We should take <code>p</code> to be <code>a -&gt; prop</code>. However, see
+<code>Prims.prop</code> for a description of the ongoing work on more
+systematically using <code>prop</code> in the libraries</p>
+<ul>
+<li>Opens module <a href="FStar.Classical.html">FStar.Classical</a>
+</li>
+<li>Opens module <a href="FStar.Squash.html">FStar.Squash</a>
+</li>
+</ul>
+<h4>
+<a id="user-content-strong_excluded_middle" class="anchor" href="#strong_excluded_middle" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>strong_excluded_middle</h4>
+<p>Indefinite description entails the a strong form of the excluded
+middle, i.e., one can case-analyze the truth of a proposition
+(only in <code>Ghost</code>)</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">strong_excluded_middle</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">bool{</span><span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">true</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">p</span><span class="pl-c1">})</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">aux</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-en">b</span><span class="pl-c1">.</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">true</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-en">give_proof</span> <span class="pl-c1">(</span><span class="pl-en">bind_squash</span> <span class="pl-c1">(</span><span class="pl-en">get_proof</span> <span class="pl-c1">(</span><span class="pl-en">l_or</span> <span class="pl-en">p</span> <span class="pl-c1">(~</span><span class="pl-en">p</span><span class="pl-c1">)))</span>
+          <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">l_or</span> <span class="pl-en">p</span> <span class="pl-c1">(~</span><span class="pl-en">p</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span>
+              <span class="pl-en">bind_squash</span> <span class="pl-en">b</span>
+                <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">b'</span><span class="pl-c1">:</span> <span class="pl-en">c_or</span> <span class="pl-en">p</span> <span class="pl-c1">(~</span><span class="pl-en">p</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span>
+                    <span class="pl-k">match</span> <span class="pl-en">b'</span> <span class="pl-k">with</span>
+                    <span class="pl-c1">|</span> <span class="pl-c1">Left</span> <span class="pl-en">hp</span> <span class="pl-c1">-&gt;</span>
+                      <span class="pl-en">give_witness</span> <span class="pl-en">hp</span><span class="pl-c1">;</span>
+                      <span class="pl-en">exists_intro</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">true</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">true</span><span class="pl-c1">;</span>
+                      <span class="pl-en">get_proof</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-en">b</span><span class="pl-c1">.</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">true</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">p</span><span class="pl-c1">)</span>
+                    <span class="pl-c1">|</span> <span class="pl-c1">Right</span> <span class="pl-en">hnp</span> <span class="pl-c1">-&gt;</span>
+                      <span class="pl-en">give_witness</span> <span class="pl-en">hnp</span><span class="pl-c1">;</span>
+                      <span class="pl-en">exists_intro</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">true</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">false</span><span class="pl-c1">;</span>
+                      <span class="pl-en">get_proof</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-en">b</span><span class="pl-c1">.</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">true</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">p</span><span class="pl-c1">))))</span>
+  <span class="pl-k">in</span>
+  <span class="pl-en">aux</span> <span class="pl-en">p</span><span class="pl-c1">;</span>
+  <span class="pl-en">indefinite_description_ghost</span> <span class="pl-c1">bool</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">true</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">p</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-stronger_markovs_principle" class="anchor" href="#stronger_markovs_principle" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>stronger_markovs_principle</h4>
+<p>We also can combine this with a the classical tautology converting
+with a <code>forall</code> and an <code>exists</code> to extract a witness of validity of <code>p</code> from
+a classical proof that <code>p</code> is not universally invalid.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">stronger_markovs_principle</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">bool))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Ghost</span> <span class="pl-c1">nat</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(~(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">nat).</span> <span class="pl-c1">~(</span><span class="pl-en">p</span> <span class="pl-en">n</span><span class="pl-c1">))))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-en">n</span><span class="pl-c1">))</span> <span class="pl-c1">=</span>
+    <span class="pl-en">indefinite_description_ghost</span> <span class="pl-c1">_</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-en">n</span><span class="pl-c1">==</span><span class="pl-c1">true</span><span class="pl-c1">)</span></pre></div>
+<p>Note, F*+SMT can easily prove, since it is just classical logic:
+<code>(~(forall n. ~(p n))) ==&gt; (exists n. p n) </code></p>
+<h4>
+<a id="user-content-stronger_markovs_principle_prop" class="anchor" href="#stronger_markovs_principle_prop" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>stronger_markovs_principle_prop</h4>
+<p>A variant of the previous lemma, but for a <code>prop</code> rather than a
+boolean predicate</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">stronger_markovs_principle_prop</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-en">prop</span><span class="pl-c1">))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Ghost</span> <span class="pl-c1">nat</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(~(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">nat).</span> <span class="pl-c1">~(</span><span class="pl-en">p</span> <span class="pl-en">n</span><span class="pl-c1">))))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-en">n</span><span class="pl-c1">))</span> <span class="pl-c1">=</span>
+    <span class="pl-en">indefinite_description_ghost</span> <span class="pl-c1">_</span> <span class="pl-en">p</span></pre></div>
+<p>A proof for squash p can be eliminated to get p in the Ghost effect</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">elim_squash</span> <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-k">squash</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-en">p</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">uu</span> <span class="pl-c1">:</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">p</span> <span class="pl-c1">&amp;</span> <span class="pl-k">squash</span> <span class="pl-en">c_True</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-en">bind_squash</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">return_squash</span> <span class="pl-c1">(|</span> <span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-en">return_squash</span> <span class="pl-c1">T</span> <span class="pl-c1">|))</span> <span class="pl-k">in</span>
+  <span class="pl-en">give_proof</span> <span class="pl-c1">(</span><span class="pl-en">return_squash</span> <span class="pl-en">uu</span><span class="pl-c1">);</span>
+  <span class="pl-en">indefinite_description_ghost</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-en">c_True</span><span class="pl-c1">)</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Int.Cast.Full.html b/docs/FStar.Int.Cast.Full.html
index 499863c..ef9402b 100644
--- a/docs/FStar.Int.Cast.Full.html
+++ b/docs/FStar.Int.Cast.Full.html
@@ -1,16 +1,32 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Int.Cast.Full</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.int.cast.full">module FStar.Int.Cast.Full</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarintcastfull" class="anchor" href="#fstarintcastfull" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Int.Cast.Full</h1>
+<ul>
+<li>
+<p>Includes module <a href="FStar.Int.Cast.html">FStar.Int.Cast</a></p>
+</li>
+<li>
+<p>Aliases module <a href="FStar.UInt64.html"> FStar.UInt64</a> as <code>U64  </code></p>
+</li>
+<li>
+<p>Aliases module <a href="FStar.UInt128.html"> FStar.UInt128</a> as <code>U128 </code></p>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">inline_for_extraction</span> <span class="pl-k">noextract</span>
+<span class="pl-k">val</span> <span class="pl-en">uint64_to_uint128</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">U64.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">U128.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">U128.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">==</span> <span class="pl-smi">U64.</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">}</span>
+<span class="pl-k">inline_for_extraction</span> <span class="pl-k">noextract</span>
+<span class="pl-k">let</span> <span class="pl-en">uint64_to_uint128</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-smi">U128.</span><span class="pl-en">uint64_to_uint128</span> <span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">inline_for_extraction</span> <span class="pl-k">noextract</span>
+<span class="pl-k">val</span> <span class="pl-en">uint128_to_uint64</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">U128.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">U64.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">U64.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">==</span> <span class="pl-smi">U128.</span><span class="pl-en">v</span> <span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-c1">64</span><span class="pl-c1">}</span>
+<span class="pl-k">inline_for_extraction</span> <span class="pl-k">noextract</span>
+<span class="pl-k">let</span> <span class="pl-en">uint128_to_uint64</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-smi">U128.</span><span class="pl-en">uint128_to_uint64</span> <span class="pl-en">a</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Int.Cast.html b/docs/FStar.Int.Cast.html
index a8f2ff3..4228bd7 100644
--- a/docs/FStar.Int.Cast.html
+++ b/docs/FStar.Int.Cast.html
@@ -1,16 +1,188 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Int.Cast</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.int.cast">module FStar.Int.Cast</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarintcast" class="anchor" href="#fstarintcast" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Int.Cast</h1>
+<ul>
+<li>Aliases module <a href="FStar.UInt8.html"> FStar.UInt8</a> as <code>U8  </code>
+</li>
+<li>Aliases module <a href="FStar.UInt16.html"> FStar.UInt16</a> as <code>U16 </code>
+</li>
+<li>Aliases module <a href="FStar.UInt32.html"> FStar.UInt32</a> as <code>U32 </code>
+</li>
+<li>Aliases module <a href="FStar.UInt64.html"> FStar.UInt64</a> as <code>U64 </code>
+</li>
+<li>Aliases module <a href="FStar.Int8.html"> FStar.Int8</a> as <code>I8  </code>
+</li>
+<li>Aliases module <a href="FStar.Int16.html"> FStar.Int16</a> as <code>I16 </code>
+</li>
+<li>Aliases module <a href="FStar.Int32.html"> FStar.Int32</a> as <code>I32 </code>
+</li>
+<li>Aliases module <a href="FStar.Int64.html"> FStar.Int64</a> as <code>I64 </code>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">op_At_Percent</span> <span class="pl-c1">=</span> <span class="pl-smi">FStar.Int.</span><span class="pl-en">op_At_Percent</span></pre></div>
+<blockquote>
+<p>Unsigned to unsigned</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">uint8_to_uint64</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">U8.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">U64.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">U64.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">U8.</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">uint8_to_uint64</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-smi">U64.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">U8.</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">uint8_to_uint32</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">U8.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">U32.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">U8.</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">uint8_to_uint32</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">U32.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">U8.</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">uint8_to_uint16</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">U8.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">U16.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">U16.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">U8.</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">uint8_to_uint16</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">U16.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">U8.</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">uint16_to_uint64</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">U16.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">U64.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">U64.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">U16.</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">uint16_to_uint64</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">U64.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">U16.</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">uint16_to_uint32</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">U16.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">U32.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">U16.</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">uint16_to_uint32</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">U32.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">U16.</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">uint16_to_uint8</span> <span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">U16.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">U8.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">U8.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">U16.</span><span class="pl-en">v</span> <span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-c1">8</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">uint16_to_uint8</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">U8.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">U16.</span><span class="pl-en">v</span> <span class="pl-en">x</span> % <span class="pl-en">pow2</span> <span class="pl-c1">8</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">uint32_to_uint64</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">U32.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">U64.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">U64.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">uint32_to_uint64</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">U64.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">uint32_to_uint16</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">U32.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">U16.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">U16.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-c1">16</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">uint32_to_uint16</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">U16.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">x</span> % <span class="pl-en">pow2</span> <span class="pl-c1">16</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">uint32_to_uint8</span> <span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">U32.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">U8.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">U8.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-c1">8</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">uint32_to_uint8</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">U8.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">x</span> % <span class="pl-en">pow2</span> <span class="pl-c1">8</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">uint64_to_uint32</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">U64.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">U32.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">U64.</span><span class="pl-en">v</span> <span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-c1">32</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">uint64_to_uint32</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">U32.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">U64.</span><span class="pl-en">v</span> <span class="pl-en">x</span> % <span class="pl-en">pow2</span> <span class="pl-c1">32</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">uint64_to_uint16</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">U64.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">U16.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">U16.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">U64.</span><span class="pl-en">v</span> <span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-c1">16</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">uint64_to_uint16</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">U16.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">U64.</span><span class="pl-en">v</span> <span class="pl-en">x</span> % <span class="pl-en">pow2</span> <span class="pl-c1">16</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">uint64_to_uint8</span> <span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">U64.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">U8.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">U8.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">U64.</span><span class="pl-en">v</span> <span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-c1">8</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">uint64_to_uint8</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">U8.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">U64.</span><span class="pl-en">v</span> <span class="pl-en">x</span> % <span class="pl-en">pow2</span> <span class="pl-c1">8</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<p>Signed to signed</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int8_to_int64</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">I8.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">I64.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">I64.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">I8.</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">int8_to_int64</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">I64.</span><span class="pl-en">int_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">I8.</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int8_to_int32</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">I8.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">I32.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">I32.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">I8.</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">int8_to_int32</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">I32.</span><span class="pl-en">int_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">I8.</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int8_to_int16</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">I8.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">I16.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">I16.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">I8.</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">int8_to_int16</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">I16.</span><span class="pl-en">int_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">I8.</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int16_to_int64</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">I16.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">I64.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">I64.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">I16.</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">int16_to_int64</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">I64.</span><span class="pl-en">int_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">I16.</span><span class="pl-en">v</span> <span class="pl-en">x</span> @% <span class="pl-en">pow2</span> <span class="pl-c1">64</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int16_to_int32</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">I16.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">I32.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">I32.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">I16.</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">int16_to_int32</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">I32.</span><span class="pl-en">int_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">I16.</span><span class="pl-en">v</span> <span class="pl-en">x</span> @% <span class="pl-en">pow2</span> <span class="pl-c1">32</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>with care; in C the result is implementation-defined when not representable<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">val</span> <span class="pl-en">int16_to_int8</span> <span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">I16.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">I8.</span><span class="pl-en">t</span> <span class="pl-c1">{</span><span class="pl-smi">I8.</span><span class="pl-en">v</span> <span class="pl-en">b</span>  <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-smi">I16.</span><span class="pl-en">v</span> <span class="pl-en">a</span> @% <span class="pl-en">pow2</span> <span class="pl-c1">8</span><span class="pl-c1">)})</span>
+<span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>with care; in C the result is implementation-defined when not representable<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">let</span> <span class="pl-en">int16_to_int8</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">I8.</span><span class="pl-en">int_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">I16.</span><span class="pl-en">v</span> <span class="pl-en">x</span> @% <span class="pl-en">pow2</span> <span class="pl-c1">8</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int32_to_int64</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">I32.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">I64.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">I64.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">I32.</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">int32_to_int64</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">I64.</span><span class="pl-en">int_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">I32.</span><span class="pl-en">v</span> <span class="pl-en">x</span> @% <span class="pl-en">pow2</span> <span class="pl-c1">64</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>with care; in C the result is implementation-defined when not representable<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">val</span> <span class="pl-en">int32_to_int16</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">I32.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">I16.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">I16.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-smi">I32.</span><span class="pl-en">v</span> <span class="pl-en">a</span> @% <span class="pl-en">pow2</span> <span class="pl-c1">16</span><span class="pl-c1">)})</span>
+<span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>with care; in C the result is implementation-defined when not representable<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">let</span> <span class="pl-en">int32_to_int16</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">I16.</span><span class="pl-en">int_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">I32.</span><span class="pl-en">v</span> <span class="pl-en">x</span> @% <span class="pl-en">pow2</span> <span class="pl-c1">16</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>with care; in C the result is implementation-defined when not representable<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">val</span> <span class="pl-en">int32_to_int8</span> <span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">I32.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">I8.</span><span class="pl-en">t</span> <span class="pl-c1">{</span><span class="pl-smi">I8.</span><span class="pl-en">v</span> <span class="pl-en">b</span>  <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-smi">I32.</span><span class="pl-en">v</span> <span class="pl-en">a</span> @% <span class="pl-en">pow2</span> <span class="pl-c1">8</span><span class="pl-c1">)})</span>
+<span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>with care; in C the result is implementation-defined when not representable<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">let</span> <span class="pl-en">int32_to_int8</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">I8.</span><span class="pl-en">int_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">I32.</span><span class="pl-en">v</span> <span class="pl-en">x</span> @% <span class="pl-en">pow2</span> <span class="pl-c1">8</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>with care; in C the result is implementation-defined when not representable<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">val</span> <span class="pl-en">int64_to_int32</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">I64.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">I32.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">I32.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-smi">I64.</span><span class="pl-en">v</span> <span class="pl-en">a</span> @% <span class="pl-en">pow2</span> <span class="pl-c1">32</span><span class="pl-c1">)})</span>
+<span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>with care; in C the result is implementation-defined when not representable<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">let</span> <span class="pl-en">int64_to_int32</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">I32.</span><span class="pl-en">int_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">I64.</span><span class="pl-en">v</span> <span class="pl-en">x</span> @% <span class="pl-en">pow2</span> <span class="pl-c1">32</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>with care; in C the result is implementation-defined when not representable<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">val</span> <span class="pl-en">int64_to_int16</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">I64.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">I16.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">I16.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-smi">I64.</span><span class="pl-en">v</span> <span class="pl-en">a</span> @% <span class="pl-en">pow2</span> <span class="pl-c1">16</span><span class="pl-c1">)})</span>
+<span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>with care; in C the result is implementation-defined when not representable<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">let</span> <span class="pl-en">int64_to_int16</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">I16.</span><span class="pl-en">int_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">I64.</span><span class="pl-en">v</span> <span class="pl-en">x</span> @% <span class="pl-en">pow2</span> <span class="pl-c1">16</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>with care; in C the result is implementation-defined when not representable<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">val</span> <span class="pl-en">int64_to_int8</span> <span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">I64.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">I8.</span><span class="pl-en">t</span> <span class="pl-c1">{</span><span class="pl-smi">I8.</span><span class="pl-en">v</span> <span class="pl-en">b</span>  <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-smi">I64.</span><span class="pl-en">v</span> <span class="pl-en">a</span> @% <span class="pl-en">pow2</span> <span class="pl-c1">8</span><span class="pl-c1">)})</span>
+<span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>with care; in C the result is implementation-defined when not representable<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">let</span> <span class="pl-en">int64_to_int8</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">I8.</span><span class="pl-en">int_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">I64.</span><span class="pl-en">v</span> <span class="pl-en">x</span> @% <span class="pl-en">pow2</span> <span class="pl-c1">8</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<p>Unsigned to signed</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">uint8_to_int64</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">U8.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">I64.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">I64.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">U8.</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">uint8_to_int64</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">I64.</span><span class="pl-en">int_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">U8.</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">uint8_to_int32</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">U8.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">I32.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">I32.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">U8.</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">uint8_to_int32</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">I32.</span><span class="pl-en">int_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">U8.</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">uint8_to_int16</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">U8.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">I16.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">I16.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">U8.</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">uint8_to_int16</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">I16.</span><span class="pl-en">int_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">U8.</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>with care; in C the result is implementation-defined when not representable<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">val</span> <span class="pl-en">uint8_to_int8</span> <span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">U8.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">I8.</span><span class="pl-en">t</span> <span class="pl-c1">{</span><span class="pl-smi">I8.</span><span class="pl-en">v</span> <span class="pl-en">b</span>  <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-smi">U8.</span><span class="pl-en">v</span> <span class="pl-en">a</span> @% <span class="pl-en">pow2</span> <span class="pl-c1">8</span><span class="pl-c1">)})</span>
+<span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>with care; in C the result is implementation-defined when not representable<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">let</span> <span class="pl-en">uint8_to_int8</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">I8.</span><span class="pl-en">int_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">U8.</span><span class="pl-en">v</span> <span class="pl-en">x</span> @% <span class="pl-en">pow2</span> <span class="pl-c1">8</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">uint16_to_int64</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">U16.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">I64.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">I64.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">U16.</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">uint16_to_int64</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">I64.</span><span class="pl-en">int_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">U16.</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">uint16_to_int32</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">U16.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">I32.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">I32.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">U16.</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">uint16_to_int32</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">I32.</span><span class="pl-en">int_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">U16.</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>with care; in C the result is implementation-defined when not representable<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">val</span> <span class="pl-en">uint16_to_int16</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">U16.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">I16.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">I16.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-smi">U16.</span><span class="pl-en">v</span> <span class="pl-en">a</span> @% <span class="pl-en">pow2</span> <span class="pl-c1">16</span><span class="pl-c1">)})</span>
+<span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>with care; in C the result is implementation-defined when not representable<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">let</span> <span class="pl-en">uint16_to_int16</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">I16.</span><span class="pl-en">int_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">U16.</span><span class="pl-en">v</span> <span class="pl-en">x</span> @% <span class="pl-en">pow2</span> <span class="pl-c1">16</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>with care; in C the result is implementation-defined when not representable<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">val</span> <span class="pl-en">uint16_to_int8</span> <span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">U16.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">I8.</span><span class="pl-en">t</span> <span class="pl-c1">{</span><span class="pl-smi">I8.</span><span class="pl-en">v</span> <span class="pl-en">b</span>  <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-smi">U16.</span><span class="pl-en">v</span> <span class="pl-en">a</span> @% <span class="pl-en">pow2</span> <span class="pl-c1">8</span><span class="pl-c1">)})</span>
+<span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>with care; in C the result is implementation-defined when not representable<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">let</span> <span class="pl-en">uint16_to_int8</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">I8.</span><span class="pl-en">int_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">U16.</span><span class="pl-en">v</span> <span class="pl-en">x</span> @% <span class="pl-en">pow2</span> <span class="pl-c1">8</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">uint32_to_int64</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">U32.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">I64.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">I64.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">uint32_to_int64</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">I64.</span><span class="pl-en">int_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>with care; in C the result is implementation-defined when not representable<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">val</span> <span class="pl-en">uint32_to_int32</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">U32.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">I32.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">I32.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">a</span> @% <span class="pl-en">pow2</span> <span class="pl-c1">32</span><span class="pl-c1">)})</span>
+<span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>with care; in C the result is implementation-defined when not representable<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">let</span> <span class="pl-en">uint32_to_int32</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">I32.</span><span class="pl-en">int_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">x</span> @% <span class="pl-en">pow2</span> <span class="pl-c1">32</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>with care; in C the result is implementation-defined when not representable<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">val</span> <span class="pl-en">uint32_to_int16</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">U32.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">I16.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">I16.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">a</span> @% <span class="pl-en">pow2</span> <span class="pl-c1">16</span><span class="pl-c1">)})</span>
+<span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>with care; in C the result is implementation-defined when not representable<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">let</span> <span class="pl-en">uint32_to_int16</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">I16.</span><span class="pl-en">int_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">x</span> @% <span class="pl-en">pow2</span> <span class="pl-c1">16</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>with care; in C the result is implementation-defined when not representable<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">val</span> <span class="pl-en">uint32_to_int8</span> <span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">U32.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">I8.</span><span class="pl-en">t</span> <span class="pl-c1">{</span><span class="pl-smi">I8.</span><span class="pl-en">v</span> <span class="pl-en">b</span>  <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">a</span> @% <span class="pl-en">pow2</span> <span class="pl-c1">8</span><span class="pl-c1">)})</span>
+<span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>with care; in C the result is implementation-defined when not representable<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">let</span> <span class="pl-en">uint32_to_int8</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">I8.</span><span class="pl-en">int_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">x</span> @% <span class="pl-en">pow2</span> <span class="pl-c1">8</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>with care; in C the result is implementation-defined when not representable<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">val</span> <span class="pl-en">uint64_to_int64</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">U64.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">I64.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">I64.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-smi">U64.</span><span class="pl-en">v</span> <span class="pl-en">a</span> @% <span class="pl-en">pow2</span> <span class="pl-c1">64</span><span class="pl-c1">)})</span>
+<span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>with care; in C the result is implementation-defined when not representable<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">let</span> <span class="pl-en">uint64_to_int64</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">I64.</span><span class="pl-en">int_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">U64.</span><span class="pl-en">v</span> <span class="pl-en">x</span> @% <span class="pl-en">pow2</span> <span class="pl-c1">64</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>with care; in C the result is implementation-defined when not representable<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">val</span> <span class="pl-en">uint64_to_int32</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">U64.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">I32.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">I32.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-smi">U64.</span><span class="pl-en">v</span> <span class="pl-en">a</span> @% <span class="pl-en">pow2</span> <span class="pl-c1">32</span><span class="pl-c1">)})</span>
+<span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>with care; in C the result is implementation-defined when not representable<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">let</span> <span class="pl-en">uint64_to_int32</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">I32.</span><span class="pl-en">int_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">U64.</span><span class="pl-en">v</span> <span class="pl-en">x</span> @% <span class="pl-en">pow2</span> <span class="pl-c1">32</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>with care; in C the result is implementation-defined when not representable<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">val</span> <span class="pl-en">uint64_to_int16</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">U64.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">I16.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">I16.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-smi">U64.</span><span class="pl-en">v</span> <span class="pl-en">a</span> @% <span class="pl-en">pow2</span> <span class="pl-c1">16</span><span class="pl-c1">)})</span>
+<span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>with care; in C the result is implementation-defined when not representable<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">let</span> <span class="pl-en">uint64_to_int16</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">I16.</span><span class="pl-en">int_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">U64.</span><span class="pl-en">v</span> <span class="pl-en">x</span> @% <span class="pl-en">pow2</span> <span class="pl-c1">16</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>with care; in C the result is implementation-defined when not representable<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">val</span> <span class="pl-en">uint64_to_int8</span> <span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">U64.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">I8.</span><span class="pl-en">t</span> <span class="pl-c1">{</span><span class="pl-smi">I8.</span><span class="pl-en">v</span> <span class="pl-en">b</span>  <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-smi">U64.</span><span class="pl-en">v</span> <span class="pl-en">a</span> @% <span class="pl-en">pow2</span> <span class="pl-c1">8</span><span class="pl-c1">)})</span>
+<span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>with care; in C the result is implementation-defined when not representable<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">let</span> <span class="pl-en">uint64_to_int8</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">I8.</span><span class="pl-en">int_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">U64.</span><span class="pl-en">v</span> <span class="pl-en">x</span> @% <span class="pl-en">pow2</span> <span class="pl-c1">8</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<p>Signed to unsigned</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int8_to_uint64</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">I8.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">U64.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">U64.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">I8.</span><span class="pl-en">v</span> <span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-c1">64</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">int8_to_uint64</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">U64.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">I8.</span><span class="pl-en">v</span> <span class="pl-en">x</span> % <span class="pl-en">pow2</span> <span class="pl-c1">64</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int8_to_uint32</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">I8.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">U32.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">I8.</span><span class="pl-en">v</span> <span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-c1">32</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">int8_to_uint32</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">U32.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">I8.</span><span class="pl-en">v</span> <span class="pl-en">x</span> % <span class="pl-en">pow2</span> <span class="pl-c1">32</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int8_to_uint16</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">I8.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">U16.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">U16.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">I8.</span><span class="pl-en">v</span> <span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-c1">16</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">int8_to_uint16</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">U16.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">I8.</span><span class="pl-en">v</span> <span class="pl-en">x</span> % <span class="pl-en">pow2</span> <span class="pl-c1">16</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int8_to_uint8</span> <span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">I8.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">U8.</span><span class="pl-en">t</span> <span class="pl-c1">{</span><span class="pl-smi">U8.</span><span class="pl-en">v</span> <span class="pl-en">b</span>  <span class="pl-c1">=</span> <span class="pl-smi">I8.</span><span class="pl-en">v</span> <span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-c1">8</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">int8_to_uint8</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">U8.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">I8.</span><span class="pl-en">v</span> <span class="pl-en">x</span> % <span class="pl-en">pow2</span> <span class="pl-c1">8</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int16_to_uint64</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">I16.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">U64.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">U64.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">I16.</span><span class="pl-en">v</span> <span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-c1">64</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">int16_to_uint64</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">U64.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">I16.</span><span class="pl-en">v</span> <span class="pl-en">x</span> % <span class="pl-en">pow2</span> <span class="pl-c1">64</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int16_to_uint32</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">I16.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">U32.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">I16.</span><span class="pl-en">v</span> <span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-c1">32</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">int16_to_uint32</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">U32.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">I16.</span><span class="pl-en">v</span> <span class="pl-en">x</span> % <span class="pl-en">pow2</span> <span class="pl-c1">32</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int16_to_uint16</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">I16.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">U16.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">U16.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">I16.</span><span class="pl-en">v</span> <span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-c1">16</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">int16_to_uint16</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">U16.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">I16.</span><span class="pl-en">v</span> <span class="pl-en">x</span> % <span class="pl-en">pow2</span> <span class="pl-c1">16</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int16_to_uint8</span> <span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">I16.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">U8.</span><span class="pl-en">t</span> <span class="pl-c1">{</span><span class="pl-smi">U8.</span><span class="pl-en">v</span> <span class="pl-en">b</span>  <span class="pl-c1">=</span> <span class="pl-smi">I16.</span><span class="pl-en">v</span> <span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-c1">8</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">int16_to_uint8</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">U8.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">I16.</span><span class="pl-en">v</span> <span class="pl-en">x</span> % <span class="pl-en">pow2</span> <span class="pl-c1">8</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int32_to_uint64</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">I32.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">U64.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">U64.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">I32.</span><span class="pl-en">v</span> <span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-c1">64</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">int32_to_uint64</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">U64.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">I32.</span><span class="pl-en">v</span> <span class="pl-en">x</span> % <span class="pl-en">pow2</span> <span class="pl-c1">64</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int32_to_uint32</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">I32.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">U32.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">I32.</span><span class="pl-en">v</span> <span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-c1">32</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">int32_to_uint32</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">U32.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">I32.</span><span class="pl-en">v</span> <span class="pl-en">x</span> % <span class="pl-en">pow2</span> <span class="pl-c1">32</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int32_to_uint16</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">I32.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">U16.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">U16.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">I32.</span><span class="pl-en">v</span> <span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-c1">16</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">int32_to_uint16</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">U16.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">I32.</span><span class="pl-en">v</span> <span class="pl-en">x</span> % <span class="pl-en">pow2</span> <span class="pl-c1">16</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int32_to_uint8</span> <span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">I32.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">U8.</span><span class="pl-en">t</span> <span class="pl-c1">{</span><span class="pl-smi">U8.</span><span class="pl-en">v</span> <span class="pl-en">b</span>  <span class="pl-c1">=</span> <span class="pl-smi">I32.</span><span class="pl-en">v</span> <span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-c1">8</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">int32_to_uint8</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">U8.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">I32.</span><span class="pl-en">v</span> <span class="pl-en">x</span> % <span class="pl-en">pow2</span> <span class="pl-c1">8</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int64_to_uint64</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">I64.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">U64.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">U64.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">I64.</span><span class="pl-en">v</span> <span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-c1">64</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">int64_to_uint64</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">U64.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">I64.</span><span class="pl-en">v</span> <span class="pl-en">x</span> % <span class="pl-en">pow2</span> <span class="pl-c1">64</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int64_to_uint32</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">I64.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">U32.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">I64.</span><span class="pl-en">v</span> <span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-c1">32</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">int64_to_uint32</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">U32.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">I64.</span><span class="pl-en">v</span> <span class="pl-en">x</span> % <span class="pl-en">pow2</span> <span class="pl-c1">32</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int64_to_uint16</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">I64.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">U16.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">U16.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-smi">I64.</span><span class="pl-en">v</span> <span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-c1">16</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">int64_to_uint16</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">U16.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">I64.</span><span class="pl-en">v</span> <span class="pl-en">x</span> % <span class="pl-en">pow2</span> <span class="pl-c1">16</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int64_to_uint8</span> <span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">I64.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">U8.</span><span class="pl-en">t</span> <span class="pl-c1">{</span><span class="pl-smi">U8.</span><span class="pl-en">v</span> <span class="pl-en">b</span>  <span class="pl-c1">=</span> <span class="pl-smi">I64.</span><span class="pl-en">v</span> <span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-c1">8</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">int64_to_uint8</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">U8.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">I64.</span><span class="pl-en">v</span> <span class="pl-en">x</span> % <span class="pl-en">pow2</span> <span class="pl-c1">8</span><span class="pl-c1">)</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Int.html b/docs/FStar.Int.html
index 9cd59d2..b03ef94 100644
--- a/docs/FStar.Int.html
+++ b/docs/FStar.Int.html
@@ -1,57 +1,349 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Int</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.int">module FStar.Int</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> shift_left:Unidentified product: [#n:pos] Unidentified product: [a:a:int_t n:{&lt;=(<span class="dv">0</span>, a)}] Unidentified product: [s:nat] (Tot (int_t n))</code></pre></div>
+<h1>
+<a id="user-content-fstarint" class="anchor" href="#fstarint" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Int</h1>
+<p>NOTE: anything that you fix/update here should be reflected in <code>FStar.UInt.fsti</code>, which is mostly</p>
+<ul>
+<li>
+<p>a copy-paste of this module.</p>
+</li>
+<li>
+<p>Opens module <a href="FStar.Mul.html">FStar.Mul</a></p>
+</li>
+<li>
+<p>Opens module <a href="FStar.BitVector.html">FStar.BitVector</a></p>
+</li>
+<li>
+<p>Opens module <a href="FStar.Math.Lemmas.html">FStar.Math.Lemmas</a></p>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">pow2_values</span><span class="pl-c1">:</span> <span class="pl-en">x</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-en">pow2</span> <span class="pl-en">x</span> <span class="pl-k">in</span>
+   <span class="pl-k">match</span> <span class="pl-en">x</span> <span class="pl-k">with</span>
+   <span class="pl-c1">|</span> <span class="pl-c1">0</span>  <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">=</span><span class="pl-c1">1</span>
+   <span class="pl-c1">|</span> <span class="pl-c1">1</span>  <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">=</span><span class="pl-c1">2</span>
+   <span class="pl-c1">|</span> <span class="pl-c1">8</span>  <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">=</span><span class="pl-c1">256</span>
+   <span class="pl-c1">|</span> <span class="pl-c1">16</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">=</span><span class="pl-c1">65536</span>
+   <span class="pl-c1">|</span> <span class="pl-c1">31</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">=</span><span class="pl-c1">2147483648</span>
+   <span class="pl-c1">|</span> <span class="pl-c1">32</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">=</span><span class="pl-c1">4294967296</span>
+   <span class="pl-c1">|</span> <span class="pl-c1">63</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">=</span><span class="pl-c1">9223372036854775808</span>
+   <span class="pl-c1">|</span> <span class="pl-c1">64</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">=</span><span class="pl-c1">18446744073709551616</span>
+   <span class="pl-c1">|</span> <span class="pl-c1">_</span>  <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">x</span><span class="pl-c1">)]</span></pre></div>
+<blockquote>
+<p>Specs</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">max_int</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">int</span> <span class="pl-c1">=</span> <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">-</span><span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span>
+<span class="pl-k">let</span> <span class="pl-en">min_int</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">int</span> <span class="pl-c1">=</span> <span class="pl-c1">-</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">-</span><span class="pl-c1">1</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">fits</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">min_int</span> <span class="pl-en">n</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">x</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">x</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">max_int</span> <span class="pl-en">n</span>
+<span class="pl-k">let</span> <span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type0</span> <span class="pl-c1">=</span> <span class="pl-en">b2t</span><span class="pl-c1">(</span><span class="pl-en">fits</span> <span class="pl-en">x</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<p>Machine integer type</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">int_t</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">=</span> <span class="pl-en">x</span><span class="pl-c1">:int{</span><span class="pl-en">size</span> <span class="pl-en">x</span> <span class="pl-en">n</span><span class="pl-c1">}</span></pre></div>
+<blockquote>
+<p>Multiplicative operator semantics, see C11 6.5.5</p>
+</blockquote>
+<p>Truncation towards zero division</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">op_Slash</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:int{</span><span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">int</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-c1">(</span><span class="pl-en">a</span> &gt;<span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">b</span> &lt; <span class="pl-c1">0</span><span class="pl-c1">)</span> <span class="pl-c1">||</span> <span class="pl-c1">(</span><span class="pl-en">a</span> &lt; <span class="pl-c1">0</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">b</span> &gt;<span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">)</span> <span class="pl-k">then</span> <span class="pl-c1">-</span> <span class="pl-c1">(</span><span class="pl-en">abs</span> <span class="pl-en">a</span> / <span class="pl-en">abs</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-k">else</span> <span class="pl-en">abs</span> <span class="pl-en">a</span> / <span class="pl-en">abs</span> <span class="pl-en">b</span></pre></div>
+<p>Wrap-around modulo: wraps into [-p/2; p/2[</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">op_At_Percent</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:int{</span><span class="pl-en">p</span>&gt;<span class="pl-c1">0</span><span class="pl-c1">/\</span> <span class="pl-en">p</span>%<span class="pl-c1">2</span><span class="pl-c1">=</span><span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">int</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">m</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> % <span class="pl-en">p</span> <span class="pl-k">in</span> <span class="pl-k">if</span> <span class="pl-en">m</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">p</span>/<span class="pl-c1">2</span> <span class="pl-k">then</span> <span class="pl-en">m</span> <span class="pl-c1">-</span> <span class="pl-en">p</span> <span class="pl-k">else</span> <span class="pl-en">m</span></pre></div>
+<blockquote>
+<p>Constants</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">zero</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">#</span><span class="pl-en">push</span><span class="pl-c1">-</span><span class="pl-en">options</span> <span class="pl-s"><span class="pl-pds">"</span>--initial_fuel 1 --max_fuel 1<span class="pl-pds">"</span></span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">pow2_n</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:nat{</span><span class="pl-en">p</span> &lt; <span class="pl-en">n</span><span class="pl-c1">-</span><span class="pl-c1">1</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">pow2_le_compat</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">2</span><span class="pl-c1">)</span> <span class="pl-en">p</span><span class="pl-c1">;</span> <span class="pl-en">pow2</span> <span class="pl-en">p</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">pow2_minus_one</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos{</span><span class="pl-c1">1</span> &lt; <span class="pl-en">n</span><span class="pl-c1">})</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:nat{</span><span class="pl-en">m</span> &lt; <span class="pl-en">n</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">pow2_le_compat</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">m</span><span class="pl-c1">;</span>
+  <span class="pl-en">pow2</span> <span class="pl-en">m</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">one</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos{</span><span class="pl-c1">1</span> &lt; <span class="pl-en">n</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">1</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">#</span><span class="pl-en">pop</span><span class="pl-c1">-</span><span class="pl-en">options</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">ones</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">-</span><span class="pl-c1">1</span></pre></div>
+<p>Increment and decrement</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">incr</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">b2t</span> <span class="pl-c1">(</span><span class="pl-en">a</span> &lt; <span class="pl-en">max_int</span> <span class="pl-en">n</span><span class="pl-c1">)))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">decr</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">b2t</span> <span class="pl-c1">(</span><span class="pl-en">a</span> &gt; <span class="pl-en">min_int</span> <span class="pl-en">n</span><span class="pl-c1">)))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">incr_underspec</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">b2t</span> <span class="pl-c1">(</span><span class="pl-en">a</span> &lt; <span class="pl-en">max_int</span> <span class="pl-en">n</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span> <span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">decr_underspec</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">b2t</span> <span class="pl-c1">(</span><span class="pl-en">a</span> &gt; <span class="pl-en">min_int</span> <span class="pl-en">n</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span> <span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">incr_mod</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> % <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">-</span><span class="pl-c1">1</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">decr_mod</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> % <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">-</span><span class="pl-c1">1</span><span class="pl-c1">))</span></pre></div>
+<p>Addition primitives</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">add</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+      <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">add_underspec</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">#</span><span class="pl-en">push</span><span class="pl-c1">-</span><span class="pl-en">options</span> <span class="pl-s"><span class="pl-pds">"</span>--initial_fuel 1 --max_fuel 1<span class="pl-pds">"</span></span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">add_mod</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span><span class="pl-c1">)</span> @% <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<p>Subtraction primitives</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">sub</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+      <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sub_underspec</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">sub_mod</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span><span class="pl-c1">)</span> @% <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<p>Multiplication primitives</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mul</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+      <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-en">a</span> * <span class="pl-en">b</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mul_underspec</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">a</span> * <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mul_mod</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">)</span> @% <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">#</span><span class="pl-en">pop</span><span class="pl-c1">-</span><span class="pl-en">options</span></pre></div>
+<p>Division primitives</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">div</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">{</span><span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">})</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+      <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">a</span> / <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">c</span><span class="pl-c1">))</span>
+<span class="pl-c1">=</span> <span class="pl-en">a</span> / <span class="pl-en">b</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">div_underspec</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">{</span><span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span> <span class="pl-c1">/\</span> <span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">a</span> / <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">div_size</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">{</span><span class="pl-en">min_int</span> <span class="pl-en">n</span> &lt; <span class="pl-en">a</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">{</span><span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-en">a</span> <span class="pl-en">n</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">udiv</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">{</span><span class="pl-en">min_int</span> <span class="pl-en">n</span> &lt; <span class="pl-en">a</span><span class="pl-c1">})</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">{</span><span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">})</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">{</span><span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">a</span> / <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">c</span><span class="pl-c1">})</span>
+  <span class="pl-c1">=</span> <span class="pl-en">div_size</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">;</span>
+    <span class="pl-en">a</span> / <span class="pl-en">b</span></pre></div>
+<p>Modulo primitives</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mod</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">{</span><span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-c1">((</span><span class="pl-en">a</span>/<span class="pl-en">b</span><span class="pl-c1">)</span> * <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<p>Comparison operators</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">eq</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">b</span>
+<span class="pl-k">let</span> <span class="pl-en">gt</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> &gt; <span class="pl-en">b</span>
+<span class="pl-k">let</span> <span class="pl-en">gte</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">b</span>
+<span class="pl-k">let</span> <span class="pl-en">lt</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> &lt; <span class="pl-en">b</span>
+<span class="pl-k">let</span> <span class="pl-en">lte</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">b</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">#</span><span class="pl-en">push</span><span class="pl-c1">-</span><span class="pl-en">options</span> <span class="pl-s"><span class="pl-pds">"</span>--initial_fuel 1 --max_fuel 1<span class="pl-pds">"</span></span></pre></div>
+<blockquote>
+<p>Casts</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">to_uint</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-smi">UInt.</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">x</span> <span class="pl-k">then</span> <span class="pl-en">x</span> <span class="pl-k">else</span> <span class="pl-en">x</span> <span class="pl-c1">+</span> <span class="pl-en">pow2</span> <span class="pl-en">n</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">from_uint</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-smi">UInt.</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">x</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">max_int</span> <span class="pl-en">n</span> <span class="pl-k">then</span> <span class="pl-en">x</span> <span class="pl-k">else</span> <span class="pl-en">x</span> <span class="pl-c1">-</span> <span class="pl-en">pow2</span> <span class="pl-en">n</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">to_uint_injective</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">from_uint</span> <span class="pl-c1">(</span><span class="pl-en">to_uint</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">to_uint</span> <span class="pl-en">x</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">to_int_t</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> @% <span class="pl-en">pow2</span> <span class="pl-en">m</span></pre></div>
+<ul>
+<li>Opens module <a href="FStar.Seq.html">FStar.Seq</a>
+</li>
+</ul>
+<p>WARNING: Mind the big endian vs little endian definition</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">to_vec</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">num</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-smi">UInt.</span><span class="pl-en">to_vec</span> <span class="pl-c1">(</span><span class="pl-en">to_uint</span> <span class="pl-en">num</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">from_vec</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">vec</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">UInt.</span><span class="pl-en">from_vec</span> <span class="pl-en">vec</span> <span class="pl-k">in</span>
+  <span class="pl-k">if</span> <span class="pl-en">max_int</span> <span class="pl-en">n</span> &lt; <span class="pl-en">x</span> <span class="pl-k">then</span> <span class="pl-en">x</span> <span class="pl-c1">-</span> <span class="pl-en">pow2</span> <span class="pl-en">n</span> <span class="pl-k">else</span> <span class="pl-en">x</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">to_vec_lemma_1</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">to_vec_lemma_2</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">inverse_aux</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">vec</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">index</span> <span class="pl-en">vec</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">(</span><span class="pl-en">from_vec</span> <span class="pl-en">vec</span><span class="pl-c1">))</span> <span class="pl-en">i</span><span class="pl-c1">)</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">(</span><span class="pl-en">from_vec</span> <span class="pl-en">vec</span><span class="pl-c1">))</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">inverse_vec_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">vec</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">equal</span> <span class="pl-en">vec</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">(</span><span class="pl-en">from_vec</span> <span class="pl-en">vec</span><span class="pl-c1">)))</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">(</span><span class="pl-en">from_vec</span> <span class="pl-en">vec</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">inverse_num_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">num</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">num</span> <span class="pl-c1">=</span> <span class="pl-en">from_vec</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-en">num</span><span class="pl-c1">))</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">from_vec</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-en">num</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">from_vec_lemma_1</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">equal</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">from_vec</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">from_vec</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">from_vec_lemma_2</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">from_vec</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">from_vec</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">equal</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<p>Relations between constants in BitVector and in UInt.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">zero_to_vec_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">(</span><span class="pl-en">zero</span> <span class="pl-en">n</span><span class="pl-c1">))</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">zero_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">(</span><span class="pl-en">zero</span> <span class="pl-en">n</span><span class="pl-c1">))</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">zero_from_vec_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">from_vec</span> <span class="pl-c1">(</span><span class="pl-en">zero_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">zero</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">from_vec</span> <span class="pl-c1">(</span><span class="pl-en">zero_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">one_to_vec_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos{</span><span class="pl-c1">1</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">(</span><span class="pl-en">one</span> <span class="pl-en">n</span><span class="pl-c1">))</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">elem_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">))</span> <span class="pl-en">i</span><span class="pl-c1">)</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">(</span><span class="pl-en">one</span> <span class="pl-en">n</span><span class="pl-c1">))</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">pow2_to_vec_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:nat{</span><span class="pl-en">p</span> &lt; <span class="pl-en">n</span><span class="pl-c1">-</span><span class="pl-c1">1</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">(</span><span class="pl-en">pow2_n</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">p</span><span class="pl-c1">))</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">elem_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">p</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">))</span> <span class="pl-en">i</span><span class="pl-c1">)</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">(</span><span class="pl-en">pow2_n</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">p</span><span class="pl-c1">))</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">pow2_from_vec_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:pos{</span><span class="pl-en">p</span> &lt; <span class="pl-en">n</span><span class="pl-c1">-</span><span class="pl-c1">1</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">from_vec</span> <span class="pl-c1">(</span><span class="pl-en">elem_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">pow2_n</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">p</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">))</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">from_vec</span> <span class="pl-c1">(</span><span class="pl-en">elem_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">p</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">ones_to_vec_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">(</span><span class="pl-en">ones</span> <span class="pl-en">n</span><span class="pl-c1">))</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">ones_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">(</span><span class="pl-en">ones</span> <span class="pl-en">n</span><span class="pl-c1">))</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">ones_from_vec_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">from_vec</span> <span class="pl-c1">(</span><span class="pl-en">ones_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">ones</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">from_vec</span> <span class="pl-c1">(</span><span class="pl-en">ones_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">))]</span></pre></div>
+<p>(nth a i) returns a boolean indicating the i-th bit of a.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">nth</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">i</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">nth_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}).</span> <span class="pl-en">nth</span> <span class="pl-en">a</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">nth</span> <span class="pl-en">b</span> <span class="pl-en">i</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<p>Lemmas for constants</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">zero_nth_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">zero</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">false</span><span class="pl-c1">)</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">zero</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">one_nth_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos{</span><span class="pl-c1">1</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">one</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">true</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+             <span class="pl-c1">(</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">one</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">false</span><span class="pl-c1">))</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">one</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">ones_nth_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">ones</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">true</span><span class="pl-c1">)</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">ones</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<p>Bitwise operators</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">logand</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">from_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">logand_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">logxor</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">from_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">logxor_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">logor</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">from_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">logor_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lognot</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)=</span>
+  <span class="pl-en">from_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">lognot_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span><span class="pl-c1">))</span></pre></div>
+<p>Bitwise operators definitions</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logand_definition</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">logand</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-en">a</span> <span class="pl-en">i</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">nth</span> <span class="pl-en">b</span> <span class="pl-en">i</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">logand</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logxor_definition</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">logxor</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-en">a</span> <span class="pl-en">i</span> &lt;&gt; <span class="pl-en">nth</span> <span class="pl-en">b</span> <span class="pl-en">i</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">logxor</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logor_definition</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">logor</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-en">a</span> <span class="pl-en">i</span> <span class="pl-c1">||</span> <span class="pl-en">nth</span> <span class="pl-en">b</span> <span class="pl-en">i</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">logor</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lognot_definition</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">lognot</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">not</span><span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-en">a</span> <span class="pl-en">i</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">lognot</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<p>Two's complement unary minus</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">inline_for_extraction</span>
+<span class="pl-k">let</span> <span class="pl-en">minus</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos{</span><span class="pl-c1">1</span> &lt; <span class="pl-en">n</span><span class="pl-c1">})</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">add_mod</span> <span class="pl-c1">(</span><span class="pl-en">lognot</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">1</span></pre></div>
+<p>Bitwise operators lemmas</p>
+<p>TODO: lemmas about the relations between different operators</p>
+<p>Bitwise AND operator</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logand_commutative</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">logand</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">logand</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">b</span> <span class="pl-en">a</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logand_associative</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">logand</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">logand</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">logand</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">logand</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">b</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logand_self</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">logand</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logand_lemma_1</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">logand</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">zero</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">zero</span> <span class="pl-en">n</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logand_lemma_2</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">logand</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">ones</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sign_bit_negative</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos{</span><span class="pl-c1">1</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-en">a</span> <span class="pl-c1">0</span> <span class="pl-c1">=</span> <span class="pl-c1">true</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">a</span> &lt; <span class="pl-c1">0</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sign_bit_positive</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos{</span><span class="pl-c1">1</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-en">a</span> <span class="pl-c1">0</span> <span class="pl-c1">=</span> <span class="pl-c1">false</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logand_pos_le</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos{</span><span class="pl-c1">1</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">{</span><span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">{</span><span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">logand</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">/\</span> <span class="pl-en">logand</span> <span class="pl-en">a</span> <span class="pl-en">b</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">a</span> <span class="pl-c1">/\</span> <span class="pl-en">logand</span> <span class="pl-en">a</span> <span class="pl-en">b</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logand_pow2_minus_one</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos{</span><span class="pl-c1">1</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span><span class="pl-c1">:pos{</span><span class="pl-en">m</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">logand</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">pow2_minus_one</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">logand</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">pow2_minus_one</span> <span class="pl-en">m</span><span class="pl-c1">)</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">pow2_minus_one</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">m</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logand_max</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos{</span><span class="pl-c1">1</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">{</span><span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">logand</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">max_int</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">logand</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">max_int</span> <span class="pl-en">n</span><span class="pl-c1">))</span></pre></div>
+<p>Bitwise XOR operator</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logxor_commutative</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">logxor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">logxor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">b</span> <span class="pl-en">a</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logxor_associative</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">logxor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">logxor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">logxor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">logxor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">b</span> <span class="pl-en">c</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logxor_self</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">logxor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">zero</span> <span class="pl-en">n</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logxor_lemma_1</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">logxor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">zero</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logxor_lemma_2</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">logxor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">ones</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">lognot</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logxor_inv</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">logxor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">logxor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logxor_neq_nonzero</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+   <span class="pl-c1">(</span><span class="pl-en">a</span> &lt;&gt; <span class="pl-en">b</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">logxor</span> <span class="pl-en">a</span> <span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lognot_negative</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">a</span> &lt; <span class="pl-c1">0</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-en">lognot</span> <span class="pl-en">a</span> <span class="pl-c1">==</span> <span class="pl-smi">UInt.</span><span class="pl-en">lognot</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">pow2</span> <span class="pl-en">n</span><span class="pl-c1">))</span></pre></div>
+<p>Shift operators</p>
+<h4>
+<a id="user-content-shift_left" class="anchor" href="#shift_left" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>shift_left</h4>
 <p>If a is negative the result is undefined behaviour</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> shift_right:Unidentified product: [#n:pos] Unidentified product: [a:a:int_t n:{&lt;=(<span class="dv">0</span>, a)}] Unidentified product: [s:nat] (Tot (int_t n))</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">shift_left</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">{</span><span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">})</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:nat)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">from_vec</span> <span class="pl-c1">(</span><span class="pl-en">shift_left_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">s</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-shift_right" class="anchor" href="#shift_right" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>shift_right</h4>
 <p>If a is negative the result is implementation defined</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">shift_right</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">{</span><span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">})</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:nat)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">from_vec</span> <span class="pl-c1">(</span><span class="pl-en">shift_right_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">s</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">shift_arithmetic_right</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:nat)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">from_vec</span> <span class="pl-c1">(</span><span class="pl-en">shift_arithmetic_right_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">s</span><span class="pl-c1">)</span></pre></div>
+<p>Shift operators lemmas</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_left_lemma_1</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">{</span><span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">i</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">shift_left</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">false</span><span class="pl-c1">))</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">shift_left</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_left_lemma_2</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">{</span><span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">i</span> &lt; <span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">shift_left</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">nth</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">+</span> <span class="pl-en">s</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">shift_left</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_left_value_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">{</span><span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">shift_left</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">pow2</span> <span class="pl-en">s</span><span class="pl-c1">)</span> @% <span class="pl-en">pow2</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">shift_left</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_right_lemma_1</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">{</span><span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">i</span> &lt; <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">shift_right</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">false</span><span class="pl-c1">))</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">shift_right</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_right_lemma_2</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">{</span><span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">i</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">shift_right</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">nth</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">-</span> <span class="pl-en">s</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">shift_right</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_arithmetic_right_lemma_1</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">i</span> &lt; <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">shift_arithmetic_right</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">nth</span> <span class="pl-en">a</span> <span class="pl-c1">0</span><span class="pl-c1">))</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">shift_arithmetic_right</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_arithmetic_right_lemma_2</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">i</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">shift_arithmetic_right</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">nth</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">-</span> <span class="pl-en">s</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">shift_arithmetic_right</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Int128.html b/docs/FStar.Int128.html
index 34ee9b4..662453b 100644
--- a/docs/FStar.Int128.html
+++ b/docs/FStar.Int128.html
@@ -1,57 +1,154 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Int128</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.int128">module FStar.Int128</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((shift_right (a:t) (s:UInt32<span class="kw">.</span>t)):(Pure t ((requires (/\(&lt;=(<span class="dv">0</span>, v a), &lt;(UInt32<span class="kw">.</span>v s, n))))) ((ensures ((<span class="kw">fun</span> c -&gt; =(FStar<span class="kw">.</span>Int<span class="kw">.</span>shift_right (v a) (UInt32<span class="kw">.</span>v s), v c))))))):(Mk (shift_right (v a) (UInt32<span class="kw">.</span>v s)))</code></pre></div>
+<h1>
+<a id="user-content-fstarint128" class="anchor" href="#fstarint128" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Int128</h1>
+<h2>
+<a id="user-content-this-module-is-genetated-automatically-using-mk_intsh-do-not-edit-directly-" class="anchor" href="#this-module-is-genetated-automatically-using-mk_intsh-do-not-edit-directly-" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>THIS MODULE IS GENETATED AUTOMATICALLY USING <code>mk_int.sh</code>, DO NOT EDIT DIRECTLY ***</h2>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">128</span></pre></div>
+<ul>
+<li>Opens module <a href="FStar.Int.html">FStar.Int</a>
+</li>
+<li>Opens module <a href="FStar.Mul.html">FStar.Mul</a>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#set-options</span> "<span class="pl-s">--max_fuel 0 --max_ifuel 0</span>"</pre></div>
+<p>NOTE: anything that you fix/update here should be reflected in <code>FStar.UIntN.fstp</code>, which is mostly</p>
+<ul>
+<li>a copy-paste of this module.</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">new</span> <span class="pl-k">val</span> <span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-c1">eqtype</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int_to_t</span><span class="pl-c1">:</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">uv_inv</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">int_to_t</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">vu_inv</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">int_to_t</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">int_to_t</span> <span class="pl-en">x</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">v_inj</span> <span class="pl-c1">(</span><span class="pl-en">x1</span> <span class="pl-en">x2</span><span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">):</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x1</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">x2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">x1</span> <span class="pl-c1">==</span> <span class="pl-en">x2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">zero</span> <span class="pl-c1">:</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">one</span> <span class="pl-c1">:</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">1</span><span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">add</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Subtraction primitives</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sub</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Multiplication primitives</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mul</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> * <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> * <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Division primitives</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">div</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span></pre></div>
+<p>division overflows on INT_MIN / -1</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> / <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+<span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> / <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Modulo primitives</p>
+<p>If a/b is not representable the result of a%b is undefind</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">rem</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> / <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int.</span><span class="pl-en">mod</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Bitwise operators</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logand</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">logand</span><span class="pl-c1">`</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logxor</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">logxor</span><span class="pl-c1">`</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logor</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">logor</span><span class="pl-c1">`</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lognot</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">lognot</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<p>Shift operators</p>
+<h4>
+<a id="user-content-shift_right" class="anchor" href="#shift_right" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>shift_right</h4>
 <p>If a is negative the result is implementation-defined</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((shift_left (a:t) (s:UInt32<span class="kw">.</span>t)):(Pure t ((requires (/\(/\(&lt;=(<span class="dv">0</span>, v a), &lt;=<span class="co">(*(v a, pow2 (UInt32.v s)), max_int n)), &lt;(UInt32.v s, n))))) ((ensures ((fun c -&gt; =(FStar.Int.shift_left (v a) (UInt32.v s), v c))))))):(Mk (shift_left (v a) (UInt32.v s)))</span></code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_right</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">/\</span> <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span> &lt; <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int.</span><span class="pl-en">shift_right</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-shift_left" class="anchor" href="#shift_left" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>shift_left</h4>
 <p>If a is negative or a * pow2 s is not representable the result is undefined</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_left</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">/\</span> <span class="pl-en">v</span> <span class="pl-en">a</span> * <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span><span class="pl-c1">)</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">max_int</span> <span class="pl-en">n</span> <span class="pl-c1">/\</span> <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span> &lt; <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int.</span><span class="pl-en">shift_left</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_arithmetic_right</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span> &lt; <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int.</span><span class="pl-en">shift_arithmetic_right</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Comparison operators</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">eq</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">eq</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">gt</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">gt</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">gte</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">gte</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lt</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">lt</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lte</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">lte</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<p>Infix notations</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Plus_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">add</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Subtraction_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">sub</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Star_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">mul</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Slash_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">div</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Percent_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">rem</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Hat_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">logxor</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Amp_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">logand</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Bar_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">logor</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Less_Less_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">shift_left</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Greater_Greater_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">shift_right</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Greater_Greater_Greater_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">shift_arithmetic_right</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Equals_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">eq</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Greater_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">gt</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Greater_Equals_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">gte</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Less_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">lt</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Less_Equals_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">lte</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">inline_for_extraction</span>
+<span class="pl-k">let</span> <span class="pl-en">ct_abs</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">min_int</span> <span class="pl-en">n</span> &lt; <span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">abs</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)})</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">mask</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> &gt;&gt;&gt;<span class="pl-c1">^</span> <span class="pl-smi">UInt32.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+  <span class="pl-k">if</span> <span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-k">then</span>
+    <span class="pl-k">begin</span>
+    <span class="pl-en">sign_bit_positive</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">);</span>
+    <span class="pl-en">nth_lemma</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">mask</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">FStar.Int.</span><span class="pl-en">zero</span> <span class="pl-c1">_</span><span class="pl-c1">);</span>
+    <span class="pl-en">logxor_lemma_1</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-k">end</span>
+  <span class="pl-k">else</span>
+    <span class="pl-k">begin</span>
+    <span class="pl-en">sign_bit_negative</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">);</span>
+    <span class="pl-en">nth_lemma</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">mask</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ones</span> <span class="pl-c1">_</span><span class="pl-c1">);</span>
+    <span class="pl-en">logxor_lemma_2</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">);</span>
+    <span class="pl-en">lognot_negative</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">);</span>
+    <span class="pl-smi">UInt.</span><span class="pl-en">lemma_lognot_value</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">to_uint</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+    <span class="pl-k">end</span><span class="pl-c1">;</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">^^</span> <span class="pl-en">mask</span><span class="pl-c1">)</span> <span class="pl-c1">-^</span> <span class="pl-en">mask</span></pre></div>
+<p>To input / output constants</p>
+<p>.. in decimal representation</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">to_string</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">string</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">of_string</span><span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">t</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#set-options</span> "<span class="pl-s">--lax</span>"</pre></div>
+<p>This private primitive is used internally by the
+compiler to translate bounded integer constants
+with a desugaring-time check of the size of the number,
+rather than an expensive verification check.
+Since it is marked private, client programs cannot call it directly
+Since it is marked unfold, it eagerly reduces,
+eliminating the verification overhead of the wrapper</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">__int_to_t</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">t</span>
+    <span class="pl-c1">=</span> <span class="pl-en">int_to_t</span> <span class="pl-en">x</span>
+<span class="pl-c1">#</span><span class="pl-en">reset</span><span class="pl-c1">-</span><span class="pl-en">options</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mul_wide</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">Int64.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">Int64.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-smi">Int64.</span><span class="pl-en">v</span> <span class="pl-en">a</span> * <span class="pl-smi">Int64.</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Int16.html b/docs/FStar.Int16.html
index 6cfd1ec..47356e3 100644
--- a/docs/FStar.Int16.html
+++ b/docs/FStar.Int16.html
@@ -1,57 +1,151 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Int16</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.int16">module FStar.Int16</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((shift_right (a:t) (s:UInt32<span class="kw">.</span>t)):(Pure t ((requires (/\(&lt;=(<span class="dv">0</span>, v a), &lt;(UInt32<span class="kw">.</span>v s, n))))) ((ensures ((<span class="kw">fun</span> c -&gt; =(FStar<span class="kw">.</span>Int<span class="kw">.</span>shift_right (v a) (UInt32<span class="kw">.</span>v s), v c))))))):(Mk (shift_right (v a) (UInt32<span class="kw">.</span>v s)))</code></pre></div>
+<h1>
+<a id="user-content-fstarint16" class="anchor" href="#fstarint16" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Int16</h1>
+<h2>
+<a id="user-content-this-module-is-genetated-automatically-using-mk_intsh-do-not-edit-directly-" class="anchor" href="#this-module-is-genetated-automatically-using-mk_intsh-do-not-edit-directly-" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>THIS MODULE IS GENETATED AUTOMATICALLY USING <code>mk_int.sh</code>, DO NOT EDIT DIRECTLY ***</h2>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">16</span></pre></div>
+<ul>
+<li>Opens module <a href="FStar.Int.html">FStar.Int</a>
+</li>
+<li>Opens module <a href="FStar.Mul.html">FStar.Mul</a>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#set-options</span> "<span class="pl-s">--max_fuel 0 --max_ifuel 0</span>"</pre></div>
+<p>NOTE: anything that you fix/update here should be reflected in <code>FStar.UIntN.fstp</code>, which is mostly</p>
+<ul>
+<li>a copy-paste of this module.</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">new</span> <span class="pl-k">val</span> <span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-c1">eqtype</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int_to_t</span><span class="pl-c1">:</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">uv_inv</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">int_to_t</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">vu_inv</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">int_to_t</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">int_to_t</span> <span class="pl-en">x</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">v_inj</span> <span class="pl-c1">(</span><span class="pl-en">x1</span> <span class="pl-en">x2</span><span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">):</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x1</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">x2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">x1</span> <span class="pl-c1">==</span> <span class="pl-en">x2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">zero</span> <span class="pl-c1">:</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">one</span> <span class="pl-c1">:</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">1</span><span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">add</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Subtraction primitives</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sub</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Multiplication primitives</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mul</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> * <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> * <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Division primitives</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">div</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span></pre></div>
+<p>division overflows on INT_MIN / -1</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> / <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+<span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> / <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Modulo primitives</p>
+<p>If a/b is not representable the result of a%b is undefind</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">rem</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> / <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int.</span><span class="pl-en">mod</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Bitwise operators</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logand</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">logand</span><span class="pl-c1">`</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logxor</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">logxor</span><span class="pl-c1">`</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logor</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">logor</span><span class="pl-c1">`</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lognot</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">lognot</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<p>Shift operators</p>
+<h4>
+<a id="user-content-shift_right" class="anchor" href="#shift_right" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>shift_right</h4>
 <p>If a is negative the result is implementation-defined</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((shift_left (a:t) (s:UInt32<span class="kw">.</span>t)):(Pure t ((requires (/\(/\(&lt;=(<span class="dv">0</span>, v a), &lt;=<span class="co">(*(v a, pow2 (UInt32.v s)), max_int n)), &lt;(UInt32.v s, n))))) ((ensures ((fun c -&gt; =(FStar.Int.shift_left (v a) (UInt32.v s), v c))))))):(Mk (shift_left (v a) (UInt32.v s)))</span></code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_right</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">/\</span> <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span> &lt; <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int.</span><span class="pl-en">shift_right</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-shift_left" class="anchor" href="#shift_left" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>shift_left</h4>
 <p>If a is negative or a * pow2 s is not representable the result is undefined</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_left</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">/\</span> <span class="pl-en">v</span> <span class="pl-en">a</span> * <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span><span class="pl-c1">)</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">max_int</span> <span class="pl-en">n</span> <span class="pl-c1">/\</span> <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span> &lt; <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int.</span><span class="pl-en">shift_left</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_arithmetic_right</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span> &lt; <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int.</span><span class="pl-en">shift_arithmetic_right</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Comparison operators</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">eq</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">eq</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">gt</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">gt</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">gte</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">gte</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lt</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">lt</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lte</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">lte</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<p>Infix notations</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Plus_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">add</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Subtraction_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">sub</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Star_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">mul</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Slash_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">div</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Percent_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">rem</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Hat_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">logxor</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Amp_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">logand</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Bar_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">logor</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Less_Less_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">shift_left</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Greater_Greater_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">shift_right</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Greater_Greater_Greater_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">shift_arithmetic_right</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Equals_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">eq</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Greater_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">gt</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Greater_Equals_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">gte</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Less_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">lt</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Less_Equals_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">lte</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">inline_for_extraction</span>
+<span class="pl-k">let</span> <span class="pl-en">ct_abs</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">min_int</span> <span class="pl-en">n</span> &lt; <span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">abs</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)})</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">mask</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> &gt;&gt;&gt;<span class="pl-c1">^</span> <span class="pl-smi">UInt32.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+  <span class="pl-k">if</span> <span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-k">then</span>
+    <span class="pl-k">begin</span>
+    <span class="pl-en">sign_bit_positive</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">);</span>
+    <span class="pl-en">nth_lemma</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">mask</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">FStar.Int.</span><span class="pl-en">zero</span> <span class="pl-c1">_</span><span class="pl-c1">);</span>
+    <span class="pl-en">logxor_lemma_1</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-k">end</span>
+  <span class="pl-k">else</span>
+    <span class="pl-k">begin</span>
+    <span class="pl-en">sign_bit_negative</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">);</span>
+    <span class="pl-en">nth_lemma</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">mask</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ones</span> <span class="pl-c1">_</span><span class="pl-c1">);</span>
+    <span class="pl-en">logxor_lemma_2</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">);</span>
+    <span class="pl-en">lognot_negative</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">);</span>
+    <span class="pl-smi">UInt.</span><span class="pl-en">lemma_lognot_value</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">to_uint</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+    <span class="pl-k">end</span><span class="pl-c1">;</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">^^</span> <span class="pl-en">mask</span><span class="pl-c1">)</span> <span class="pl-c1">-^</span> <span class="pl-en">mask</span></pre></div>
+<p>To input / output constants</p>
+<p>.. in decimal representation</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">to_string</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">string</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">of_string</span><span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">t</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#set-options</span> "<span class="pl-s">--lax</span>"</pre></div>
+<p>This private primitive is used internally by the
+compiler to translate bounded integer constants
+with a desugaring-time check of the size of the number,
+rather than an expensive verification check.
+Since it is marked private, client programs cannot call it directly
+Since it is marked unfold, it eagerly reduces,
+eliminating the verification overhead of the wrapper</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">__int_to_t</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">t</span>
+    <span class="pl-c1">=</span> <span class="pl-en">int_to_t</span> <span class="pl-en">x</span>
+<span class="pl-c1">#</span><span class="pl-en">reset</span><span class="pl-c1">-</span><span class="pl-en">options</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Int32.html b/docs/FStar.Int32.html
index 91252d5..8b0dedc 100644
--- a/docs/FStar.Int32.html
+++ b/docs/FStar.Int32.html
@@ -1,57 +1,151 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Int32</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.int32">module FStar.Int32</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((shift_right (a:t) (s:UInt32<span class="kw">.</span>t)):(Pure t ((requires (/\(&lt;=(<span class="dv">0</span>, v a), &lt;(UInt32<span class="kw">.</span>v s, n))))) ((ensures ((<span class="kw">fun</span> c -&gt; =(FStar<span class="kw">.</span>Int<span class="kw">.</span>shift_right (v a) (UInt32<span class="kw">.</span>v s), v c))))))):(Mk (shift_right (v a) (UInt32<span class="kw">.</span>v s)))</code></pre></div>
+<h1>
+<a id="user-content-fstarint32" class="anchor" href="#fstarint32" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Int32</h1>
+<h2>
+<a id="user-content-this-module-is-genetated-automatically-using-mk_intsh-do-not-edit-directly-" class="anchor" href="#this-module-is-genetated-automatically-using-mk_intsh-do-not-edit-directly-" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>THIS MODULE IS GENETATED AUTOMATICALLY USING <code>mk_int.sh</code>, DO NOT EDIT DIRECTLY ***</h2>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">32</span></pre></div>
+<ul>
+<li>Opens module <a href="FStar.Int.html">FStar.Int</a>
+</li>
+<li>Opens module <a href="FStar.Mul.html">FStar.Mul</a>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#set-options</span> "<span class="pl-s">--max_fuel 0 --max_ifuel 0</span>"</pre></div>
+<p>NOTE: anything that you fix/update here should be reflected in <code>FStar.UIntN.fstp</code>, which is mostly</p>
+<ul>
+<li>a copy-paste of this module.</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">new</span> <span class="pl-k">val</span> <span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-c1">eqtype</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int_to_t</span><span class="pl-c1">:</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">uv_inv</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">int_to_t</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">vu_inv</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">int_to_t</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">int_to_t</span> <span class="pl-en">x</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">v_inj</span> <span class="pl-c1">(</span><span class="pl-en">x1</span> <span class="pl-en">x2</span><span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">):</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x1</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">x2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">x1</span> <span class="pl-c1">==</span> <span class="pl-en">x2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">zero</span> <span class="pl-c1">:</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">one</span> <span class="pl-c1">:</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">1</span><span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">add</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Subtraction primitives</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sub</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Multiplication primitives</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mul</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> * <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> * <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Division primitives</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">div</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span></pre></div>
+<p>division overflows on INT_MIN / -1</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> / <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+<span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> / <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Modulo primitives</p>
+<p>If a/b is not representable the result of a%b is undefind</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">rem</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> / <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int.</span><span class="pl-en">mod</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Bitwise operators</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logand</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">logand</span><span class="pl-c1">`</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logxor</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">logxor</span><span class="pl-c1">`</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logor</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">logor</span><span class="pl-c1">`</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lognot</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">lognot</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<p>Shift operators</p>
+<h4>
+<a id="user-content-shift_right" class="anchor" href="#shift_right" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>shift_right</h4>
 <p>If a is negative the result is implementation-defined</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((shift_left (a:t) (s:UInt32<span class="kw">.</span>t)):(Pure t ((requires (/\(/\(&lt;=(<span class="dv">0</span>, v a), &lt;=<span class="co">(*(v a, pow2 (UInt32.v s)), max_int n)), &lt;(UInt32.v s, n))))) ((ensures ((fun c -&gt; =(FStar.Int.shift_left (v a) (UInt32.v s), v c))))))):(Mk (shift_left (v a) (UInt32.v s)))</span></code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_right</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">/\</span> <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span> &lt; <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int.</span><span class="pl-en">shift_right</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-shift_left" class="anchor" href="#shift_left" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>shift_left</h4>
 <p>If a is negative or a * pow2 s is not representable the result is undefined</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_left</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">/\</span> <span class="pl-en">v</span> <span class="pl-en">a</span> * <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span><span class="pl-c1">)</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">max_int</span> <span class="pl-en">n</span> <span class="pl-c1">/\</span> <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span> &lt; <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int.</span><span class="pl-en">shift_left</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_arithmetic_right</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span> &lt; <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int.</span><span class="pl-en">shift_arithmetic_right</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Comparison operators</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">eq</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">eq</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">gt</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">gt</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">gte</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">gte</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lt</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">lt</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lte</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">lte</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<p>Infix notations</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Plus_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">add</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Subtraction_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">sub</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Star_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">mul</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Slash_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">div</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Percent_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">rem</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Hat_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">logxor</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Amp_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">logand</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Bar_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">logor</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Less_Less_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">shift_left</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Greater_Greater_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">shift_right</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Greater_Greater_Greater_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">shift_arithmetic_right</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Equals_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">eq</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Greater_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">gt</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Greater_Equals_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">gte</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Less_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">lt</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Less_Equals_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">lte</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">inline_for_extraction</span>
+<span class="pl-k">let</span> <span class="pl-en">ct_abs</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">min_int</span> <span class="pl-en">n</span> &lt; <span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">abs</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)})</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">mask</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> &gt;&gt;&gt;<span class="pl-c1">^</span> <span class="pl-smi">UInt32.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+  <span class="pl-k">if</span> <span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-k">then</span>
+    <span class="pl-k">begin</span>
+    <span class="pl-en">sign_bit_positive</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">);</span>
+    <span class="pl-en">nth_lemma</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">mask</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">FStar.Int.</span><span class="pl-en">zero</span> <span class="pl-c1">_</span><span class="pl-c1">);</span>
+    <span class="pl-en">logxor_lemma_1</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-k">end</span>
+  <span class="pl-k">else</span>
+    <span class="pl-k">begin</span>
+    <span class="pl-en">sign_bit_negative</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">);</span>
+    <span class="pl-en">nth_lemma</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">mask</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ones</span> <span class="pl-c1">_</span><span class="pl-c1">);</span>
+    <span class="pl-en">logxor_lemma_2</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">);</span>
+    <span class="pl-en">lognot_negative</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">);</span>
+    <span class="pl-smi">UInt.</span><span class="pl-en">lemma_lognot_value</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">to_uint</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+    <span class="pl-k">end</span><span class="pl-c1">;</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">^^</span> <span class="pl-en">mask</span><span class="pl-c1">)</span> <span class="pl-c1">-^</span> <span class="pl-en">mask</span></pre></div>
+<p>To input / output constants</p>
+<p>.. in decimal representation</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">to_string</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">string</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">of_string</span><span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">t</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#set-options</span> "<span class="pl-s">--lax</span>"</pre></div>
+<p>This private primitive is used internally by the
+compiler to translate bounded integer constants
+with a desugaring-time check of the size of the number,
+rather than an expensive verification check.
+Since it is marked private, client programs cannot call it directly
+Since it is marked unfold, it eagerly reduces,
+eliminating the verification overhead of the wrapper</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">__int_to_t</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">t</span>
+    <span class="pl-c1">=</span> <span class="pl-en">int_to_t</span> <span class="pl-en">x</span>
+<span class="pl-c1">#</span><span class="pl-en">reset</span><span class="pl-c1">-</span><span class="pl-en">options</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Int64.html b/docs/FStar.Int64.html
index 156bfab..ae29068 100644
--- a/docs/FStar.Int64.html
+++ b/docs/FStar.Int64.html
@@ -1,57 +1,151 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Int64</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.int64">module FStar.Int64</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((shift_right (a:t) (s:UInt32<span class="kw">.</span>t)):(Pure t ((requires (/\(&lt;=(<span class="dv">0</span>, v a), &lt;(UInt32<span class="kw">.</span>v s, n))))) ((ensures ((<span class="kw">fun</span> c -&gt; =(FStar<span class="kw">.</span>Int<span class="kw">.</span>shift_right (v a) (UInt32<span class="kw">.</span>v s), v c))))))):(Mk (shift_right (v a) (UInt32<span class="kw">.</span>v s)))</code></pre></div>
+<h1>
+<a id="user-content-fstarint64" class="anchor" href="#fstarint64" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Int64</h1>
+<h2>
+<a id="user-content-this-module-is-genetated-automatically-using-mk_intsh-do-not-edit-directly-" class="anchor" href="#this-module-is-genetated-automatically-using-mk_intsh-do-not-edit-directly-" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>THIS MODULE IS GENETATED AUTOMATICALLY USING <code>mk_int.sh</code>, DO NOT EDIT DIRECTLY ***</h2>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">64</span></pre></div>
+<ul>
+<li>Opens module <a href="FStar.Int.html">FStar.Int</a>
+</li>
+<li>Opens module <a href="FStar.Mul.html">FStar.Mul</a>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#set-options</span> "<span class="pl-s">--max_fuel 0 --max_ifuel 0</span>"</pre></div>
+<p>NOTE: anything that you fix/update here should be reflected in <code>FStar.UIntN.fstp</code>, which is mostly</p>
+<ul>
+<li>a copy-paste of this module.</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">new</span> <span class="pl-k">val</span> <span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-c1">eqtype</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int_to_t</span><span class="pl-c1">:</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">uv_inv</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">int_to_t</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">vu_inv</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">int_to_t</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">int_to_t</span> <span class="pl-en">x</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">v_inj</span> <span class="pl-c1">(</span><span class="pl-en">x1</span> <span class="pl-en">x2</span><span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">):</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x1</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">x2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">x1</span> <span class="pl-c1">==</span> <span class="pl-en">x2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">zero</span> <span class="pl-c1">:</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">one</span> <span class="pl-c1">:</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">1</span><span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">add</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Subtraction primitives</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sub</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Multiplication primitives</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mul</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> * <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> * <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Division primitives</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">div</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span></pre></div>
+<p>division overflows on INT_MIN / -1</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> / <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+<span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> / <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Modulo primitives</p>
+<p>If a/b is not representable the result of a%b is undefind</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">rem</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> / <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int.</span><span class="pl-en">mod</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Bitwise operators</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logand</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">logand</span><span class="pl-c1">`</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logxor</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">logxor</span><span class="pl-c1">`</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logor</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">logor</span><span class="pl-c1">`</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lognot</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">lognot</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<p>Shift operators</p>
+<h4>
+<a id="user-content-shift_right" class="anchor" href="#shift_right" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>shift_right</h4>
 <p>If a is negative the result is implementation-defined</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((shift_left (a:t) (s:UInt32<span class="kw">.</span>t)):(Pure t ((requires (/\(/\(&lt;=(<span class="dv">0</span>, v a), &lt;=<span class="co">(*(v a, pow2 (UInt32.v s)), max_int n)), &lt;(UInt32.v s, n))))) ((ensures ((fun c -&gt; =(FStar.Int.shift_left (v a) (UInt32.v s), v c))))))):(Mk (shift_left (v a) (UInt32.v s)))</span></code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_right</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">/\</span> <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span> &lt; <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int.</span><span class="pl-en">shift_right</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-shift_left" class="anchor" href="#shift_left" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>shift_left</h4>
 <p>If a is negative or a * pow2 s is not representable the result is undefined</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_left</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">/\</span> <span class="pl-en">v</span> <span class="pl-en">a</span> * <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span><span class="pl-c1">)</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">max_int</span> <span class="pl-en">n</span> <span class="pl-c1">/\</span> <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span> &lt; <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int.</span><span class="pl-en">shift_left</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_arithmetic_right</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span> &lt; <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int.</span><span class="pl-en">shift_arithmetic_right</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Comparison operators</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">eq</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">eq</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">gt</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">gt</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">gte</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">gte</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lt</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">lt</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lte</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">lte</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<p>Infix notations</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Plus_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">add</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Subtraction_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">sub</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Star_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">mul</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Slash_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">div</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Percent_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">rem</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Hat_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">logxor</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Amp_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">logand</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Bar_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">logor</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Less_Less_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">shift_left</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Greater_Greater_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">shift_right</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Greater_Greater_Greater_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">shift_arithmetic_right</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Equals_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">eq</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Greater_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">gt</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Greater_Equals_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">gte</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Less_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">lt</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Less_Equals_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">lte</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">inline_for_extraction</span>
+<span class="pl-k">let</span> <span class="pl-en">ct_abs</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">min_int</span> <span class="pl-en">n</span> &lt; <span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">abs</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)})</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">mask</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> &gt;&gt;&gt;<span class="pl-c1">^</span> <span class="pl-smi">UInt32.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+  <span class="pl-k">if</span> <span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-k">then</span>
+    <span class="pl-k">begin</span>
+    <span class="pl-en">sign_bit_positive</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">);</span>
+    <span class="pl-en">nth_lemma</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">mask</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">FStar.Int.</span><span class="pl-en">zero</span> <span class="pl-c1">_</span><span class="pl-c1">);</span>
+    <span class="pl-en">logxor_lemma_1</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-k">end</span>
+  <span class="pl-k">else</span>
+    <span class="pl-k">begin</span>
+    <span class="pl-en">sign_bit_negative</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">);</span>
+    <span class="pl-en">nth_lemma</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">mask</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ones</span> <span class="pl-c1">_</span><span class="pl-c1">);</span>
+    <span class="pl-en">logxor_lemma_2</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">);</span>
+    <span class="pl-en">lognot_negative</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">);</span>
+    <span class="pl-smi">UInt.</span><span class="pl-en">lemma_lognot_value</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">to_uint</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+    <span class="pl-k">end</span><span class="pl-c1">;</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">^^</span> <span class="pl-en">mask</span><span class="pl-c1">)</span> <span class="pl-c1">-^</span> <span class="pl-en">mask</span></pre></div>
+<p>To input / output constants</p>
+<p>.. in decimal representation</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">to_string</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">string</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">of_string</span><span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">t</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#set-options</span> "<span class="pl-s">--lax</span>"</pre></div>
+<p>This private primitive is used internally by the
+compiler to translate bounded integer constants
+with a desugaring-time check of the size of the number,
+rather than an expensive verification check.
+Since it is marked private, client programs cannot call it directly
+Since it is marked unfold, it eagerly reduces,
+eliminating the verification overhead of the wrapper</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">__int_to_t</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">t</span>
+    <span class="pl-c1">=</span> <span class="pl-en">int_to_t</span> <span class="pl-en">x</span>
+<span class="pl-c1">#</span><span class="pl-en">reset</span><span class="pl-c1">-</span><span class="pl-en">options</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Int8.html b/docs/FStar.Int8.html
index c240379..31a6be1 100644
--- a/docs/FStar.Int8.html
+++ b/docs/FStar.Int8.html
@@ -1,57 +1,151 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Int8</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.int8">module FStar.Int8</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((shift_right (a:t) (s:UInt32<span class="kw">.</span>t)):(Pure t ((requires (/\(&lt;=(<span class="dv">0</span>, v a), &lt;(UInt32<span class="kw">.</span>v s, n))))) ((ensures ((<span class="kw">fun</span> c -&gt; =(FStar<span class="kw">.</span>Int<span class="kw">.</span>shift_right (v a) (UInt32<span class="kw">.</span>v s), v c))))))):(Mk (shift_right (v a) (UInt32<span class="kw">.</span>v s)))</code></pre></div>
+<h1>
+<a id="user-content-fstarint8" class="anchor" href="#fstarint8" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Int8</h1>
+<h2>
+<a id="user-content-this-module-is-genetated-automatically-using-mk_intsh-do-not-edit-directly-" class="anchor" href="#this-module-is-genetated-automatically-using-mk_intsh-do-not-edit-directly-" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>THIS MODULE IS GENETATED AUTOMATICALLY USING <code>mk_int.sh</code>, DO NOT EDIT DIRECTLY ***</h2>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">8</span></pre></div>
+<ul>
+<li>Opens module <a href="FStar.Int.html">FStar.Int</a>
+</li>
+<li>Opens module <a href="FStar.Mul.html">FStar.Mul</a>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#set-options</span> "<span class="pl-s">--max_fuel 0 --max_ifuel 0</span>"</pre></div>
+<p>NOTE: anything that you fix/update here should be reflected in <code>FStar.UIntN.fstp</code>, which is mostly</p>
+<ul>
+<li>a copy-paste of this module.</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">new</span> <span class="pl-k">val</span> <span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-c1">eqtype</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int_to_t</span><span class="pl-c1">:</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">uv_inv</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">int_to_t</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">vu_inv</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-en">int_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">int_to_t</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">int_to_t</span> <span class="pl-en">x</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">v_inj</span> <span class="pl-c1">(</span><span class="pl-en">x1</span> <span class="pl-en">x2</span><span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">):</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x1</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">x2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">x1</span> <span class="pl-c1">==</span> <span class="pl-en">x2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">zero</span> <span class="pl-c1">:</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">one</span> <span class="pl-c1">:</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">1</span><span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">add</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Subtraction primitives</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sub</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Multiplication primitives</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mul</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> * <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> * <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Division primitives</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">div</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span></pre></div>
+<p>division overflows on INT_MIN / -1</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> / <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+<span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> / <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Modulo primitives</p>
+<p>If a/b is not representable the result of a%b is undefind</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">rem</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> / <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int.</span><span class="pl-en">mod</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Bitwise operators</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logand</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">logand</span><span class="pl-c1">`</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logxor</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">logxor</span><span class="pl-c1">`</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logor</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">logor</span><span class="pl-c1">`</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lognot</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">lognot</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<p>Shift operators</p>
+<h4>
+<a id="user-content-shift_right" class="anchor" href="#shift_right" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>shift_right</h4>
 <p>If a is negative the result is implementation-defined</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((shift_left (a:t) (s:UInt32<span class="kw">.</span>t)):(Pure t ((requires (/\(/\(&lt;=(<span class="dv">0</span>, v a), &lt;=<span class="co">(*(v a, pow2 (UInt32.v s)), max_int n)), &lt;(UInt32.v s, n))))) ((ensures ((fun c -&gt; =(FStar.Int.shift_left (v a) (UInt32.v s), v c))))))):(Mk (shift_left (v a) (UInt32.v s)))</span></code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_right</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">/\</span> <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span> &lt; <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int.</span><span class="pl-en">shift_right</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-shift_left" class="anchor" href="#shift_left" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>shift_left</h4>
 <p>If a is negative or a * pow2 s is not representable the result is undefined</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_left</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">/\</span> <span class="pl-en">v</span> <span class="pl-en">a</span> * <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span><span class="pl-c1">)</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">max_int</span> <span class="pl-en">n</span> <span class="pl-c1">/\</span> <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span> &lt; <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int.</span><span class="pl-en">shift_left</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_arithmetic_right</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span> &lt; <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int.</span><span class="pl-en">shift_arithmetic_right</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Comparison operators</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">eq</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">eq</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">gt</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">gt</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">gte</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">gte</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lt</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">lt</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lte</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">lte</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<p>Infix notations</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Plus_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">add</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Subtraction_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">sub</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Star_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">mul</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Slash_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">div</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Percent_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">rem</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Hat_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">logxor</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Amp_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">logand</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Bar_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">logor</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Less_Less_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">shift_left</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Greater_Greater_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">shift_right</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Greater_Greater_Greater_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">shift_arithmetic_right</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Equals_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">eq</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Greater_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">gt</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Greater_Equals_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">gte</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Less_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">lt</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Less_Equals_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">lte</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">inline_for_extraction</span>
+<span class="pl-k">let</span> <span class="pl-en">ct_abs</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">min_int</span> <span class="pl-en">n</span> &lt; <span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">abs</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)})</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">mask</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> &gt;&gt;&gt;<span class="pl-c1">^</span> <span class="pl-smi">UInt32.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+  <span class="pl-k">if</span> <span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-k">then</span>
+    <span class="pl-k">begin</span>
+    <span class="pl-en">sign_bit_positive</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">);</span>
+    <span class="pl-en">nth_lemma</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">mask</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">FStar.Int.</span><span class="pl-en">zero</span> <span class="pl-c1">_</span><span class="pl-c1">);</span>
+    <span class="pl-en">logxor_lemma_1</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-k">end</span>
+  <span class="pl-k">else</span>
+    <span class="pl-k">begin</span>
+    <span class="pl-en">sign_bit_negative</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">);</span>
+    <span class="pl-en">nth_lemma</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">mask</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ones</span> <span class="pl-c1">_</span><span class="pl-c1">);</span>
+    <span class="pl-en">logxor_lemma_2</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">);</span>
+    <span class="pl-en">lognot_negative</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">);</span>
+    <span class="pl-smi">UInt.</span><span class="pl-en">lemma_lognot_value</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">to_uint</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+    <span class="pl-k">end</span><span class="pl-c1">;</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">^^</span> <span class="pl-en">mask</span><span class="pl-c1">)</span> <span class="pl-c1">-^</span> <span class="pl-en">mask</span></pre></div>
+<p>To input / output constants</p>
+<p>.. in decimal representation</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">to_string</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">string</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">of_string</span><span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">t</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#set-options</span> "<span class="pl-s">--lax</span>"</pre></div>
+<p>This private primitive is used internally by the
+compiler to translate bounded integer constants
+with a desugaring-time check of the size of the number,
+rather than an expensive verification check.
+Since it is marked private, client programs cannot call it directly
+Since it is marked unfold, it eagerly reduces,
+eliminating the verification overhead of the wrapper</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">__int_to_t</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">t</span>
+    <span class="pl-c1">=</span> <span class="pl-en">int_to_t</span> <span class="pl-en">x</span>
+<span class="pl-c1">#</span><span class="pl-en">reset</span><span class="pl-c1">-</span><span class="pl-en">options</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Integers.html b/docs/FStar.Integers.html
index 3d9d2a4..1a1659a 100644
--- a/docs/FStar.Integers.html
+++ b/docs/FStar.Integers.html
@@ -1,16 +1,536 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Integers</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.integers">module FStar.Integers</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarintegers" class="anchor" href="#fstarintegers" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Integers</h1>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#set-options</span> "<span class="pl-s">--initial_ifuel 2 --max_ifuel 2 --initial_fuel 0 --max_fuel 0</span>"</pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">irreducible</span>
+<span class="pl-k">let</span> <span class="pl-en">mark_for_norm</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">norm</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">norm</span> <span class="pl-c1">[</span><span class="pl-en">iota</span><span class="pl-c1">;</span> <span class="pl-en">delta_attr</span> <span class="pl-c1">[`</span>%<span class="pl-en">mark_for_norm</span><span class="pl-c1">]]</span> <span class="pl-en">x</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">width</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">W8</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">W16</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">W32</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">W64</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">W128</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Winfinite</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">nat_of_width</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">W8</span>   <span class="pl-c1">-&gt;</span> <span class="pl-c1">Some</span> <span class="pl-c1">8</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">W16</span>  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Some</span> <span class="pl-c1">16</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">W32</span>  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Some</span> <span class="pl-c1">32</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">W64</span>  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Some</span> <span class="pl-c1">64</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Some</span> <span class="pl-c1">128</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Winfinite</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">None</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">fixed_width</span> <span class="pl-c1">=</span> <span class="pl-en">w</span><span class="pl-c1">:</span><span class="pl-en">width</span><span class="pl-c1">{</span><span class="pl-en">w</span> &lt;&gt; <span class="pl-c1">Winfinite</span><span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">nat_of_fixed_width</span> <span class="pl-c1">(</span><span class="pl-en">w</span><span class="pl-c1">:</span><span class="pl-en">fixed_width</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">nat_of_width</span> <span class="pl-en">w</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">v</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">signed_width</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-en">of</span> <span class="pl-en">width</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-en">of</span> <span class="pl-en">fixed_width</span> <span class="pl-c">//We don't support (Unsigned WInfinite); use nat instead</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">width_of_sw</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-en">w</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">w</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-en">w</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">w</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">]</span>
+<span class="pl-k">noextract</span>
+<span class="pl-k">inline_for_extraction</span>
+<span class="pl-k">let</span> <span class="pl-en">int_t</span> <span class="pl-en">sw</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type0</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">sw</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt8.</span><span class="pl-en">t</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt16.</span><span class="pl-en">t</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt32.</span><span class="pl-en">t</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt64.</span><span class="pl-en">t</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt128.</span><span class="pl-en">t</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">Winfinite</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">int</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int8.</span><span class="pl-en">t</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int16.</span><span class="pl-en">t</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int32.</span><span class="pl-en">t</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int64.</span><span class="pl-en">t</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int128.</span><span class="pl-en">t</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">;</span> <span class="pl-en">strict_on_arguments</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">]]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">noextract</span>
+<span class="pl-k">let</span> <span class="pl-en">within_bounds'</span> <span class="pl-en">sw</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:int)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">sw</span><span class="pl-c1">,</span> <span class="pl-en">nat_of_width</span> <span class="pl-c1">(</span><span class="pl-en">width_of_sw</span> <span class="pl-en">sw</span><span class="pl-c1">)</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">_</span><span class="pl-c1">,</span>   <span class="pl-c1">None</span>   <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">_</span><span class="pl-c1">,</span>   <span class="pl-c1">Some</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int.</span><span class="pl-en">size</span> <span class="pl-en">x</span> <span class="pl-en">n</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">Some</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt.</span><span class="pl-en">size</span> <span class="pl-en">x</span> <span class="pl-en">n</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">within_bounds</span> <span class="pl-en">sw</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">norm</span> <span class="pl-c1">(</span><span class="pl-en">within_bounds'</span> <span class="pl-en">sw</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">;</span> <span class="pl-en">strict_on_arguments</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">]]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">noextract</span>
+<span class="pl-k">let</span> <span class="pl-en">v</span> <span class="pl-c1">#</span><span class="pl-en">sw</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-c1">(</span><span class="pl-c1">Signed</span> <span class="pl-c1">Winfinite</span><span class="pl-c1">){</span><span class="pl-en">within_bounds</span> <span class="pl-en">sw</span> <span class="pl-en">y</span><span class="pl-c1">})</span>
+  <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">sw</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-en">w</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-c1">(</span><span class="pl-k">match</span> <span class="pl-en">w</span> <span class="pl-k">with</span>
+       <span class="pl-c1">|</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt8.</span><span class="pl-en">v</span> <span class="pl-en">x</span>
+       <span class="pl-c1">|</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt16.</span><span class="pl-en">v</span> <span class="pl-en">x</span>
+       <span class="pl-c1">|</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt32.</span><span class="pl-en">v</span> <span class="pl-en">x</span>
+       <span class="pl-c1">|</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt64.</span><span class="pl-en">v</span> <span class="pl-en">x</span>
+       <span class="pl-c1">|</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt128.</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-en">w</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-c1">(</span><span class="pl-k">match</span> <span class="pl-en">w</span> <span class="pl-k">with</span>
+       <span class="pl-c1">|</span> <span class="pl-c1">Winfinite</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span>
+       <span class="pl-c1">|</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int8.</span><span class="pl-en">v</span> <span class="pl-en">x</span>
+       <span class="pl-c1">|</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int16.</span><span class="pl-en">v</span> <span class="pl-en">x</span>
+       <span class="pl-c1">|</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int32.</span><span class="pl-en">v</span> <span class="pl-en">x</span>
+       <span class="pl-c1">|</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int64.</span><span class="pl-en">v</span> <span class="pl-en">x</span>
+       <span class="pl-c1">|</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int128.</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">;</span> <span class="pl-en">strict_on_arguments</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">]]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">noextract</span>
+<span class="pl-k">let</span> <span class="pl-en">u</span>    <span class="pl-c1">#</span><span class="pl-en">sw</span>
+        <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-c1">(</span><span class="pl-c1">Signed</span> <span class="pl-c1">Winfinite</span><span class="pl-c1">){</span><span class="pl-en">within_bounds</span> <span class="pl-en">sw</span> <span class="pl-en">x</span><span class="pl-c1">})</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">{</span><span class="pl-en">norm</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">y</span><span class="pl-c1">)})</span>
+  <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">sw</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-en">w</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-c1">(</span><span class="pl-k">match</span> <span class="pl-en">w</span> <span class="pl-k">with</span>
+       <span class="pl-c1">|</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt8.</span><span class="pl-en">uint_to_t</span> <span class="pl-en">x</span>
+       <span class="pl-c1">|</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt16.</span><span class="pl-en">uint_to_t</span> <span class="pl-en">x</span>
+       <span class="pl-c1">|</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt32.</span><span class="pl-en">uint_to_t</span> <span class="pl-en">x</span>
+       <span class="pl-c1">|</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt64.</span><span class="pl-en">uint_to_t</span> <span class="pl-en">x</span>
+       <span class="pl-c1">|</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt128.</span><span class="pl-en">uint_to_t</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-en">w</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-c1">(</span><span class="pl-k">match</span> <span class="pl-en">w</span> <span class="pl-k">with</span>
+       <span class="pl-c1">|</span> <span class="pl-c1">Winfinite</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span>
+       <span class="pl-c1">|</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int8.</span><span class="pl-en">int_to_t</span> <span class="pl-en">x</span>
+       <span class="pl-c1">|</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int16.</span><span class="pl-en">int_to_t</span> <span class="pl-en">x</span>
+       <span class="pl-c1">|</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int32.</span><span class="pl-en">int_to_t</span> <span class="pl-en">x</span>
+       <span class="pl-c1">|</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int64.</span><span class="pl-en">int_to_t</span> <span class="pl-en">x</span>
+       <span class="pl-c1">|</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int128.</span><span class="pl-en">int_to_t</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">irreducible</span>
+<span class="pl-k">noextract</span>
+<span class="pl-k">let</span> <span class="pl-en">cast</span> <span class="pl-c1">#</span><span class="pl-en">sw</span> <span class="pl-c1">#</span><span class="pl-en">sw'</span>
+         <span class="pl-c1">(</span><span class="pl-en">from</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">{</span><span class="pl-en">within_bounds</span> <span class="pl-en">sw'</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">from</span><span class="pl-c1">)})</span>
+   <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">to</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw'</span><span class="pl-c1">{</span><span class="pl-en">norm</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">from</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">to</span><span class="pl-c1">)})</span>
+   <span class="pl-c1">=</span> <span class="pl-en">u</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">from</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">noextract</span>
+<span class="pl-k">let</span> <span class="pl-en">cast_ok</span> <span class="pl-c1">#</span><span class="pl-en">from</span> <span class="pl-en">to</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">from</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">within_bounds</span> <span class="pl-en">to</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">;</span> <span class="pl-en">strict_on_arguments</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">]]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">noextract</span>
+<span class="pl-k">let</span> <span class="pl-c1">(</span> <span class="pl-c1">+</span> <span class="pl-c1">)</span> <span class="pl-c1">#</span><span class="pl-en">sw</span>
+          <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span>
+          <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">{</span><span class="pl-en">within_bounds</span> <span class="pl-en">sw</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">+</span> <span class="pl-en">v</span> <span class="pl-en">y</span><span class="pl-c1">)})</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span>   <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">sw</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">Winfinite</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span> <span class="pl-c1">+</span> <span class="pl-en">y</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W8</span>   <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt8.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">+^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W16</span>  <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt16.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">+^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W32</span>  <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt32.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">+^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W64</span>  <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt64.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">+^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt128.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">+^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W8</span>   <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int8.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">+^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W16</span>  <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int16.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">+^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W32</span>  <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int32.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">+^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W64</span>  <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int64.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">+^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int128.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">+^</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">;</span> <span class="pl-en">strict_on_arguments</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">]]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">noextract</span>
+<span class="pl-k">let</span> <span class="pl-c1">(</span> <span class="pl-c1">+?</span> <span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">w</span><span class="pl-c1">:</span><span class="pl-en">fixed_width</span><span class="pl-c1">)</span>
+           <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-c1">(</span><span class="pl-c1">Unsigned</span> <span class="pl-en">w</span><span class="pl-c1">))</span>
+           <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-c1">(</span><span class="pl-c1">Unsigned</span> <span class="pl-en">w</span><span class="pl-c1">))</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span>    <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-c1">(</span><span class="pl-c1">Unsigned</span> <span class="pl-en">w</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">w</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt8.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">+?^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt16.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">+?^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt32.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">+?^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt64.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">+?^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt128.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">+?^</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">;</span> <span class="pl-en">strict_on_arguments</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">]]</span>
+<span class="pl-k">noextract</span>
+<span class="pl-k">let</span> <span class="pl-en">modulo</span> <span class="pl-en">sw</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:pos{</span><span class="pl-c1">Signed</span><span class="pl-c1">?</span> <span class="pl-en">sw</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">y</span>%<span class="pl-c1">2</span><span class="pl-c1">=</span><span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">sw</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>  <span class="pl-en">x</span> % <span class="pl-en">y</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int.</span><span class="pl-c1">(</span><span class="pl-en">x</span> @% <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">;</span> <span class="pl-en">strict_on_arguments</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">]]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">noextract</span>
+<span class="pl-k">let</span> <span class="pl-c1">(</span> <span class="pl-c1">+</span>% <span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">sw</span><span class="pl-c1">:</span><span class="pl-c1">_</span><span class="pl-c1">{</span><span class="pl-c1">Unsigned</span><span class="pl-c1">?</span> <span class="pl-en">sw</span><span class="pl-c1">})</span>
+           <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span>
+           <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span>    <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-c1">Unsigned</span> <span class="pl-en">w</span> <span class="pl-c1">=</span> <span class="pl-en">sw</span> <span class="pl-k">in</span>
+    <span class="pl-k">match</span> <span class="pl-en">w</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt8.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">+</span>%<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt16.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">+</span>%<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt32.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">+</span>%<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt64.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">+</span>%<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt128.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">+</span>%<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">;</span> <span class="pl-en">strict_on_arguments</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">]]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">noextract</span>
+<span class="pl-k">let</span> <span class="pl-en">op_Subtraction</span> <span class="pl-c1">#</span><span class="pl-en">sw</span>
+                   <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span>
+                   <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">{</span><span class="pl-en">within_bounds</span> <span class="pl-en">sw</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">-</span> <span class="pl-en">v</span> <span class="pl-en">y</span><span class="pl-c1">)})</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tot</span>          <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">sw</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">Winfinite</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span> <span class="pl-c1">-</span> <span class="pl-en">y</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt8.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">-^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt16.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">-^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt32.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">-^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt64.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">-^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt128.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">-^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int8.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">-^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int16.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">-^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int32.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">-^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int64.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">-^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int128.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">-^</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">;</span> <span class="pl-en">strict_on_arguments</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">]]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">noextract</span>
+<span class="pl-k">let</span> <span class="pl-en">op_Subtraction_Question</span>
+        <span class="pl-c1">(#</span><span class="pl-en">sw</span><span class="pl-c1">:</span><span class="pl-c1">_</span><span class="pl-c1">{</span><span class="pl-c1">Unsigned</span><span class="pl-c1">?</span> <span class="pl-en">sw</span><span class="pl-c1">})</span>
+        <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-c1">Unsigned</span> <span class="pl-en">w</span> <span class="pl-c1">=</span> <span class="pl-en">sw</span> <span class="pl-k">in</span>
+    <span class="pl-k">match</span> <span class="pl-en">w</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt8.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">-?^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt16.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">-?^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt32.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">-?^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt64.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">-?^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt128.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">-?^</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">;</span> <span class="pl-en">strict_on_arguments</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">]]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">noextract</span>
+<span class="pl-k">let</span> <span class="pl-en">op_Subtraction_Percent</span>
+         <span class="pl-c1">(#</span><span class="pl-en">sw</span><span class="pl-c1">:</span><span class="pl-c1">_</span><span class="pl-c1">{</span><span class="pl-c1">Unsigned</span><span class="pl-c1">?</span> <span class="pl-en">sw</span><span class="pl-c1">})</span>
+         <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span>
+         <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span>  <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-c1">Unsigned</span> <span class="pl-en">w</span> <span class="pl-c1">=</span> <span class="pl-en">sw</span> <span class="pl-k">in</span>
+    <span class="pl-k">match</span> <span class="pl-en">w</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt8.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">-</span>%<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt16.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">-</span>%<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt32.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">-</span>%<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt64.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">-</span>%<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt128.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">-</span>%<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">;</span> <span class="pl-en">strict_on_arguments</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">]]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">noextract</span>
+<span class="pl-k">let</span> <span class="pl-en">op_Minus</span>
+         <span class="pl-c1">(#</span><span class="pl-en">sw</span><span class="pl-c1">:</span><span class="pl-c1">_</span><span class="pl-c1">{</span><span class="pl-c1">Signed</span><span class="pl-c1">?</span> <span class="pl-en">sw</span><span class="pl-c1">})</span>
+         <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">{</span><span class="pl-en">within_bounds</span> <span class="pl-en">sw</span> <span class="pl-c1">(</span><span class="pl-c1">0</span> <span class="pl-c1">-</span> <span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)})</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span>  <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-c1">Signed</span> <span class="pl-en">w</span> <span class="pl-c1">=</span> <span class="pl-en">sw</span> <span class="pl-k">in</span>
+    <span class="pl-k">match</span> <span class="pl-en">w</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Winfinite</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">0</span> <span class="pl-c1">-</span> <span class="pl-en">x</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int8.</span><span class="pl-c1">(</span><span class="pl-c1">0y</span> <span class="pl-c1">-^</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int16.</span><span class="pl-c1">(</span><span class="pl-c1">0s</span> <span class="pl-c1">-^</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int32.</span><span class="pl-c1">(</span><span class="pl-c1">0l</span> <span class="pl-c1">-^</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int64.</span><span class="pl-c1">(</span><span class="pl-c1">0L</span> <span class="pl-c1">-^</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int128.</span><span class="pl-c1">(</span><span class="pl-en">int_to_t</span> <span class="pl-c1">0</span> <span class="pl-c1">-^</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<ul>
+<li>Opens module <a href="FStar.Mul.html">FStar.Mul</a>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">;</span> <span class="pl-en">strict_on_arguments</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">]]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">noextract</span>
+<span class="pl-k">let</span> <span class="pl-c1">(</span> * <span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">sw</span><span class="pl-c1">:</span><span class="pl-en">signed_width</span><span class="pl-c1">{</span><span class="pl-en">width_of_sw</span> <span class="pl-en">sw</span> &lt;&gt; <span class="pl-c1">W128</span><span class="pl-c1">})</span>
+          <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span>
+          <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">{</span><span class="pl-en">within_bounds</span> <span class="pl-en">sw</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span> * <span class="pl-en">v</span> <span class="pl-en">y</span><span class="pl-c1">)})</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span>   <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">sw</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">Winfinite</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span> * <span class="pl-en">y</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt8.</span><span class="pl-c1">(</span><span class="pl-en">x</span> *<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt16.</span><span class="pl-c1">(</span><span class="pl-en">x</span> *<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt32.</span><span class="pl-c1">(</span><span class="pl-en">x</span> *<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt64.</span><span class="pl-c1">(</span><span class="pl-en">x</span> *<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int8.</span><span class="pl-c1">(</span><span class="pl-en">x</span> *<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int16.</span><span class="pl-c1">(</span><span class="pl-en">x</span> *<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int32.</span><span class="pl-c1">(</span><span class="pl-en">x</span> *<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int64.</span><span class="pl-c1">(</span><span class="pl-en">x</span> *<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int128.</span><span class="pl-c1">(</span><span class="pl-en">x</span> *<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">;</span> <span class="pl-en">strict_on_arguments</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">]]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">noextract</span>
+<span class="pl-k">let</span> <span class="pl-c1">(</span> *<span class="pl-c1">?</span> <span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">sw</span><span class="pl-c1">:</span><span class="pl-c1">_</span><span class="pl-c1">{</span><span class="pl-c1">Unsigned</span><span class="pl-c1">?</span> <span class="pl-en">sw</span> <span class="pl-c1">/\</span> <span class="pl-en">width_of_sw</span> <span class="pl-en">sw</span> &lt;&gt; <span class="pl-c1">W128</span><span class="pl-c1">})</span>
+           <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span>
+           <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span>    <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-c1">Unsigned</span> <span class="pl-en">w</span> <span class="pl-c1">=</span> <span class="pl-en">sw</span> <span class="pl-k">in</span>
+    <span class="pl-k">match</span> <span class="pl-en">w</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt8.</span><span class="pl-c1">(</span><span class="pl-en">x</span> *<span class="pl-c1">?^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt16.</span><span class="pl-c1">(</span><span class="pl-en">x</span> *<span class="pl-c1">?^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt32.</span><span class="pl-c1">(</span><span class="pl-en">x</span> *<span class="pl-c1">?^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt64.</span><span class="pl-c1">(</span><span class="pl-en">x</span> *<span class="pl-c1">?^</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">;</span> <span class="pl-en">strict_on_arguments</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">]]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">noextract</span>
+<span class="pl-k">let</span> <span class="pl-c1">(</span> *% <span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">sw</span><span class="pl-c1">:</span><span class="pl-c1">_</span><span class="pl-c1">{</span><span class="pl-c1">Unsigned</span><span class="pl-c1">?</span> <span class="pl-en">sw</span> <span class="pl-c1">/\</span> <span class="pl-en">width_of_sw</span> <span class="pl-en">sw</span> &lt;&gt; <span class="pl-c1">W128</span><span class="pl-c1">})</span>
+           <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span>
+           <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span>    <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-c1">Unsigned</span> <span class="pl-en">w</span> <span class="pl-c1">=</span> <span class="pl-en">sw</span> <span class="pl-k">in</span>
+    <span class="pl-k">match</span> <span class="pl-en">w</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt8.</span><span class="pl-c1">(</span><span class="pl-en">x</span> *%<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt16.</span><span class="pl-c1">(</span><span class="pl-en">x</span> *%<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt32.</span><span class="pl-c1">(</span><span class="pl-en">x</span> *%<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt64.</span><span class="pl-c1">(</span><span class="pl-en">x</span> *%<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">;</span> <span class="pl-en">strict_on_arguments</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">]]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">noextract</span>
+<span class="pl-k">let</span> <span class="pl-c1">(</span> &gt; <span class="pl-c1">)</span> <span class="pl-c1">#</span><span class="pl-en">sw</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">sw</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">Winfinite</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span> &gt; <span class="pl-en">y</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt8.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &gt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt16.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &gt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt32.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &gt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt64.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &gt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt128.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &gt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int8.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &gt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int16.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &gt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int32.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &gt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int64.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &gt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int128.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &gt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">;</span> <span class="pl-en">strict_on_arguments</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">]]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">noextract</span>
+<span class="pl-k">let</span> <span class="pl-c1">(</span> &gt;<span class="pl-c1">=</span> <span class="pl-c1">)</span> <span class="pl-c1">#</span><span class="pl-en">sw</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">sw</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">Winfinite</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">y</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt8.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &gt;<span class="pl-c1">=^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt16.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &gt;<span class="pl-c1">=^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt32.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &gt;<span class="pl-c1">=^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt64.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &gt;<span class="pl-c1">=^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt128.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &gt;<span class="pl-c1">=^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int8.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &gt;<span class="pl-c1">=^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int16.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &gt;<span class="pl-c1">=^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int32.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &gt;<span class="pl-c1">=^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int64.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &gt;<span class="pl-c1">=^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int128.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &gt;<span class="pl-c1">=^</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">;</span> <span class="pl-en">strict_on_arguments</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">]]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">noextract</span>
+<span class="pl-k">let</span> <span class="pl-c1">(</span> &lt; <span class="pl-c1">)</span> <span class="pl-c1">#</span><span class="pl-en">sw</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">sw</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">Winfinite</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span> &lt; <span class="pl-en">y</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt8.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &lt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt16.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &lt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt32.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &lt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt64.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &lt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt128.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &lt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int8.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &lt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int16.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &lt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int32.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &lt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int64.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &lt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int128.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &lt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">;</span> <span class="pl-en">strict_on_arguments</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">]]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">noextract</span>
+<span class="pl-k">let</span> <span class="pl-c1">(</span> &lt;<span class="pl-c1">=</span> <span class="pl-c1">)</span> <span class="pl-c1">#</span><span class="pl-en">sw</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">sw</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">Winfinite</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">y</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt8.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &lt;<span class="pl-c1">=^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt16.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &lt;<span class="pl-c1">=^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt32.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &lt;<span class="pl-c1">=^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt64.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &lt;<span class="pl-c1">=^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt128.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &lt;<span class="pl-c1">=^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int8.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &lt;<span class="pl-c1">=^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int16.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &lt;<span class="pl-c1">=^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int32.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &lt;<span class="pl-c1">=^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int64.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &lt;<span class="pl-c1">=^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int128.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &lt;<span class="pl-c1">=^</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">;</span> <span class="pl-en">strict_on_arguments</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">]]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">noextract</span>
+<span class="pl-k">let</span> <span class="pl-c1">(</span> / <span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">sw</span><span class="pl-c1">:</span><span class="pl-en">signed_width</span><span class="pl-c1">{</span><span class="pl-en">sw</span> &lt;&gt; <span class="pl-c1">Unsigned</span> <span class="pl-c1">W128</span><span class="pl-c1">})</span>
+          <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span>
+          <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">{</span><span class="pl-c1">0</span> &lt;&gt; <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">&lt;:</span> <span class="pl-smi">Prims.</span><span class="pl-c1">int)</span> <span class="pl-c1">/\</span>
+                      <span class="pl-c1">(</span><span class="pl-k">match</span> <span class="pl-en">sw</span> <span class="pl-k">with</span>
+                       <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">within_bounds</span> <span class="pl-en">sw</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span> / <span class="pl-en">v</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+                       <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">within_bounds</span> <span class="pl-en">sw</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-smi">FStar.Int.</span><span class="pl-en">op_Slash</span><span class="pl-c1">`</span> <span class="pl-en">v</span> <span class="pl-en">y</span><span class="pl-c1">))})</span>
+   <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span>
+   <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">sw</span> <span class="pl-k">with</span>
+     <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">Winfinite</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span> / <span class="pl-en">y</span>
+     <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt8.</span><span class="pl-c1">(</span><span class="pl-en">x</span> /<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+     <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt16.</span><span class="pl-c1">(</span><span class="pl-en">x</span> /<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+     <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt32.</span><span class="pl-c1">(</span><span class="pl-en">x</span> /<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+     <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt64.</span><span class="pl-c1">(</span><span class="pl-en">x</span> /<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+     <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int8.</span><span class="pl-c1">(</span><span class="pl-en">x</span> /<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+     <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int16.</span><span class="pl-c1">(</span><span class="pl-en">x</span> /<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+     <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int32.</span><span class="pl-c1">(</span><span class="pl-en">x</span> /<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+     <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int64.</span><span class="pl-c1">(</span><span class="pl-en">x</span> /<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+     <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int128.</span><span class="pl-c1">(</span><span class="pl-en">x</span> /<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">;</span> <span class="pl-en">strict_on_arguments</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">]]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">noextract</span>
+<span class="pl-k">let</span> <span class="pl-c1">(</span> % <span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">sw</span><span class="pl-c1">:</span><span class="pl-en">signed_width</span><span class="pl-c1">{</span><span class="pl-en">sw</span> &lt;&gt; <span class="pl-c1">Unsigned</span> <span class="pl-c1">W128</span><span class="pl-c1">})</span>
+          <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span>
+          <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">{</span><span class="pl-c1">0</span> &lt;&gt; <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">&lt;:</span> <span class="pl-smi">Prims.</span><span class="pl-c1">int)</span> <span class="pl-c1">/\</span>
+                      <span class="pl-c1">(</span><span class="pl-k">match</span> <span class="pl-en">sw</span> <span class="pl-k">with</span>
+                       <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">within_bounds</span> <span class="pl-en">sw</span> <span class="pl-c1">(</span><span class="pl-smi">FStar.UInt.</span><span class="pl-en">mod</span> <span class="pl-c1">#(</span><span class="pl-en">nat_of_fixed_width</span> <span class="pl-c1">(</span><span class="pl-en">width_of_sw</span> <span class="pl-en">sw</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">y</span><span class="pl-c1">))</span>
+                       <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">Winfinite</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span>
+                       <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">within_bounds</span> <span class="pl-en">sw</span> <span class="pl-c1">(</span><span class="pl-smi">FStar.Int.</span><span class="pl-en">mod</span> <span class="pl-c1">#(</span><span class="pl-en">nat_of_fixed_width</span> <span class="pl-c1">(</span><span class="pl-en">width_of_sw</span> <span class="pl-en">sw</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">y</span><span class="pl-c1">)))</span> <span class="pl-c1">/\</span>
+                       <span class="pl-en">within_bounds</span> <span class="pl-en">sw</span> <span class="pl-c1">(</span><span class="pl-smi">FStar.Int.</span><span class="pl-en">op_Slash</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">y</span><span class="pl-c1">))})</span>
+   <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span>
+   <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">sw</span> <span class="pl-k">with</span>
+     <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">Winfinite</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span> % <span class="pl-en">y</span>
+     <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt8.</span><span class="pl-c1">(</span><span class="pl-en">x</span> %<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+     <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt16.</span><span class="pl-c1">(</span><span class="pl-en">x</span> %<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+     <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt32.</span><span class="pl-c1">(</span><span class="pl-en">x</span> %<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+     <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt64.</span><span class="pl-c1">(</span><span class="pl-en">x</span> %<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+     <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int8.</span><span class="pl-c1">(</span><span class="pl-en">x</span> %<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+     <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int16.</span><span class="pl-c1">(</span><span class="pl-en">x</span> %<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+     <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int32.</span><span class="pl-c1">(</span><span class="pl-en">x</span> %<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+     <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int64.</span><span class="pl-c1">(</span><span class="pl-en">x</span> %<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+     <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int128.</span><span class="pl-c1">(</span><span class="pl-en">x</span> %<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">;</span> <span class="pl-en">strict_on_arguments</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">]]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">noextract</span>
+<span class="pl-k">let</span> <span class="pl-c1">(</span> <span class="pl-c1">^^</span> <span class="pl-c1">)</span> <span class="pl-c1">#</span><span class="pl-en">sw</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">{</span><span class="pl-en">width_of_sw</span> <span class="pl-en">sw</span> &lt;&gt; <span class="pl-c1">Winfinite</span><span class="pl-c1">})</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span>
+    <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">sw</span> <span class="pl-k">with</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt8.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">^^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt16.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">^^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt32.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">^^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt64.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">^^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt128.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">^^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int8.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">^^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int16.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">^^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int32.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">^^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int64.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">^^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int128.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">^^</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">;</span> <span class="pl-en">strict_on_arguments</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">]]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">noextract</span>
+<span class="pl-k">let</span> <span class="pl-c1">(</span> <span class="pl-c1">&amp;^</span> <span class="pl-c1">)</span> <span class="pl-c1">#</span><span class="pl-en">sw</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">{</span><span class="pl-en">width_of_sw</span> <span class="pl-en">sw</span> &lt;&gt; <span class="pl-c1">Winfinite</span><span class="pl-c1">})</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span>
+    <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">sw</span> <span class="pl-k">with</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt8.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">&amp;^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt16.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">&amp;^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt32.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">&amp;^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt64.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">&amp;^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt128.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">&amp;^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int8.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">&amp;^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int16.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">&amp;^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int32.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">&amp;^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int64.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">&amp;^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int128.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">&amp;^</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">;</span> <span class="pl-en">strict_on_arguments</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">]]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">noextract</span>
+<span class="pl-k">let</span> <span class="pl-c1">(</span> <span class="pl-c1">|^</span> <span class="pl-c1">)</span> <span class="pl-c1">#</span><span class="pl-en">sw</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">{</span><span class="pl-en">width_of_sw</span> <span class="pl-en">sw</span> &lt;&gt; <span class="pl-c1">Winfinite</span><span class="pl-c1">})</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span>
+    <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">sw</span> <span class="pl-k">with</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt8.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">|^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt16.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">|^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt32.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">|^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt64.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">|^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt128.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">|^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int8.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">|^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int16.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">|^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int32.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">|^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int64.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">|^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int128.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">|^</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">;</span> <span class="pl-en">strict_on_arguments</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">]]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">noextract</span>
+<span class="pl-k">let</span> <span class="pl-c1">(</span> &lt;&lt;<span class="pl-c1">^</span> <span class="pl-c1">)</span> <span class="pl-c1">#</span><span class="pl-en">sw</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">{</span><span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">})</span>
+                <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-c1">(</span><span class="pl-c1">Unsigned</span> <span class="pl-c1">W32</span><span class="pl-c1">){</span><span class="pl-en">width_of_sw</span> <span class="pl-en">sw</span> &lt;&gt; <span class="pl-c1">Winfinite</span> <span class="pl-c1">/\</span> <span class="pl-en">v</span> <span class="pl-en">y</span> &lt; <span class="pl-en">nat_of_fixed_width</span> <span class="pl-c1">(</span><span class="pl-en">width_of_sw</span> <span class="pl-en">sw</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-c1">Signed</span><span class="pl-c1">?</span> <span class="pl-en">sw</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">within_bounds</span> <span class="pl-en">sw</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span> * <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">y</span><span class="pl-c1">)))})</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span>
+    <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">sw</span> <span class="pl-k">with</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt8.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &lt;&lt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt16.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &lt;&lt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt32.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &lt;&lt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt64.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &lt;&lt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt128.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &lt;&lt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int8.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &lt;&lt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int16.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &lt;&lt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int32.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &lt;&lt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int64.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &lt;&lt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int128.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &lt;&lt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">;</span> <span class="pl-en">strict_on_arguments</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">]]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">noextract</span>
+<span class="pl-k">let</span> <span class="pl-c1">(</span> &gt;&gt;<span class="pl-c1">^</span> <span class="pl-c1">)</span> <span class="pl-c1">#</span><span class="pl-en">sw</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">{</span><span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">})</span>
+                <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-c1">(</span><span class="pl-c1">Unsigned</span> <span class="pl-c1">W32</span><span class="pl-c1">){</span><span class="pl-en">width_of_sw</span> <span class="pl-en">sw</span> &lt;&gt; <span class="pl-c1">Winfinite</span> <span class="pl-c1">/\</span> <span class="pl-en">v</span> <span class="pl-en">y</span> &lt; <span class="pl-en">nat_of_fixed_width</span> <span class="pl-c1">(</span><span class="pl-en">width_of_sw</span> <span class="pl-en">sw</span><span class="pl-c1">)})</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span>
+    <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">sw</span> <span class="pl-k">with</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt8.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &gt;&gt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt16.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &gt;&gt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt32.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &gt;&gt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt64.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &gt;&gt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Unsigned</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt128.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &gt;&gt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W8</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int8.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &gt;&gt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W16</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int16.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &gt;&gt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W32</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int32.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &gt;&gt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W64</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int64.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &gt;&gt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Signed</span> <span class="pl-c1">W128</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int128.</span><span class="pl-c1">(</span><span class="pl-en">x</span> &gt;&gt;<span class="pl-c1">^</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">uint_8</span>   <span class="pl-c1">=</span> <span class="pl-en">int_t</span> <span class="pl-c1">(</span><span class="pl-c1">Unsigned</span> <span class="pl-c1">W8</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">uint_16</span>  <span class="pl-c1">=</span> <span class="pl-en">int_t</span> <span class="pl-c1">(</span><span class="pl-c1">Unsigned</span> <span class="pl-c1">W16</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">uint_32</span>  <span class="pl-c1">=</span> <span class="pl-en">int_t</span> <span class="pl-c1">(</span><span class="pl-c1">Unsigned</span> <span class="pl-c1">W32</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">uint_64</span>  <span class="pl-c1">=</span> <span class="pl-en">int_t</span> <span class="pl-c1">(</span><span class="pl-c1">Unsigned</span> <span class="pl-c1">W64</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-c1">int</span>       <span class="pl-c1">=</span> <span class="pl-en">int_t</span> <span class="pl-c1">(</span><span class="pl-c1">Signed</span> <span class="pl-c1">Winfinite</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">int_8</span>   <span class="pl-c1">=</span> <span class="pl-en">int_t</span> <span class="pl-c1">(</span><span class="pl-c1">Signed</span> <span class="pl-c1">W8</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">int_16</span>  <span class="pl-c1">=</span> <span class="pl-en">int_t</span> <span class="pl-c1">(</span><span class="pl-c1">Signed</span> <span class="pl-c1">W16</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">int_32</span>  <span class="pl-c1">=</span> <span class="pl-en">int_t</span> <span class="pl-c1">(</span><span class="pl-c1">Signed</span> <span class="pl-c1">W32</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">int_64</span>  <span class="pl-c1">=</span> <span class="pl-en">int_t</span> <span class="pl-c1">(</span><span class="pl-c1">Signed</span> <span class="pl-c1">W64</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">int_128</span> <span class="pl-c1">=</span> <span class="pl-en">int_t</span> <span class="pl-c1">(</span><span class="pl-c1">Signed</span> <span class="pl-c1">W128</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">ok</span> <span class="pl-c1">#</span><span class="pl-en">sw</span>
+       <span class="pl-c1">(</span><span class="pl-en">op</span><span class="pl-c1">:(</span><span class="pl-en">int_t</span> <span class="pl-c1">(</span><span class="pl-c1">Signed</span> <span class="pl-c1">Winfinite</span><span class="pl-c1">)</span>
+          <span class="pl-c1">-&gt;</span> <span class="pl-en">int_t</span> <span class="pl-c1">(</span><span class="pl-c1">Signed</span> <span class="pl-c1">Winfinite</span><span class="pl-c1">)</span>
+          <span class="pl-c1">-&gt;</span> <span class="pl-en">int_t</span> <span class="pl-c1">(</span><span class="pl-c1">Signed</span> <span class="pl-c1">Winfinite</span><span class="pl-c1">)))</span>
+       <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span>
+       <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">int_t</span> <span class="pl-en">sw</span><span class="pl-c1">)</span>
+   <span class="pl-c1">=</span> <span class="pl-en">within_bounds</span> <span class="pl-en">sw</span> <span class="pl-c1">(</span><span class="pl-en">op</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">y</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-c1">nat</span> <span class="pl-c1">=</span> <span class="pl-en">i</span><span class="pl-c1">:int{</span> <span class="pl-en">i</span> &gt;<span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">mark_for_norm</span><span class="pl-c1">]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-c1">pos</span> <span class="pl-c1">=</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span> <span class="pl-c1">0</span> &lt; <span class="pl-en">i</span> <span class="pl-c1">}</span></pre></div>
+<p>//////////////////////////////////////////////////////////////////////////////
+Test
+//////////////////////////////////////////////////////////////////////////////</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">f_int</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:int)</span> <span class="pl-c1">=</span> <span class="pl-en">x</span> <span class="pl-c1">+</span> <span class="pl-en">y</span>
+<span class="pl-k">let</span> <span class="pl-en">f_nat</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:nat)</span> <span class="pl-c1">=</span> <span class="pl-en">x</span> <span class="pl-c1">+</span> <span class="pl-en">y</span>
+<span class="pl-k">let</span> <span class="pl-en">f_nat_int_pos</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">z</span><span class="pl-c1">:pos)</span> <span class="pl-c1">=</span> <span class="pl-en">x</span> <span class="pl-c1">+</span> <span class="pl-en">y</span> <span class="pl-c1">+</span> <span class="pl-en">z</span>
+<span class="pl-k">let</span> <span class="pl-en">f_uint_8</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">uint_8</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">uint_8</span><span class="pl-c1">{</span><span class="pl-en">ok</span> <span class="pl-c1">(+)</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">})</span> <span class="pl-c1">=</span> <span class="pl-en">x</span> <span class="pl-c1">+</span> <span class="pl-en">y</span>
+<span class="pl-k">let</span> <span class="pl-en">f_int_16</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">int_16</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">int_16</span><span class="pl-c1">{</span><span class="pl-en">ok</span> <span class="pl-c1">(+)</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">})</span> <span class="pl-c1">=</span> <span class="pl-en">x</span> <span class="pl-c1">+</span> <span class="pl-en">y</span>
+<span class="pl-k">let</span> <span class="pl-en">g</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">uint_32</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">uint_32</span><span class="pl-c1">{</span><span class="pl-en">ok</span> <span class="pl-c1">(</span> * <span class="pl-c1">)</span> <span class="pl-en">y</span> <span class="pl-en">y</span> <span class="pl-c1">/\</span> <span class="pl-en">ok</span> <span class="pl-c1">(+)</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">y</span> * <span class="pl-en">y</span><span class="pl-c1">)})</span> <span class="pl-c1">=</span> <span class="pl-en">x</span> <span class="pl-c1">+</span> <span class="pl-en">y</span> * <span class="pl-en">y</span>
+<span class="pl-k">let</span> <span class="pl-en">h</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-smi">Prims.</span><span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-smi">Prims.</span><span class="pl-c1">nat):</span> <span class="pl-c1">nat</span>  <span class="pl-c1">=</span> <span class="pl-en">u</span> <span class="pl-en">x</span> <span class="pl-c1">+</span> <span class="pl-en">u</span> <span class="pl-en">y</span>
+<span class="pl-k">let</span> <span class="pl-en">i</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-smi">Prims.</span><span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-smi">Prims.</span><span class="pl-c1">nat)</span> <span class="pl-c1">=</span> <span class="pl-en">x</span> <span class="pl-c1">+</span> <span class="pl-en">y</span>
+<span class="pl-k">let</span> <span class="pl-en">j</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-smi">Prims.</span><span class="pl-c1">int)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-smi">Prims.</span><span class="pl-c1">nat)</span> <span class="pl-c1">=</span> <span class="pl-en">x</span> <span class="pl-c1">-</span> <span class="pl-en">y</span>
+<span class="pl-k">let</span> <span class="pl-en">k</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-smi">Prims.</span><span class="pl-c1">int)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-smi">Prims.</span><span class="pl-c1">int)</span> <span class="pl-c1">=</span> <span class="pl-en">x</span> * <span class="pl-en">y</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.LexicographicOrdering.html b/docs/FStar.LexicographicOrdering.html
new file mode 100644
index 0000000..e5b1fa1
--- /dev/null
+++ b/docs/FStar.LexicographicOrdering.html
@@ -0,0 +1,179 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+  <title>FStar.LexicographicOrdering</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
+</head>
+<body>
+<p>Copyright 2021 Microsoft Research</p>
+<p>Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at</p>
+<pre><code>http://www.apache.org/licenses/LICENSE-2.0
+</code></pre>
+<p>Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.</p>
+<p>Authors: Aseem Rastogi and Nikhil Swamy</p>
+<h1>
+<a id="user-content-fstarlexicographicordering" class="anchor" href="#fstarlexicographicordering" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.LexicographicOrdering</h1>
+<blockquote>
+<p>This module proves that lexicographic ordering is well-founded
+(i.e. every element is accessible)</p>
+<p>It defines the lex relation as an inductive, and prove its well-foundedness</p>
+<p>Since SMT proofs in F* are more amenable to squashed definitions,
+the module also defines a squashed version of the lex relation,
+and prove its well-foundedness, reusing the proof for the constructive version</p>
+<p>See tests/micro-benchmarks/Test.WellFoundedRecursion.fst for
+how we use squashed <code>lex</code> to prove termination for the ackermann function</p>
+<p>Finally, the module defines a non-dependent version of lex
+(in-terms of dependent lex), and uses it to prove well-foundedness of symmetric products too</p>
+<p>Some references:</p>
+<ul>
+<li><a href="https://github.com/coq/coq/blob/master/theories/Wellfounded/Lexicographic_Product.v">https://github.com/coq/coq/blob/master/theories/Wellfounded/Lexicographic_Product.v</a></li>
+<li>Constructing Recursion Operators in Type Theory, L. Paulson  JSC (1986) 2, 325-355</li>
+</ul>
+</blockquote>
+<ul>
+<li>Opens module <a href="FStar.Preorder.html">FStar.Preorder</a>
+</li>
+<li>Opens module <a href="FStar.WellFounded.html">FStar.WellFounded</a>
+</li>
+</ul>
+<blockquote>
+<p>Definition of lexicographic ordering as a relation over dependent tuples</p>
+<p>Two elements are related if:</p>
+<ul>
+<li>Either their first components are related</li>
+<li>Or, the first components are equal, and the second components are related</li>
+</ul>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">noeq</span>
+<span class="pl-k">type</span> <span class="pl-en">lex_t</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">r_a</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r_b</span><span class="pl-c1">:(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">relation</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">&amp;</span> <span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">&amp;</span> <span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Left_lex</span><span class="pl-c1">:</span>
+    <span class="pl-en">x1</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x2</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">y1</span><span class="pl-c1">:</span><span class="pl-en">b</span> <span class="pl-en">x1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y2</span><span class="pl-c1">:</span><span class="pl-en">b</span> <span class="pl-en">x2</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">r_a</span> <span class="pl-en">x1</span> <span class="pl-en">x2</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">lex_t</span> <span class="pl-en">r_a</span> <span class="pl-en">r_b</span> <span class="pl-c1">(|</span> <span class="pl-en">x1</span><span class="pl-c1">,</span> <span class="pl-en">y1</span> <span class="pl-c1">|)</span> <span class="pl-c1">(|</span> <span class="pl-en">x2</span><span class="pl-c1">,</span> <span class="pl-en">y2</span> <span class="pl-c1">|)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Right_lex</span><span class="pl-c1">:</span>
+    <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">y1</span><span class="pl-c1">:</span><span class="pl-en">b</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y2</span><span class="pl-c1">:</span><span class="pl-en">b</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">r_b</span> <span class="pl-en">x</span> <span class="pl-en">y1</span> <span class="pl-en">y2</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">lex_t</span> <span class="pl-en">r_a</span> <span class="pl-en">r_b</span> <span class="pl-c1">(|</span> <span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-en">y1</span> <span class="pl-c1">|)</span> <span class="pl-c1">(|</span> <span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-en">y2</span> <span class="pl-c1">|)</span></pre></div>
+<blockquote>
+<p>Given two well-founded relations <code>r_a</code> and <code>r_b</code>,
+their lexicographic ordering is also well-founded</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lex_t_wf</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">r_a</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">r_b</span><span class="pl-c1">:(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">relation</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">wf_a</span><span class="pl-c1">:</span><span class="pl-en">well_founded</span> <span class="pl-en">r_a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">wf_b</span><span class="pl-c1">:(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">well_founded</span> <span class="pl-c1">(</span><span class="pl-en">r_b</span> <span class="pl-en">x</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">:</span> <span class="pl-en">well_founded</span> <span class="pl-c1">(</span><span class="pl-en">lex_t</span> <span class="pl-en">r_a</span> <span class="pl-en">r_b</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<p>We can also define a squashed version of lex relation</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">lex_aux</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r_a</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r_b</span><span class="pl-c1">:(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">relation</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">:</span> <span class="pl-en">relation</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">&amp;</span> <span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-k">fun</span> <span class="pl-c1">(|</span> <span class="pl-en">x1</span><span class="pl-c1">,</span> <span class="pl-en">y1</span> <span class="pl-c1">|)</span> <span class="pl-c1">(|</span> <span class="pl-en">x2</span><span class="pl-c1">,</span> <span class="pl-en">y2</span> <span class="pl-c1">|)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">r_a</span> <span class="pl-en">x1</span> <span class="pl-en">x2</span><span class="pl-c1">))</span> <span class="pl-c1">\/</span>
+    <span class="pl-c1">(</span><span class="pl-en">x1</span> <span class="pl-c1">==</span> <span class="pl-en">x2</span> <span class="pl-c1">/\</span> <span class="pl-k">squash</span> <span class="pl-c1">((</span><span class="pl-en">r_b</span> <span class="pl-en">x1</span><span class="pl-c1">)</span> <span class="pl-en">y1</span> <span class="pl-en">y2</span><span class="pl-c1">))</span></pre></div>
+<blockquote>
+<p>Provide a mapping from a point in lex_aux to a squashed point in lex</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lex_to_lex_t</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r_a</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r_b</span><span class="pl-c1">:(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">relation</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">:(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">&amp;</span> <span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">lex_aux</span> <span class="pl-en">r_a</span> <span class="pl-en">r_b</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">lex_t</span> <span class="pl-en">r_a</span> <span class="pl-en">r_b</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<p>And prove that is it is well-founded</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lex_wf</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">r_a</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">r_b</span><span class="pl-c1">:(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">relation</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">wf_a</span><span class="pl-c1">:</span><span class="pl-en">well_founded</span> <span class="pl-en">r_a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">wf_b</span><span class="pl-c1">:(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">well_founded</span> <span class="pl-c1">(</span><span class="pl-en">r_b</span> <span class="pl-en">x</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">is_well_founded</span> <span class="pl-c1">(</span><span class="pl-en">lex_aux</span> <span class="pl-en">r_a</span> <span class="pl-en">r_b</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-en">subrelation_squash_wf</span> <span class="pl-c1">(</span><span class="pl-en">lex_to_lex_t</span> <span class="pl-en">r_a</span> <span class="pl-en">r_b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">lex_t_wf</span> <span class="pl-en">wf_a</span> <span class="pl-en">wf_b</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<p>A user-friendly lex_wf that returns a well-founded relation</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">lex</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">r_a</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">r_b</span><span class="pl-c1">:(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">relation</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">wf_a</span><span class="pl-c1">:</span><span class="pl-en">well_founded</span> <span class="pl-en">r_a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">wf_b</span><span class="pl-c1">:(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">well_founded</span> <span class="pl-c1">(</span><span class="pl-en">r_b</span> <span class="pl-en">x</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">:</span> <span class="pl-en">well_founded_relation</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">&amp;</span> <span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-en">lex_wf</span> <span class="pl-en">wf_a</span> <span class="pl-en">wf_b</span><span class="pl-c1">;</span>
+    <span class="pl-en">lex_aux</span> <span class="pl-en">r_a</span> <span class="pl-en">r_b</span></pre></div>
+<blockquote>
+<p>We can also define a non-dependent version of the lex ordering,
+in terms of the dependent lex tuple,
+and prove its well-foundedness</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">tuple_to_dep_tuple</span> <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">&amp;</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">dtuple2</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">(|</span> <span class="pl-en">fst</span> <span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-en">snd</span> <span class="pl-en">x</span> <span class="pl-c1">|)</span></pre></div>
+<blockquote>
+<p>The non-dependent lexicographic ordering
+and its well-foundedness</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lex_t_non_dep</span> <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">r_a</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r_b</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-en">relation</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">&amp;</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">lex_t</span> <span class="pl-en">r_a</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r_b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">tuple_to_dep_tuple</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">tuple_to_dep_tuple</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lex_t_non_dep_wf</span> <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">r_a</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">r_b</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">wf_a</span><span class="pl-c1">:</span><span class="pl-en">well_founded</span> <span class="pl-en">r_a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">wf_b</span><span class="pl-c1">:</span><span class="pl-en">well_founded</span> <span class="pl-en">r_b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-en">well_founded</span> <span class="pl-c1">(</span><span class="pl-en">lex_t_non_dep</span> <span class="pl-en">r_a</span> <span class="pl-en">r_b</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<p>Symmetric product relation
+we can prove its well-foundedness by showing that it is a subrelation of non-dep lex</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">noeq</span>
+<span class="pl-k">type</span> <span class="pl-en">sym</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">r_a</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r_b</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">&amp;</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">&amp;</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Left_sym</span><span class="pl-c1">:</span>
+    <span class="pl-en">x1</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x2</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">b</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">r_a</span> <span class="pl-en">x1</span> <span class="pl-en">x2</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">sym</span> <span class="pl-en">r_a</span> <span class="pl-en">r_b</span> <span class="pl-c1">(</span><span class="pl-en">x1</span><span class="pl-c1">,</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x2</span><span class="pl-c1">,</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Right_sym</span><span class="pl-c1">:</span>
+    <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">y1</span><span class="pl-c1">:</span><span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y2</span><span class="pl-c1">:</span><span class="pl-en">b</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">r_b</span> <span class="pl-en">y1</span> <span class="pl-en">y2</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">sym</span> <span class="pl-en">r_a</span> <span class="pl-en">r_b</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-en">y1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-en">y2</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<p>sym is a subrelation of non-dependent lex</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">sym_sub_lex</span> <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">r_a</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">r_b</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">&amp;</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">sym</span> <span class="pl-en">r_a</span> <span class="pl-en">r_b</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-en">lex_t_non_dep</span> <span class="pl-en">r_a</span> <span class="pl-en">r_b</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span>
+  <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">p</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Left_sym</span> <span class="pl-en">x1</span> <span class="pl-en">x2</span> <span class="pl-en">y</span> <span class="pl-en">p</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-c1">Left_lex</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">#</span><span class="pl-en">r_a</span> <span class="pl-c1">#(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r_b</span><span class="pl-c1">)</span> <span class="pl-en">x1</span> <span class="pl-en">x2</span> <span class="pl-en">y</span> <span class="pl-en">y</span> <span class="pl-en">p</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Right_sym</span> <span class="pl-en">x</span> <span class="pl-en">y1</span> <span class="pl-en">y2</span> <span class="pl-en">p</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-c1">Right_lex</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">#</span><span class="pl-en">r_a</span> <span class="pl-c1">#(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r_b</span><span class="pl-c1">)</span> <span class="pl-en">x</span> <span class="pl-en">y1</span> <span class="pl-en">y2</span> <span class="pl-en">p</span></pre></div>
+<blockquote>
+<p>Theorem for symmetric product</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">sym_wf</span> <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">r_a</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">r_b</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">wf_a</span><span class="pl-c1">:</span><span class="pl-en">well_founded</span> <span class="pl-en">r_a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">wf_b</span><span class="pl-c1">:</span><span class="pl-en">well_founded</span> <span class="pl-en">r_b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-en">well_founded</span> <span class="pl-c1">(</span><span class="pl-en">sym</span> <span class="pl-en">r_a</span> <span class="pl-en">r_b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-en">subrelation_wf</span> <span class="pl-en">sym_sub_lex</span> <span class="pl-c1">(</span><span class="pl-en">lex_t_non_dep_wf</span> <span class="pl-en">wf_a</span> <span class="pl-en">wf_b</span><span class="pl-c1">)</span></pre></div>
+
+</body>
+</html>
diff --git a/docs/FStar.List.Pure.Base.html b/docs/FStar.List.Pure.Base.html
index 4e6c867..1e37e76 100644
--- a/docs/FStar.List.Pure.Base.html
+++ b/docs/FStar.List.Pure.Base.html
@@ -1,62 +1,72 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.List.Pure.Base</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.list.pure.base">module FStar.List.Pure.Base</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> Functions on list <span class="kw">with</span> a pure specification </code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> map2:#a1:Type -&gt; #a2:Type -&gt; #b:Type -&gt; f:Unidentified product: [a1] Unidentified product: [a2] b -&gt; l1:list a1 -&gt; l2:list a2 -&gt; (Pure (list b) ((requires (==(length l1, length l2)))) ((ensures ((<span class="kw">fun</span> _ -&gt; True)))) (decreases l1))</code></pre></div>
-<p>[map2] takes a pair of list of the same length [x1; ...; xn] [y1; ... ; yn] and return the list [f x1 y1; ... ; f xn yn]</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> map3:#a1:Type -&gt; #a2:Type -&gt; #a3:Type -&gt; #b:Type -&gt; f:Unidentified product: [a1] Unidentified product: [a2] Unidentified product: [a3] b -&gt; l1:list a1 -&gt; l2:list a2 -&gt; l3:list a3 -&gt; (Pure (list b) ((requires (<span class="kw">let</span>  n = length l1 <span class="kw">in</span> (/\(==(n, length l2), ==(n, length l3)))))) ((ensures ((<span class="kw">fun</span> _ -&gt; True)))) (decreases l1))</code></pre></div>
-<p>[map3] takes three lists of the same length [x1; ...; xn][y1; ... ; yn] [z1; ... ; zn] and return the list [f x1 y1 z1; ... ; f xn yn zn]</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> zip:#a1:Type -&gt; #a2:Type -&gt; l1:list a1 -&gt; l2:list a2 -&gt; (Pure (list <span class="co">(*(a1, a2))) ((requires (let  n = length l1 in ==(n, length l2)))) ((ensures ((fun _ -&gt; True)))))</span></code></pre></div>
-<p>[zip] takes a pair of list of the same length and returns the list of index-wise pairs</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> zip3:#a1:Type -&gt; #a2:Type -&gt; #a3:Type -&gt; l1:list a1 -&gt; l2:list a2 -&gt; l3:list a3 -&gt; (Pure (list <span class="co">(*(*(a1, a2), a3))) ((requires (let  n = length l1 in /\(==(n, length l2), ==(n, length l3))))) ((ensures ((fun _ -&gt; True)))))</span></code></pre></div>
-<p>[zip3] takes a 3-tuple of list of the same length and returns the list of index-wise 3-tuples</p>
+<h1>
+<a id="user-content-fstarlistpurebase" class="anchor" href="#fstarlistpurebase" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.List.Pure.Base</h1>
+<ul>
+<li>Opens module <a href="FStar.List.Tot.Base.html">FStar.List.Tot.Base</a>
+</li>
+</ul>
+<p>Functions on list with a pure specification</p>
+<h4>
+<a id="user-content-map2" class="anchor" href="#map2" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>map2</h4>
+<p><a href="#map2"><code>map2</code></a> takes a pair of list of the same length <code>x1; ...; xn</code> <code>y1; ... ; yn</code>
+and return the list <code>f x1 y1; ... ; f xn yn</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">map2</span> <span class="pl-c1">(#</span><span class="pl-en">a1</span> <span class="pl-c1">#</span><span class="pl-en">a2</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-en">a1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a2</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l1</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a1</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l2</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a2</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">l1</span> <span class="pl-c1">==</span> <span class="pl-en">length</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">l1</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">map2</span> <span class="pl-c1">#</span><span class="pl-en">a1</span> <span class="pl-c1">#</span><span class="pl-en">a2</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-en">f</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">l2</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[],</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+  <span class="pl-c1">|</span> <span class="pl-en">x1</span><span class="pl-c1">::</span><span class="pl-en">xs1</span><span class="pl-c1">,</span> <span class="pl-en">x2</span><span class="pl-c1">::</span><span class="pl-en">xs2</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span> <span class="pl-en">x1</span> <span class="pl-en">x2</span> <span class="pl-c1">::</span> <span class="pl-en">map2</span> <span class="pl-en">f</span> <span class="pl-en">xs1</span> <span class="pl-en">xs2</span></pre></div>
+<h4>
+<a id="user-content-map3" class="anchor" href="#map3" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>map3</h4>
+<p><a href="#map3"><code>map3</code></a> takes three lists of the same length <code>x1; ...; xn</code>
+<code>y1; ... ; yn</code> <code>z1; ... ; zn</code> and return the list
+<code>f x1 y1 z1; ... ; f xn yn zn</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">map3</span> <span class="pl-c1">(#</span><span class="pl-en">a1</span> <span class="pl-c1">#</span><span class="pl-en">a2</span> <span class="pl-c1">#</span><span class="pl-en">a3</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-en">a1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a2</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a3</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l1</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a1</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l2</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a2</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l3</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a3</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">l1</span> <span class="pl-k">in</span>
+      <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">==</span> <span class="pl-en">length</span> <span class="pl-en">l2</span> <span class="pl-c1">/\</span>
+        <span class="pl-en">n</span> <span class="pl-c1">==</span> <span class="pl-en">length</span> <span class="pl-en">l3</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">l1</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">map3</span> <span class="pl-c1">#</span><span class="pl-en">a1</span> <span class="pl-c1">#</span><span class="pl-en">a2</span> <span class="pl-c1">#</span><span class="pl-en">a3</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-en">f</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-en">l3</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">l2</span><span class="pl-c1">,</span> <span class="pl-en">l3</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[],</span> <span class="pl-c1">[],</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+  <span class="pl-c1">|</span> <span class="pl-en">x1</span><span class="pl-c1">::</span><span class="pl-en">xs1</span><span class="pl-c1">,</span> <span class="pl-en">x2</span><span class="pl-c1">::</span><span class="pl-en">xs2</span><span class="pl-c1">,</span> <span class="pl-en">x3</span><span class="pl-c1">::</span><span class="pl-en">xs3</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span> <span class="pl-en">x1</span> <span class="pl-en">x2</span> <span class="pl-en">x3</span> <span class="pl-c1">::</span> <span class="pl-en">map3</span> <span class="pl-en">f</span> <span class="pl-en">xs1</span> <span class="pl-en">xs2</span> <span class="pl-en">xs3</span></pre></div>
+<h4>
+<a id="user-content-zip" class="anchor" href="#zip" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>zip</h4>
+<p><a href="#zip"><code>zip</code></a> takes a pair of list of the same length and returns
+the list of index-wise pairs</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">zip</span> <span class="pl-c1">(#</span><span class="pl-en">a1</span> <span class="pl-c1">#</span><span class="pl-en">a2</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">l1</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">l2</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a2</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">a1</span> * <span class="pl-en">a2</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">l1</span> <span class="pl-k">in</span> <span class="pl-en">n</span> <span class="pl-c1">==</span> <span class="pl-en">length</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">zip</span> <span class="pl-c1">#</span><span class="pl-en">a1</span> <span class="pl-c1">#</span><span class="pl-en">a2</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-c1">=</span> <span class="pl-en">map2</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span></pre></div>
+<h4>
+<a id="user-content-zip3" class="anchor" href="#zip3" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>zip3</h4>
+<p><a href="#zip3"><code>zip3</code></a> takes a 3-tuple of list of the same length and returns
+the list of index-wise 3-tuples</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">zip3</span> <span class="pl-c1">(#</span><span class="pl-en">a1</span> <span class="pl-c1">#</span><span class="pl-en">a2</span> <span class="pl-c1">#</span><span class="pl-en">a3</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">l1</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">l2</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">l3</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a3</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">a1</span> * <span class="pl-en">a2</span> * <span class="pl-en">a3</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">l1</span> <span class="pl-k">in</span> <span class="pl-en">n</span> <span class="pl-c1">==</span> <span class="pl-en">length</span> <span class="pl-en">l2</span> <span class="pl-c1">/\</span> <span class="pl-en">n</span> <span class="pl-c1">==</span> <span class="pl-en">length</span> <span class="pl-en">l3</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">zip3</span> <span class="pl-c1">#</span><span class="pl-en">a1</span> <span class="pl-c1">#</span><span class="pl-en">a2</span> <span class="pl-c1">#</span><span class="pl-en">a3</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-en">l3</span> <span class="pl-c1">=</span> <span class="pl-en">map3</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">,</span><span class="pl-en">y</span><span class="pl-c1">,</span><span class="pl-en">z</span><span class="pl-c1">)</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-en">l3</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.List.Pure.Properties.html b/docs/FStar.List.Pure.Properties.html
index 5e07ddb..5dd24b3 100644
--- a/docs/FStar.List.Pure.Properties.html
+++ b/docs/FStar.List.Pure.Properties.html
@@ -1,84 +1,271 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.List.Pure.Properties</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.list.pure.properties">module FStar.List.Pure.Properties</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> Properties <span class="kw">of</span> splitAt </code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((lemma_splitAt_append (#a:Type) (n:nat) (l:list a)):(Lemma ((requires &lt;=(n, length l))) ((ensures (<span class="kw">let</span>  (l1, l2) = splitAt n l <span class="kw">in</span> /\(==(append l1 l2, l), =(length l1, n))))))):<span class="kw">match</span> n <span class="kw">with</span> <span class="dv">0</span>  -&gt; () | _  -&gt; <span class="kw">match</span> l <span class="kw">with</span> []  -&gt; () | (Prims<span class="kw">.</span>Cons x xs)  -&gt; lemma_splitAt_append (-(n, <span class="dv">1</span>)) xs</code></pre></div>
-<p>If we [append] the two lists produced using a [splitAt], then we get back the original list</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((lemma_append_splitAt (#t:Type) (l1:list t) (l2:list t)):(Lemma ((ensures (==(splitAt (length l1) (append l1 l2), ((FStar<span class="kw">.</span>Pervasives<span class="kw">.</span>Native<span class="kw">.</span>Mktuple2 l1 l2)))))))):<span class="kw">match</span> l1 <span class="kw">with</span> []  -&gt; () | _  -&gt; lemma_append_splitAt (tl l1) l2</code></pre></div>
-<p>If we [splitAt] the point at which two lists have been [append]ed, then we get back the original lists.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((lemma_splitAt (#t:Type) (l:list t) (l1:list t) (l2:list t) (n:n:nat:{&lt;=(n, length l)})):(Lemma (&lt;==&gt;(==(splitAt n l, ((FStar<span class="kw">.</span>Pervasives<span class="kw">.</span>Native<span class="kw">.</span>Mktuple2 l1 l2))), /\(==(l, @(l1, l2)), =(length l1, n)))))):lemma_splitAt_append n l; lemma_append_splitAt l1 l2</code></pre></div>
-<p>Fully characterize behavior of [splitAt] in terms of more standard list concepts</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((lemma_splitAt_index_hd (#t:Type) (n:nat) (l:list t)):(Lemma ((requires (&lt;(n, length l)))) ((ensures (<span class="kw">let</span>  (l1, l2) = splitAt n l <span class="kw">in</span> splitAt_length n l; /\(&gt;(length l2, <span class="dv">0</span>), ==(hd l2, index l n))))))):<span class="kw">let</span>  (Prims<span class="kw">.</span>Cons x xs) = l <span class="kw">in</span> <span class="kw">match</span> n <span class="kw">with</span> <span class="dv">0</span>  -&gt; () | _  -&gt; lemma_splitAt_index_hd (-(n, <span class="dv">1</span>)) (tl l)</code></pre></div>
-<p>The [hd] of the second list returned via [splitAt] is the [n]th element of the original list</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((lemma_splitAt_shorten_left (#t:Type) (l1:list t) (l2:list t) (i:i:nat:{/\(&lt;=(i, length l1), &lt;=(i, length l2))}) (j:j:nat:{&lt;=(j, i)})):(Lemma ((requires (==(fst (splitAt i l1), fst (splitAt i l2))))) ((ensures (==(fst (splitAt j l1), fst (splitAt j l2))))))):<span class="kw">match</span> j <span class="kw">with</span> <span class="dv">0</span>  -&gt; () | _  -&gt; lemma_splitAt_shorten_left (tl l1) (tl l2) (-(i, <span class="dv">1</span>)) (-(j, <span class="dv">1</span>))</code></pre></div>
-<p>If two lists have the same left prefix, then shorter left prefixes are also the same.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((lemma_splitAt_reindex_left (#t:Type) (i:nat) (l:list t) (j:nat)):(Lemma ((requires /\(&lt;=(i, length l), &lt;(j, i)))) ((ensures (<span class="kw">let</span>  (left, right) = splitAt i l <span class="kw">in</span> splitAt_length i l; /\(&lt;(j, length left), ==(index left j, index l j))))))):<span class="kw">match</span> (FStar<span class="kw">.</span>Pervasives<span class="kw">.</span>Native<span class="kw">.</span>Mktuple2 i j) <span class="kw">with</span> (<span class="dv">1</span>, _)|
- (_, <span class="dv">0</span>)  -&gt; () | _  -&gt; lemma_splitAt_reindex_left (-(i, <span class="dv">1</span>)) (tl l) (-(j, <span class="dv">1</span>))</code></pre></div>
-<p>Doing an [index] on the left-part of a [splitAt] is same as doing it on the original list</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((lemma_splitAt_reindex_right (#t:Type) (i:nat) (l:list t) (j:nat)):(Lemma ((requires /\(&lt;=(i, length l), &lt;(+(j, i), length l)))) ((ensures (<span class="kw">let</span>  (left, right) = splitAt i l <span class="kw">in</span> splitAt_length i l; /\(&lt;(j, length right), ==(index right j, index l (+(j, i))))))))):<span class="kw">match</span> i <span class="kw">with</span> <span class="dv">0</span>  -&gt; () | _  -&gt; lemma_splitAt_reindex_right (-(i, <span class="dv">1</span>)) (tl l) j</code></pre></div>
-<p>Doing an [index] on the right-part of a [splitAt] is same as doing it on the original list, but shifted</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> Properties <span class="kw">of</span> split3 </code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((lemma_split3_append (#t:Type) (l:list t) (n:n:nat:{&lt;(n, length l)})):(Lemma ((requires True)) ((ensures (<span class="kw">let</span>  (a, b, c) = split3 l n <span class="kw">in</span> ==(l, append a ((Prims<span class="kw">.</span>Cons b c)))))))):lemma_splitAt_append n l</code></pre></div>
-<p>The 3 pieces returned via [split3] can be joined together via an [append] and a [cons]</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((lemma_split3_index (#t:Type) (l:list t) (n:n:nat:{&lt;(n, length l)})):(Lemma ((requires True)) ((ensures (<span class="kw">let</span>  (a, b, c) = split3 l n <span class="kw">in</span> ==(b, index l n)))))):lemma_splitAt_index_hd n l</code></pre></div>
-<p>The middle element returned via [split3] is the [n]th [index]ed element</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((lemma_split3_length (#t:Type) (l:list t) (n:n:nat:{&lt;(n, length l)})):(Lemma ((requires True)) ((ensures (<span class="kw">let</span>  (a, b, c) = split3 l n <span class="kw">in</span> /\(=(length a, n), =(length c, -(-(length l, n), <span class="dv">1</span>)))))))):splitAt_length n l</code></pre></div>
-<p>The lengths of the left and right parts of a [split3] are as expected.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((lemma_split3_on_same_leftprefix (#t:Type) (l1:list t) (l2:list t) (n:n:nat:{/\(&lt;(n, length l1), &lt;(n, length l2))})):(Lemma ((requires (==(fst (splitAt (+(n, <span class="dv">1</span>)) l1), fst (splitAt (+(n, <span class="dv">1</span>)) l2))))) ((ensures (<span class="kw">let</span>  (a1, b1, c1) = split3 l1 n <span class="kw">in</span> <span class="kw">let</span>  (a2, b2, c2) = split3 l2 n <span class="kw">in</span> /\(==(a1, a2), ==(b1, b2))))))):<span class="kw">let</span>  (a1, b1, c1) = split3 l1 n <span class="kw">in</span> <span class="kw">let</span>  (a2, b2, c2) = split3 l2 n <span class="kw">in</span> lemma_split3_append l1 n; lemma_split3_append l2 n; lemma_split3_length l1 n; lemma_split3_length l2 n; append_l_cons b1 c1 a1; append_l_cons b2 c2 a2; <span class="kw">let</span>  (x1, y1) = splitAt (+(n, <span class="dv">1</span>)) l1 <span class="kw">in</span> <span class="kw">let</span>  (x2, y2) = splitAt (+(n, <span class="dv">1</span>)) l2 <span class="kw">in</span> lemma_splitAt_append (+(n, <span class="dv">1</span>)) l1; lemma_splitAt_append (+(n, <span class="dv">1</span>)) l2; splitAt_length (+(n, <span class="dv">1</span>)) l1; splitAt_length (+(n, <span class="dv">1</span>)) l2; append_length_inv_head x1 y1 (append a1 (Prims<span class="kw">.</span>Cons b1 (Prims<span class="kw">.</span>Nil ))) c1; append_length_inv_head x2 y2 (append a2 (Prims<span class="kw">.</span>Cons b2 (Prims<span class="kw">.</span>Nil ))) c2; append_length_inv_tail a1 (Prims<span class="kw">.</span>Cons b1 (Prims<span class="kw">.</span>Nil )) a2 (Prims<span class="kw">.</span>Cons b2 (Prims<span class="kw">.</span>Nil )); ()</code></pre></div>
-<p>If we [split3] on lists with the same left prefix, we get the same element and left prefix.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((lemma_split3_unsnoc (#t:Type) (l:list t) (n:n:nat:{&lt;(n, length l)})):(Lemma ((requires (&lt;&gt;(n, -(length l, <span class="dv">1</span>))))) ((ensures (<span class="kw">let</span>  (a, b, c) = split3 l n <span class="kw">in</span> lemma_split3_length l n; /\(&gt;(length c, <span class="dv">0</span>), (<span class="kw">let</span>  (xs, x) = unsnoc l <span class="kw">in</span> <span class="kw">let</span>  (ys, y) = unsnoc c <span class="kw">in</span> ==(append a ((Prims<span class="kw">.</span>Cons b ys)), xs)))))))):<span class="kw">match</span> n <span class="kw">with</span> <span class="dv">0</span>  -&gt; () | _  -&gt; lemma_split3_unsnoc (tl l) (-(n, <span class="dv">1</span>))</code></pre></div>
-<p>If we perform an [unsnoc] on a list, then the left part is the same as an [append]+[cons] on the list after [split3].</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((lemma_unsnoc_split3 (#t:Type) (l:list t) (i:i:nat:{&lt;(i, length l)})):(Lemma ((requires (&lt;&gt;(i, -(length l, <span class="dv">1</span>))))) ((ensures (<span class="kw">let</span>  (xs, x) = unsnoc l <span class="kw">in</span> /\(&lt;(i, length xs), (<span class="kw">let</span>  (a0, b0, c0) = split3 l i <span class="kw">in</span> <span class="kw">let</span>  (a1, b1, c1) = split3 xs i <span class="kw">in</span> /\(==(a0, a1), ==(b0, b1))))))))):<span class="kw">let</span>  (xs, x) = unsnoc l <span class="kw">in</span> lemma_unsnoc_length l; <span class="kw">let</span>  (a0, b0, c0) = split3 l i <span class="kw">in</span> <span class="kw">let</span>  (a1, b1, c1) = split3 xs i <span class="kw">in</span> splitAt_length_total xs; lemma_splitAt_shorten_left xs l (length xs) (+(i, <span class="dv">1</span>)); lemma_split3_on_same_leftprefix l xs i</code></pre></div>
-<p>Doing [unsnoc] and [split3] in either order leads to the same left part, and element.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((lemma_split3_r_hd (#t:Type) (l:list t) (i:i:nat:{&lt;(i, length l)})):(Lemma ((ensures (<span class="kw">let</span>  (a, b, c) = split3 l i <span class="kw">in</span> lemma_split3_length l i; ==&gt;(&gt;(length c, <span class="dv">0</span>), /\(&lt;(+(i, <span class="dv">1</span>), length l), ==(hd c, index l (+(i, <span class="dv">1</span>)))))))))):<span class="kw">match</span> i <span class="kw">with</span> <span class="dv">0</span>  -&gt; () | _  -&gt; lemma_split3_r_hd (tl l) (-(i, <span class="dv">1</span>))</code></pre></div>
-<p>The head of the right side of a [split3] can be [index]ed from original list.</p>
+<h1>
+<a id="user-content-fstarlistpureproperties" class="anchor" href="#fstarlistpureproperties" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.List.Pure.Properties</h1>
+<ul>
+<li>Opens module <a href="FStar.List.Tot.Base.html">FStar.List.Tot.Base</a>
+</li>
+<li>Opens module <a href="FStar.List.Pure.Base.html">FStar.List.Pure.Base</a>
+</li>
+<li>Opens module <a href="FStar.List.Tot.Properties.html">FStar.List.Tot.Properties</a>
+</li>
+</ul>
+<p>Properties of splitAt</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">splitAt_length</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-k">begin</span>
+      <span class="pl-k">let</span> <span class="pl-en">l_1</span><span class="pl-c1">,</span> <span class="pl-en">l_2</span> <span class="pl-c1">=</span> <span class="pl-en">splitAt</span> <span class="pl-en">n</span> <span class="pl-en">l</span> <span class="pl-k">in</span>
+      <span class="pl-k">if</span> <span class="pl-en">length</span> <span class="pl-en">l</span> &lt; <span class="pl-en">n</span> <span class="pl-k">then</span>
+        <span class="pl-en">length</span> <span class="pl-en">l_1</span> <span class="pl-c1">==</span> <span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">/\</span> <span class="pl-en">length</span> <span class="pl-en">l_2</span> <span class="pl-c1">==</span> <span class="pl-c1">0</span>
+      <span class="pl-k">else</span>
+        <span class="pl-en">length</span> <span class="pl-en">l_1</span> <span class="pl-c1">==</span> <span class="pl-en">n</span> <span class="pl-c1">/\</span> <span class="pl-en">length</span> <span class="pl-en">l_2</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">-</span> <span class="pl-en">n</span>
+    <span class="pl-k">end</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+<span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-c1">()</span>
+  <span class="pl-k">else</span>
+    <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">::</span><span class="pl-en">xs</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">splitAt_length</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">-</span><span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">xs</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">splitAt_assoc</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">n1</span> <span class="pl-en">n2</span><span class="pl-c1">:nat)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-k">begin</span>
+      <span class="pl-k">let</span> <span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">l2</span> <span class="pl-c1">=</span> <span class="pl-en">splitAt</span> <span class="pl-en">n1</span> <span class="pl-en">l</span> <span class="pl-k">in</span>
+      <span class="pl-k">let</span> <span class="pl-en">l2</span><span class="pl-c1">,</span> <span class="pl-en">l3</span> <span class="pl-c1">=</span> <span class="pl-en">splitAt</span> <span class="pl-en">n2</span> <span class="pl-en">l2</span> <span class="pl-k">in</span>
+      <span class="pl-k">let</span> <span class="pl-en">l1'</span><span class="pl-c1">,</span> <span class="pl-en">l2'</span> <span class="pl-c1">=</span> <span class="pl-en">splitAt</span> <span class="pl-c1">(</span><span class="pl-en">n1</span><span class="pl-c1">+</span><span class="pl-en">n2</span><span class="pl-c1">)</span> <span class="pl-en">l</span> <span class="pl-k">in</span>
+      <span class="pl-en">l1'</span> <span class="pl-c1">==</span>  <span class="pl-en">l1</span> @ <span class="pl-en">l2</span> <span class="pl-c1">/\</span> <span class="pl-en">l2'</span> <span class="pl-c1">==</span> <span class="pl-en">l3</span>
+    <span class="pl-k">end</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">n1</span><span class="pl-c1">)</span>
+<span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">n1</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-c1">()</span>
+  <span class="pl-k">else</span>
+    <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+    <span class="pl-c1">|</span> <span class="pl-en">x</span> <span class="pl-c1">::</span> <span class="pl-en">xs</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">splitAt_assoc</span> <span class="pl-c1">(</span><span class="pl-en">n1</span><span class="pl-c1">-</span><span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">n2</span> <span class="pl-en">xs</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">splitAt_length_total</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">splitAt</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-en">l</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">,</span> <span class="pl-c1">[])))</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">l</span><span class="pl-c1">)</span>
+<span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">x</span> <span class="pl-c1">::</span> <span class="pl-en">xs</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">splitAt_length_total</span> <span class="pl-en">xs</span></pre></div>
+<h4>
+<a id="user-content-lemma_splitat_append" class="anchor" href="#lemma_splitat_append" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lemma_splitAt_append</h4>
+<p>If we <code>append</code> the two lists produced using a <code>splitAt</code>, then we
+get back the original list</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">lemma_splitAt_append</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">n</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">l2</span> <span class="pl-c1">=</span> <span class="pl-en">splitAt</span> <span class="pl-en">n</span> <span class="pl-en">l</span> <span class="pl-k">in</span>
+              <span class="pl-en">append</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-c1">==</span> <span class="pl-en">l</span> <span class="pl-c1">/\</span> <span class="pl-en">length</span> <span class="pl-en">l1</span> <span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">))</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">n</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+    <span class="pl-c1">|</span> <span class="pl-en">x</span> <span class="pl-c1">::</span> <span class="pl-en">xs</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">lemma_splitAt_append</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">-</span><span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">xs</span></pre></div>
+<h4>
+<a id="user-content-lemma_append_splitat" class="anchor" href="#lemma_append_splitat" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lemma_append_splitAt</h4>
+<p>If we <code>splitAt</code> the point at which two lists have been <code>append</code>ed, then we
+get back the original lists.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">lemma_append_splitAt</span> <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">splitAt</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">l2</span><span class="pl-c1">)))</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">l1</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">lemma_append_splitAt</span> <span class="pl-c1">(</span><span class="pl-en">tl</span> <span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-en">l2</span></pre></div>
+<h4>
+<a id="user-content-lemma_splitat" class="anchor" href="#lemma_splitat" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lemma_splitAt</h4>
+<p>Fully characterize behavior of <code>splitAt</code> in terms of more standard list concepts</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lemma_splitAt</span> <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">l</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat{</span><span class="pl-en">n</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">})</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">splitAt</span> <span class="pl-en">n</span> <span class="pl-en">l</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">l</span> <span class="pl-c1">==</span> <span class="pl-en">l1</span> @ <span class="pl-en">l2</span> <span class="pl-c1">/\</span> <span class="pl-en">length</span> <span class="pl-en">l1</span> <span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">lemma_splitAt_append</span> <span class="pl-en">n</span> <span class="pl-en">l</span><span class="pl-c1">;</span>
+  <span class="pl-en">lemma_append_splitAt</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span></pre></div>
+<h4>
+<a id="user-content-lemma_splitat_index_hd" class="anchor" href="#lemma_splitat_index_hd" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lemma_splitAt_index_hd</h4>
+<p>The <code>hd</code> of the second list returned via <code>splitAt</code> is the <code>n</code>th element of
+the original list</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">lemma_splitAt_index_hd</span> <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">n</span> &lt; <span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">l2</span> <span class="pl-c1">=</span> <span class="pl-en">splitAt</span> <span class="pl-en">n</span> <span class="pl-en">l</span> <span class="pl-k">in</span>
+              <span class="pl-en">splitAt_length</span> <span class="pl-en">n</span> <span class="pl-en">l</span><span class="pl-c1">;</span>
+              <span class="pl-en">length</span> <span class="pl-en">l2</span> &gt; <span class="pl-c1">0</span> <span class="pl-c1">/\</span> <span class="pl-en">hd</span> <span class="pl-en">l2</span> <span class="pl-c1">==</span> <span class="pl-en">index</span> <span class="pl-en">l</span> <span class="pl-en">n</span><span class="pl-c1">))</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">x</span> <span class="pl-c1">::</span> <span class="pl-en">xs</span> <span class="pl-c1">=</span> <span class="pl-en">l</span> <span class="pl-k">in</span>
+  <span class="pl-k">match</span> <span class="pl-en">n</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">lemma_splitAt_index_hd</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">tl</span> <span class="pl-en">l</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-lemma_splitat_shorten_left" class="anchor" href="#lemma_splitat_shorten_left" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lemma_splitAt_shorten_left</h4>
+<p>If two lists have the same left prefix, then shorter left prefixes are
+also the same.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">lemma_splitAt_shorten_left</span>
+    <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">l1</span> <span class="pl-c1">/\</span> <span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">l2</span><span class="pl-c1">})</span> <span class="pl-c1">(</span><span class="pl-en">j</span><span class="pl-c1">:nat{</span><span class="pl-en">j</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">i</span><span class="pl-c1">})</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">fst</span> <span class="pl-c1">(</span><span class="pl-en">splitAt</span> <span class="pl-en">i</span> <span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">fst</span> <span class="pl-c1">(</span><span class="pl-en">splitAt</span> <span class="pl-en">i</span> <span class="pl-en">l2</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">fst</span> <span class="pl-c1">(</span><span class="pl-en">splitAt</span> <span class="pl-en">j</span> <span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">fst</span> <span class="pl-c1">(</span><span class="pl-en">splitAt</span> <span class="pl-en">j</span> <span class="pl-en">l2</span><span class="pl-c1">)))</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">j</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">lemma_splitAt_shorten_left</span> <span class="pl-c1">(</span><span class="pl-en">tl</span> <span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">tl</span> <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">-</span><span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">j</span><span class="pl-c1">-</span><span class="pl-c1">1</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-lemma_splitat_reindex_left" class="anchor" href="#lemma_splitat_reindex_left" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lemma_splitAt_reindex_left</h4>
+<p>Doing an <code>index</code> on the left-part of a <code>splitAt</code> is same as doing it on
+the original list</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">lemma_splitAt_reindex_left</span> <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">j</span><span class="pl-c1">:nat)</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">/\</span> <span class="pl-en">j</span> &lt; <span class="pl-en">i</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span>
+        <span class="pl-k">let</span> <span class="pl-en">left</span><span class="pl-c1">,</span> <span class="pl-en">right</span> <span class="pl-c1">=</span> <span class="pl-en">splitAt</span> <span class="pl-en">i</span> <span class="pl-en">l</span> <span class="pl-k">in</span>
+        <span class="pl-en">splitAt_length</span> <span class="pl-en">i</span> <span class="pl-en">l</span><span class="pl-c1">;</span>
+        <span class="pl-en">j</span> &lt; <span class="pl-en">length</span> <span class="pl-en">left</span> <span class="pl-c1">/\</span> <span class="pl-en">index</span> <span class="pl-en">left</span> <span class="pl-en">j</span> <span class="pl-c1">==</span> <span class="pl-en">index</span> <span class="pl-en">l</span> <span class="pl-en">j</span><span class="pl-c1">))</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">i</span><span class="pl-c1">,</span> <span class="pl-en">j</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">1</span><span class="pl-c1">,</span> <span class="pl-c1">_</span> <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">lemma_splitAt_reindex_left</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">tl</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">j</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-lemma_splitat_reindex_right" class="anchor" href="#lemma_splitat_reindex_right" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lemma_splitAt_reindex_right</h4>
+<p>Doing an <code>index</code> on the right-part of a <code>splitAt</code> is same as doing it on
+the original list, but shifted</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">lemma_splitAt_reindex_right</span> <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">j</span><span class="pl-c1">:nat)</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">/\</span> <span class="pl-en">j</span> <span class="pl-c1">+</span> <span class="pl-en">i</span> &lt; <span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span>
+        <span class="pl-k">let</span> <span class="pl-en">left</span><span class="pl-c1">,</span> <span class="pl-en">right</span> <span class="pl-c1">=</span> <span class="pl-en">splitAt</span> <span class="pl-en">i</span> <span class="pl-en">l</span> <span class="pl-k">in</span>
+        <span class="pl-en">splitAt_length</span> <span class="pl-en">i</span> <span class="pl-en">l</span><span class="pl-c1">;</span>
+        <span class="pl-en">j</span> &lt; <span class="pl-en">length</span> <span class="pl-en">right</span> <span class="pl-c1">/\</span> <span class="pl-en">index</span> <span class="pl-en">right</span> <span class="pl-en">j</span> <span class="pl-c1">==</span> <span class="pl-en">index</span> <span class="pl-en">l</span> <span class="pl-c1">(</span><span class="pl-en">j</span> <span class="pl-c1">+</span> <span class="pl-en">i</span><span class="pl-c1">)))</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">i</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">lemma_splitAt_reindex_right</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">tl</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-en">j</span></pre></div>
+<p>Properties of split3</p>
+<h4>
+<a id="user-content-lemma_split3_append" class="anchor" href="#lemma_split3_append" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lemma_split3_append</h4>
+<p>The 3 pieces returned via <code>split3</code> can be joined together via an
+<code>append</code> and a <code>cons</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lemma_split3_append</span> <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat{</span><span class="pl-en">n</span> &lt; <span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">})</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span>
+        <span class="pl-k">let</span> <span class="pl-en">a</span><span class="pl-c1">,</span> <span class="pl-en">b</span><span class="pl-c1">,</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">split3</span> <span class="pl-en">l</span> <span class="pl-en">n</span> <span class="pl-k">in</span>
+        <span class="pl-en">l</span> <span class="pl-c1">==</span> <span class="pl-en">append</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">::</span> <span class="pl-en">c</span><span class="pl-c1">)))</span> <span class="pl-c1">=</span>
+  <span class="pl-en">lemma_splitAt_append</span> <span class="pl-en">n</span> <span class="pl-en">l</span></pre></div>
+<h4>
+<a id="user-content-lemma_split3_index" class="anchor" href="#lemma_split3_index" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lemma_split3_index</h4>
+<p>The middle element returned via <code>split3</code> is the <code>n</code>th <code>index</code>ed element</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lemma_split3_index</span> <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat{</span><span class="pl-en">n</span> &lt; <span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">})</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span>
+        <span class="pl-k">let</span> <span class="pl-en">a</span><span class="pl-c1">,</span> <span class="pl-en">b</span><span class="pl-c1">,</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">split3</span> <span class="pl-en">l</span> <span class="pl-en">n</span> <span class="pl-k">in</span>
+        <span class="pl-en">b</span> <span class="pl-c1">==</span> <span class="pl-en">index</span> <span class="pl-en">l</span> <span class="pl-en">n</span><span class="pl-c1">))</span> <span class="pl-c1">=</span>
+  <span class="pl-en">lemma_splitAt_index_hd</span> <span class="pl-en">n</span> <span class="pl-en">l</span></pre></div>
+<h4>
+<a id="user-content-lemma_split3_length" class="anchor" href="#lemma_split3_length" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lemma_split3_length</h4>
+<p>The lengths of the left and right parts of a <code>split3</code> are as expected.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lemma_split3_length</span> <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat{</span><span class="pl-en">n</span> &lt; <span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">})</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span>
+        <span class="pl-k">let</span> <span class="pl-en">a</span><span class="pl-c1">,</span> <span class="pl-en">b</span><span class="pl-c1">,</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">split3</span> <span class="pl-en">l</span> <span class="pl-en">n</span> <span class="pl-k">in</span>
+        <span class="pl-en">length</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">n</span> <span class="pl-c1">/\</span> <span class="pl-en">length</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">-</span> <span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">))</span> <span class="pl-c1">=</span>
+  <span class="pl-en">splitAt_length</span> <span class="pl-en">n</span> <span class="pl-en">l</span></pre></div>
+<h4>
+<a id="user-content-lemma_split3_on_same_leftprefix" class="anchor" href="#lemma_split3_on_same_leftprefix" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lemma_split3_on_same_leftprefix</h4>
+<p>If we <code>split3</code> on lists with the same left prefix, we get the same
+element and left prefix.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lemma_split3_on_same_leftprefix</span>
+    <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat{</span><span class="pl-en">n</span> &lt; <span class="pl-en">length</span> <span class="pl-en">l1</span> <span class="pl-c1">/\</span> <span class="pl-en">n</span> &lt; <span class="pl-en">length</span> <span class="pl-en">l2</span><span class="pl-c1">})</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">fst</span> <span class="pl-c1">(</span><span class="pl-en">splitAt</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">+</span><span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">fst</span> <span class="pl-c1">(</span><span class="pl-en">splitAt</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">+</span><span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">l2</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-en">a1</span><span class="pl-c1">,</span> <span class="pl-en">b1</span><span class="pl-c1">,</span> <span class="pl-en">c1</span> <span class="pl-c1">=</span> <span class="pl-en">split3</span> <span class="pl-en">l1</span> <span class="pl-en">n</span> <span class="pl-k">in</span>
+              <span class="pl-k">let</span> <span class="pl-en">a2</span><span class="pl-c1">,</span> <span class="pl-en">b2</span><span class="pl-c1">,</span> <span class="pl-en">c2</span> <span class="pl-c1">=</span> <span class="pl-en">split3</span> <span class="pl-en">l2</span> <span class="pl-en">n</span> <span class="pl-k">in</span>
+              <span class="pl-en">a1</span> <span class="pl-c1">==</span> <span class="pl-en">a2</span> <span class="pl-c1">/\</span> <span class="pl-en">b1</span> <span class="pl-c1">==</span> <span class="pl-en">b2</span><span class="pl-c1">))</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">a1</span><span class="pl-c1">,</span> <span class="pl-en">b1</span><span class="pl-c1">,</span> <span class="pl-en">c1</span> <span class="pl-c1">=</span> <span class="pl-en">split3</span> <span class="pl-en">l1</span> <span class="pl-en">n</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">a2</span><span class="pl-c1">,</span> <span class="pl-en">b2</span><span class="pl-c1">,</span> <span class="pl-en">c2</span> <span class="pl-c1">=</span> <span class="pl-en">split3</span> <span class="pl-en">l2</span> <span class="pl-en">n</span> <span class="pl-k">in</span>
+  <span class="pl-en">lemma_split3_append</span> <span class="pl-en">l1</span> <span class="pl-en">n</span><span class="pl-c1">;</span>
+  <span class="pl-en">lemma_split3_append</span> <span class="pl-en">l2</span> <span class="pl-en">n</span><span class="pl-c1">;</span>
+  <span class="pl-en">lemma_split3_length</span> <span class="pl-en">l1</span> <span class="pl-en">n</span><span class="pl-c1">;</span>
+  <span class="pl-en">lemma_split3_length</span> <span class="pl-en">l2</span> <span class="pl-en">n</span><span class="pl-c1">;</span>
+  <span class="pl-en">append_l_cons</span> <span class="pl-en">b1</span> <span class="pl-en">c1</span> <span class="pl-en">a1</span><span class="pl-c1">;</span>
+  <span class="pl-en">append_l_cons</span> <span class="pl-en">b2</span> <span class="pl-en">c2</span> <span class="pl-en">a2</span><span class="pl-c1">;</span></pre></div>
+<p>assert ((a1 @ <code>b1</code>) @ c1 == l1);
+assert ((a2 @ <code>b2</code>) @ c2 == l2);
+assert (x1 @ y1 == (a1 @ <code>b1</code>) @ c1);
+assert (x2 @ y2 == (a2 @ <code>b2</code>) @ c2);
+assert (a1 @ <code>b1</code> == a2 @ <code>b2</code>);
+assert (a1 == a2 /\ b1 == b2);</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">x1</span><span class="pl-c1">,</span> <span class="pl-en">y1</span> <span class="pl-c1">=</span> <span class="pl-en">splitAt</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">+</span><span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">l1</span> <span class="pl-k">in</span>
+<span class="pl-k">let</span> <span class="pl-en">x2</span><span class="pl-c1">,</span> <span class="pl-en">y2</span> <span class="pl-c1">=</span> <span class="pl-en">splitAt</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">+</span><span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">l2</span> <span class="pl-k">in</span>
+<span class="pl-en">lemma_splitAt_append</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">+</span><span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">l1</span><span class="pl-c1">;</span>
+<span class="pl-en">lemma_splitAt_append</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">+</span><span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">l2</span><span class="pl-c1">;</span>
+<span class="pl-en">splitAt_length</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">+</span><span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">l1</span><span class="pl-c1">;</span>
+<span class="pl-en">splitAt_length</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">+</span><span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">l2</span><span class="pl-c1">;</span>
+<span class="pl-en">append_length_inv_head</span> <span class="pl-en">x1</span> <span class="pl-en">y1</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">a1</span> <span class="pl-c1">[</span><span class="pl-en">b1</span><span class="pl-c1">])</span> <span class="pl-en">c1</span><span class="pl-c1">;</span>
+<span class="pl-en">append_length_inv_head</span> <span class="pl-en">x2</span> <span class="pl-en">y2</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">a2</span> <span class="pl-c1">[</span><span class="pl-en">b2</span><span class="pl-c1">])</span> <span class="pl-en">c2</span><span class="pl-c1">;</span>
+<span class="pl-en">append_length_inv_tail</span> <span class="pl-en">a1</span> <span class="pl-c1">[</span><span class="pl-en">b1</span><span class="pl-c1">]</span> <span class="pl-en">a2</span> <span class="pl-c1">[</span><span class="pl-en">b2</span><span class="pl-c1">];</span>
+<span class="pl-c1">()</span></pre></div>
+<h4>
+<a id="user-content-lemma_split3_unsnoc" class="anchor" href="#lemma_split3_unsnoc" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lemma_split3_unsnoc</h4>
+<p>If we perform an <code>unsnoc</code> on a list, then the left part is the same
+as an <code>append</code>+<code>cons</code> on the list after <code>split3</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">lemma_split3_unsnoc</span> <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat{</span><span class="pl-en">n</span> &lt; <span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">})</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">n</span> &lt;&gt; <span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span>
+        <span class="pl-k">let</span> <span class="pl-en">a</span><span class="pl-c1">,</span> <span class="pl-en">b</span><span class="pl-c1">,</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">split3</span> <span class="pl-en">l</span> <span class="pl-en">n</span> <span class="pl-k">in</span>
+        <span class="pl-en">lemma_split3_length</span> <span class="pl-en">l</span> <span class="pl-en">n</span><span class="pl-c1">;</span>
+        <span class="pl-en">length</span> <span class="pl-en">c</span> &gt; <span class="pl-c1">0</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span>
+          <span class="pl-k">let</span> <span class="pl-en">xs</span><span class="pl-c1">,</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">unsnoc</span> <span class="pl-en">l</span> <span class="pl-k">in</span>
+          <span class="pl-k">let</span> <span class="pl-en">ys</span><span class="pl-c1">,</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">unsnoc</span> <span class="pl-en">c</span> <span class="pl-k">in</span>
+          <span class="pl-en">append</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">::</span> <span class="pl-en">ys</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">xs</span><span class="pl-c1">)))</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">n</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">lemma_split3_unsnoc</span> <span class="pl-c1">(</span><span class="pl-en">tl</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">-</span><span class="pl-c1">1</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-lemma_unsnoc_split3" class="anchor" href="#lemma_unsnoc_split3" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lemma_unsnoc_split3</h4>
+<p>Doing <code>unsnoc</code> and <code>split3</code> in either order leads to the same left
+part, and element.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lemma_unsnoc_split3</span> <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">})</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">i</span> &lt;&gt; <span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span>
+        <span class="pl-k">let</span> <span class="pl-en">xs</span><span class="pl-c1">,</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">unsnoc</span> <span class="pl-en">l</span> <span class="pl-k">in</span>
+        <span class="pl-en">i</span> &lt; <span class="pl-en">length</span> <span class="pl-en">xs</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span>
+            <span class="pl-k">let</span> <span class="pl-en">a0</span><span class="pl-c1">,</span> <span class="pl-en">b0</span><span class="pl-c1">,</span> <span class="pl-en">c0</span> <span class="pl-c1">=</span> <span class="pl-en">split3</span> <span class="pl-en">l</span> <span class="pl-en">i</span> <span class="pl-k">in</span>
+            <span class="pl-k">let</span> <span class="pl-en">a1</span><span class="pl-c1">,</span> <span class="pl-en">b1</span><span class="pl-c1">,</span> <span class="pl-en">c1</span> <span class="pl-c1">=</span> <span class="pl-en">split3</span> <span class="pl-en">xs</span> <span class="pl-en">i</span> <span class="pl-k">in</span>
+            <span class="pl-en">a0</span> <span class="pl-c1">==</span> <span class="pl-en">a1</span> <span class="pl-c1">/\</span> <span class="pl-en">b0</span> <span class="pl-c1">==</span> <span class="pl-en">b1</span><span class="pl-c1">)))</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">xs</span><span class="pl-c1">,</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">unsnoc</span> <span class="pl-en">l</span> <span class="pl-k">in</span>
+  <span class="pl-en">lemma_unsnoc_length</span> <span class="pl-en">l</span><span class="pl-c1">;</span>
+  <span class="pl-k">let</span> <span class="pl-en">a0</span><span class="pl-c1">,</span> <span class="pl-en">b0</span><span class="pl-c1">,</span> <span class="pl-en">c0</span> <span class="pl-c1">=</span> <span class="pl-en">split3</span> <span class="pl-en">l</span> <span class="pl-en">i</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">a1</span><span class="pl-c1">,</span> <span class="pl-en">b1</span><span class="pl-c1">,</span> <span class="pl-en">c1</span> <span class="pl-c1">=</span> <span class="pl-en">split3</span> <span class="pl-en">xs</span> <span class="pl-en">i</span> <span class="pl-k">in</span>
+  <span class="pl-en">splitAt_length_total</span> <span class="pl-en">xs</span><span class="pl-c1">;</span></pre></div>
+<p>assert (fst (splitAt (length xs) xs) == xs);
+assert (fst (splitAt (length xs) xs) == fst (splitAt (length xs) l));
+assert (i+1 &lt;= length xs);
+assert (fst (splitAt (i+1) xs) == fst (splitAt (i+1) l));</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">lemma_splitAt_shorten_left</span> <span class="pl-en">xs</span> <span class="pl-en">l</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">xs</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">+</span><span class="pl-c1">1</span><span class="pl-c1">);</span>
+<span class="pl-en">lemma_split3_on_same_leftprefix</span> <span class="pl-en">l</span> <span class="pl-en">xs</span> <span class="pl-en">i</span></pre></div>
+<h4>
+<a id="user-content-lemma_split3_r_hd" class="anchor" href="#lemma_split3_r_hd" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lemma_split3_r_hd</h4>
+<p>The head of the right side of a <code>split3</code> can be <code>index</code>ed from original list.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">lemma_split3_r_hd</span> <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">})</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-en">a</span><span class="pl-c1">,</span> <span class="pl-en">b</span><span class="pl-c1">,</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">split3</span> <span class="pl-en">l</span> <span class="pl-en">i</span> <span class="pl-k">in</span>
+              <span class="pl-en">lemma_split3_length</span> <span class="pl-en">l</span> <span class="pl-en">i</span><span class="pl-c1">;</span>
+              <span class="pl-en">length</span> <span class="pl-en">c</span> &gt; <span class="pl-c1">0</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">i</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span> &lt; <span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">/\</span> <span class="pl-en">hd</span> <span class="pl-en">c</span> <span class="pl-c1">==</span> <span class="pl-en">index</span> <span class="pl-en">l</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">)))</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">i</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">lemma_split3_r_hd</span> <span class="pl-c1">(</span><span class="pl-en">tl</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.List.Pure.html b/docs/FStar.List.Pure.html
index f81f463..0979a24 100644
--- a/docs/FStar.List.Pure.html
+++ b/docs/FStar.List.Pure.html
@@ -1,16 +1,21 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.List.Pure</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.list.pure">module FStar.List.Pure</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarlistpure" class="anchor" href="#fstarlistpure" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.List.Pure</h1>
+<ul>
+<li>Includes module <a href="FStar.List.Tot.html">FStar.List.Tot</a>
+</li>
+<li>Includes module <a href="FStar.List.Pure.Base.html">FStar.List.Pure.Base</a>
+</li>
+<li>Includes module <a href="FStar.List.Pure.Properties.html">FStar.List.Pure.Properties</a>
+</li>
+</ul>
+
 </body>
 </html>
diff --git a/docs/FStar.List.Tot.Base.html b/docs/FStar.List.Tot.Base.html
index 956f9bf..f3193ca 100644
--- a/docs/FStar.List.Tot.Base.html
+++ b/docs/FStar.List.Tot.Base.html
@@ -1,180 +1,595 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.List.Tot.Base</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.list.tot.base">module FStar.List.Tot.Base</h1>
-<p>Pure total operations on lists</p>
-<p>This module defines all pure and total operations on lists that can be used in specifications.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">
-Base operations</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> isEmpty:Unidentified product: [list &#39;a] (Tot <span class="dt">bool</span>)</code></pre></div>
-<p>[isEmpty l] returns [true] if and only if [l] is empty</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> hd:Unidentified product: [l:l:list &#39;a:{Cons? l}] (Tot &#39;a)</code></pre></div>
-<p>[hd l] returns the first element of [l]. Requires [l] to be nonempty, at type-checking time. Named as in: OCaml, F#, Coq</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> tail:Unidentified product: [l:l:list &#39;a:{Cons? l}] (Tot (list &#39;a))</code></pre></div>
-<p>[tail l] returns [l] without its first element. Requires, at type-checking time, that [l] be nonempty. Similar to: tl in OCaml, F#, Coq</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> tl:Unidentified product: [l:l:list &#39;a:{Cons? l}] (Tot (list &#39;a))</code></pre></div>
-<p>[tl l] returns [l] without its first element. Requires, at type-checking time, that [l] be nonempty. Named as in: OCaml, F#, Coq</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> last:Unidentified product: [l:l:list &#39;a:{Cons? l}] (Tot &#39;a)</code></pre></div>
-<p>[last l] returns the last element of [l]. Requires, at type-checking time, that [l] be nonempty. Named as in: Haskell</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> init:Unidentified product: [l:l:list &#39;a:{Cons? l}] (Tot (list &#39;a))</code></pre></div>
-<p>[init l] returns [l] without its last element. Requires, at type-checking time, that [l] be nonempty. Named as in: Haskell</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> length:Unidentified product: [list &#39;a] (Tot nat)</code></pre></div>
-<p>[length l] returns the total number of elements in [l]. Named as in: OCaml, F#, Coq</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> nth:Unidentified product: [list &#39;a] Unidentified product: [nat] (Tot (<span class="dt">option</span> &#39;a))</code></pre></div>
-<p>[nth l n] returns the [n]-th element in list [l] (with the first element being the 0-th) if [l] is long enough, or [None] otherwise. Named as in: OCaml, F#, Coq</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> index:Unidentified product: [#a:Type] Unidentified product: [l:list a] Unidentified product: [i:i:nat:{&lt;(i, length l)}] (Tot a)</code></pre></div>
-<p>[index l n] returns the [n]-th element in list [l] (with the first element being the 0-th). Requires, at type-checking time, that [l] be of length at least [n+1].</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> count:Unidentified product: [#a:eqtype] Unidentified product: [a] Unidentified product: [list a] (Tot nat)</code></pre></div>
-<p>[count x l] returns the number of occurrences of [x] in [l]. Requires, at type-checking time, the type of [a] to have equality defined. Similar to: [List.count_occ] in Coq.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> rev_acc:Unidentified product: [list &#39;a] Unidentified product: [list &#39;a] (Tot (list &#39;a))</code></pre></div>
-<p>[rev_acc l1 l2] appends the elements of [l1] to the beginning of [l2], in reverse order. It is equivalent to [append (rev l1) l2], but is tail-recursive. Similar to: [List.rev_append] in OCaml, Coq.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> rev:Unidentified product: [list &#39;a] (Tot (list &#39;a))</code></pre></div>
-<p>[rev l] returns the list [l] in reverse order. Named as in: OCaml, F#, Coq.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> append:Unidentified product: [list &#39;a] Unidentified product: [list &#39;a] (Tot (list &#39;a))</code></pre></div>
-<p>[append l1 l2] appends the elements of [l2] to the end of [l1]. Named as: OCaml, F#. Similar to: [List.app] in Coq.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> (op_At x y):append x y</code></pre></div>
-<p>Defines notation [@] for [append], as in OCaml, F# .</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> snoc:Unidentified product: [<span class="co">(*(list &#39;a, &#39;a))] (Tot (list &#39;a))</span></code></pre></div>
-<p>[snoc (l, x)] adds [x] to the end of the list [l].</p>
-<pre><code>Note: We use an uncurried [snoc (l, x)] instead of the curried
-[snoc l x]. This is intentional. If [snoc] takes a pair instead
+<h1>
+<a id="user-content-fstarlisttotbase" class="anchor" href="#fstarlisttotbase" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.List.Tot.Base</h1>
+<p>This module defines all pure and total operations on lists that can be
+used in specifications. It is implemented by FStar_List_Tot_Base.ml, any
+functional change and/or the addition of new functions MUST be reflected
+there.</p>
+<p>@summary Pure total operations on lists</p>
+<p>Base operations</p>
+<h4>
+<a id="user-content-isempty" class="anchor" href="#isempty" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>isEmpty</h4>
+<p><code>isEmpty l</code> returns <code>true</code> if and only if <code>l</code> is empty</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">isEmpty</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span>
+<span class="pl-k">let</span> <span class="pl-en">isEmpty</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">true</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">false</span></pre></div>
+<h4>
+<a id="user-content-hd" class="anchor" href="#hd" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>hd</h4>
+<p><code>hd l</code> returns the first element of <code>l</code>. Requires <code>l</code> to be
+nonempty, at type-checking time. Named as in: OCaml, F#, Coq</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">hd</span><span class="pl-c1">:</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">{</span><span class="pl-c1">Cons</span><span class="pl-c1">?</span> <span class="pl-en">l</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-smi">'a</span>
+<span class="pl-k">let</span> <span class="pl-en">hd</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">hd</span></pre></div>
+<h4>
+<a id="user-content-tail" class="anchor" href="#tail" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>tail</h4>
+<p><code>tail l</code> returns <code>l</code> without its first element. Requires, at
+type-checking time, that <code>l</code> be nonempty. Similar to: tl in OCaml, F#, Coq</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">tail</span><span class="pl-c1">:</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">{</span><span class="pl-c1">Cons</span><span class="pl-c1">?</span> <span class="pl-en">l</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">tail</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">tl</span></pre></div>
+<h4>
+<a id="user-content-tl" class="anchor" href="#tl" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>tl</h4>
+<p><code>tl l</code> returns <code>l</code> without its first element. Requires, at
+type-checking time, that <code>l</code> be nonempty. Named as in: OCaml, F#, Coq</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">tl</span><span class="pl-c1">:</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">{</span><span class="pl-c1">Cons</span><span class="pl-c1">?</span> <span class="pl-en">l</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">tl</span> <span class="pl-c1">=</span> <span class="pl-en">tail</span></pre></div>
+<h4>
+<a id="user-content-last" class="anchor" href="#last" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>last</h4>
+<p><code>last l</code> returns the last element of <code>l</code>. Requires, at
+type-checking time, that <code>l</code> be nonempty. Named as in: Haskell</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">last</span><span class="pl-c1">:</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">{</span><span class="pl-c1">Cons</span><span class="pl-c1">?</span> <span class="pl-en">l</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-smi">'a</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">last</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[</span><span class="pl-en">hd</span><span class="pl-c1">]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">hd</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">last</span> <span class="pl-en">tl</span></pre></div>
+<h4>
+<a id="user-content-init" class="anchor" href="#init" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>init</h4>
+<p><code>init l</code> returns <code>l</code> without its last element. Requires, at
+type-checking time, that <code>l</code> be nonempty. Named as in: Haskell</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">init</span><span class="pl-c1">:</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">{</span><span class="pl-c1">Cons</span><span class="pl-c1">?</span> <span class="pl-en">l</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">init</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[</span><span class="pl-c1">_</span><span class="pl-c1">]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">hd</span><span class="pl-c1">::(</span><span class="pl-en">init</span> <span class="pl-en">tl</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-length" class="anchor" href="#length" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>length</h4>
+<p><code>length l</code> returns the total number of elements in <code>l</code>. Named as
+in: OCaml, F#, Coq</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">length</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">nat</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">length</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">0</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">1</span> <span class="pl-c1">+</span> <span class="pl-en">length</span> <span class="pl-en">tl</span></pre></div>
+<h4>
+<a id="user-content-nth" class="anchor" href="#nth" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>nth</h4>
+<p><code>nth l n</code> returns the <code>n</code>-th element in list <code>l</code> (with the first
+element being the 0-th) if <code>l</code> is long enough, or <code>None</code>
+otherwise. Named as in: OCaml, F#, Coq</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">nth</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">option</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">nth</span> <span class="pl-en">l</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span>     <span class="pl-c1">-&gt;</span> <span class="pl-c1">None</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">if</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-c1">Some</span> <span class="pl-en">hd</span> <span class="pl-k">else</span> <span class="pl-en">nth</span> <span class="pl-en">tl</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-index" class="anchor" href="#index" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>index</h4>
+<p><code>index l n</code> returns the <code>n</code>-th element in list <code>l</code> (with the first
+element being the 0-th). Requires, at type-checking time, that <code>l</code> be
+of length at least <code>n+1</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">index</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">index</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">}):</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span>
+    <span class="pl-en">hd</span> <span class="pl-en">l</span>
+  <span class="pl-k">else</span>
+    <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">tl</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-count" class="anchor" href="#count" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>count</h4>
+<p><code>count x l</code> returns the number of occurrences of <code>x</code> in
+<code>l</code>. Requires, at type-checking time, the type of <code>a</code> to have equality
+defined. Similar to: <code>List.count_occ</code> in Coq.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">count</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">nat</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">count</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">0</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">if</span> <span class="pl-en">x</span><span class="pl-c1">=</span><span class="pl-en">hd</span> <span class="pl-k">then</span> <span class="pl-c1">1</span> <span class="pl-c1">+</span> <span class="pl-en">count</span> <span class="pl-en">x</span> <span class="pl-en">tl</span> <span class="pl-k">else</span> <span class="pl-en">count</span> <span class="pl-en">x</span> <span class="pl-en">tl</span></pre></div>
+<h4>
+<a id="user-content-rev_acc" class="anchor" href="#rev_acc" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>rev_acc</h4>
+<p><code>rev_acc l1 l2</code> appends the elements of <code>l1</code> to the beginning of
+<code>l2</code>, in reverse order. It is equivalent to <code>append (rev l1) l2</code>, but
+is tail-recursive. Similar to: <code>List.rev_append</code> in OCaml, Coq.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">rev_acc</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">rev_acc</span> <span class="pl-en">l</span> <span class="pl-en">acc</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">acc</span>
+    <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">rev_acc</span> <span class="pl-en">tl</span> <span class="pl-c1">(</span><span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">acc</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-rev" class="anchor" href="#rev" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>rev</h4>
+<p><code>rev l</code> returns the list <code>l</code> in reverse order. Named as in: OCaml,
+F#, Coq.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">rev</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">rev</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-en">rev_acc</span> <span class="pl-en">l</span> <span class="pl-c1">[]</span></pre></div>
+<h4>
+<a id="user-content-append" class="anchor" href="#append" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>append</h4>
+<p><code>append l1 l2</code> appends the elements of <code>l2</code> to the end of <code>l1</code>. Named as: OCaml, F#. Similar to: <code>List.app</code> in Coq.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">append</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">append</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">x</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span>
+  <span class="pl-c1">|</span> <span class="pl-en">a</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">::</span><span class="pl-en">append</span> <span class="pl-en">tl</span> <span class="pl-en">y</span></pre></div>
+<h4>
+<a id="user-content-op_at" class="anchor" href="#op_at" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>op_At</h4>
+<p>Defines notation <code>@@</code> for <a href="#append"><code>append</code></a>, as in OCaml, F# .</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">op_At</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">append</span> <span class="pl-en">x</span> <span class="pl-en">y</span></pre></div>
+<h4>
+<a id="user-content-snoc" class="anchor" href="#snoc" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>snoc</h4>
+<p><code>snoc (l, x)</code> adds <code>x</code> to the end of the list <code>l</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">snoc</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> * <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">snoc</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">,</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">append</span> <span class="pl-en">l</span> <span class="pl-c1">[</span><span class="pl-en">x</span><span class="pl-c1">]</span></pre></div>
+<p>Note: We use an uncurried <code>snoc (l, x)</code> instead of the curried
+<code>snoc l x</code>. This is intentional. If <a href="#snoc"><code>snoc</code></a> takes a pair instead
 of 2 arguments, it allows for a better pattern on
-[lemma_unsnoc_snoc], which connects [snoc] and [unsnoc]. In
+<code>lemma_unsnoc_snoc</code>, which connects <a href="#snoc"><code>snoc</code></a> and <a href="#unsnoc"><code>unsnoc</code></a>. In
 particular, if we had two arguments, then either the pattern would
 either be too restrictive or would lead to over-triggering. More
 context for this can be seen in the (collapsed and uncollapsed)
-comments at https://github.com/FStarLang/FStar/pull/1560 </code></pre>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> flatten:Unidentified product: [list (list &#39;a)] (Tot (list &#39;a))</code></pre></div>
-<p>[flatten l], where [l] is a list of lists, returns the list of the elements of the lists in [l], preserving their order. Named as in: OCaml, Coq.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> map:Unidentified product: [(Unidentified product: [&#39;a] (Tot &#39;b))] Unidentified product: [list &#39;a] (Tot (list &#39;b))</code></pre></div>
-<p>[map f l] applies [f] to each element of [l] and returns the list of results, in the order of the original elements in [l]. Requires, at type-checking time, [f] to be a pure total function. Named as in: OCaml, Coq, F#</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> mapi_init:Unidentified product: [(Unidentified product: [<span class="dt">int</span>] Unidentified product: [&#39;a] (Tot &#39;b))] Unidentified product: [list &#39;a] Unidentified product: [<span class="dt">int</span>] (Tot (list &#39;b))</code></pre></div>
-<p>[mapi_init f n l] applies, for each [k], [f (n+k)] to the [k]-th element of [l] and returns the list of results, in the order of the original elements in [l]. Requires, at type-checking time, [f] to be a pure total function.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> mapi:Unidentified product: [(Unidentified product: [<span class="dt">int</span>] Unidentified product: [&#39;a] (Tot &#39;b))] Unidentified product: [list &#39;a] (Tot (list &#39;b))</code></pre></div>
-<p>[mapi f l] applies, for each [k], [f k] to the [k]-th element of [l] and returns the list of results, in the order of the original elements in [l]. Requires, at type-checking time, [f] to be a pure total function. Named as in: OCaml</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> concatMap:Unidentified product: [(Unidentified product: [&#39;a] (Tot (list &#39;b)))] Unidentified product: [list &#39;a] (Tot (list &#39;b))</code></pre></div>
-<p>[concatMap f l] applies [f] to each element of [l] and returns the concatenation of the results, in the order of the original elements of [l]. This is equivalent to [flatten (map f l)]. Requires, at type-checking time, [f] to be a pure total function.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> fold_left:Unidentified product: [(Unidentified product: [&#39;a] Unidentified product: [&#39;b] (Tot &#39;a))] Unidentified product: [&#39;a] Unidentified product: [l:list &#39;b] (Tot &#39;a (decreases l))</code></pre></div>
-<p>[fold_left f x [y1; y2; ...; yn]] computes (f (... (f x y1) y2) ... yn). Requires, at type-checking time, [f] to be a pure total function. Named as in: OCaml, Coq.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> fold_right:Unidentified product: [(Unidentified product: [&#39;a] Unidentified product: [&#39;b] (Tot &#39;b))] Unidentified product: [list &#39;a] Unidentified product: [&#39;b] (Tot &#39;b)</code></pre></div>
-<p>[fold_right f [x1; x2; ...; xn] y] computes (f x1 (f x2 (... (f xn y)) ... )). Requires, at type-checking time, [f] to be a pure total function. Named as in: OCaml, Coq</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((fold_right_gtot (#a:Type) (#b:Type) (l:list a) (f:Unidentified product: [a] Unidentified product: [b] (GTot b)) (x:b)):(GTot b)):<span class="kw">match</span> l <span class="kw">with</span> []  -&gt; x | (Prims<span class="kw">.</span>Cons hd tl)  -&gt; f hd (fold_right_gtot tl f x)</code></pre></div>
-<p>[fold_right_gtot] is just like [fold_right], except <code>f</code> is a ghost function *</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> fold_left2:Unidentified product: [f:(Unidentified product: [&#39;a] Unidentified product: [&#39;b] Unidentified product: [&#39;c] (Tot &#39;a))] Unidentified product: [accu:&#39;a] Unidentified product: [l1:(list &#39;b)] Unidentified product: [l2:(list &#39;c)] (Pure &#39;a ((requires (==(length l1, length l2)))) ((ensures ((<span class="kw">fun</span> _ -&gt; True)))) (decreases l1))</code></pre></div>
-<p>[fold_left2 f x [y1; y2; ...; yn] [z1; z2; ...; zn]] computes (f (... (f x y1 z1) y2 z2) ... yn zn). Requires, at type-checking time, [f] to be a pure total function, and the lists [y1; y2; ...; yn] and [z1; z2; ...; zn] to have the same lengths. Named as in: OCaml</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> List searching *</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> mem:Unidentified product: [#a:eqtype] Unidentified product: [a] Unidentified product: [list a] (Tot <span class="dt">bool</span>)</code></pre></div>
-<p>[mem x l] returns [true] if, and only if, [x] appears as an element of [l]. Requires, at type-checking time, the type of elements of [l] to have decidable equality. Named as in: OCaml. See also: List.In in Coq, which is propositional.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> Propositional membership (<span class="kw">as</span> <span class="kw">in</span> Coq). Does <span class="kw">not</span> require decidable
-equality. </code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((memP (#a:Type) (x:a) (l:list a)):(Tot Type0)):<span class="kw">match</span> l <span class="kw">with</span> []  -&gt; False | (Prims<span class="kw">.</span>Cons y q)  -&gt; \/(==(x, y), memP x q)</code></pre></div>
-<p>[memP x l] holds if, and only if, [x] appears as an element of [l]. Similar to: List.In in Coq.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> contains:mem</code></pre></div>
-<p>[contains x l] returns [true] if, and only if, [x] appears as an element of [l]. Requires, at type-checking time, the type of elements of [l] to have decidable equality. It is equivalent to: [mem x l]. TODO: should we rather swap the order of arguments?</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> existsb:Unidentified product: [#a:Type] Unidentified product: [f:(Unidentified product: [a] (Tot <span class="dt">bool</span>))] Unidentified product: [list a] (Tot <span class="dt">bool</span>)</code></pre></div>
-<p>[existsb f l] returns [true] if, and only if, there exists some element [x] in [l] such that [f x] holds.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> find:Unidentified product: [#a:Type] Unidentified product: [f:(Unidentified product: [a] (Tot <span class="dt">bool</span>))] Unidentified product: [list a] (Tot (<span class="dt">option</span> (x:a:{f x})))</code></pre></div>
-<p>[find f l] returns [Some x] for some element [x] appearing in [l] such that [f x] holds, or [None] only if no such [x] exists.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> Filtering elements <span class="kw">of</span> a list [l] through a Boolean pure total
-predicate [f] </code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((mem_filter_spec (#a:Type) (f:(Unidentified product: [a] (Tot <span class="dt">bool</span>))) (m:list a) (u:<span class="dt">option</span> (x:<span class="dt">unit</span>:{hasEq a}))):(Tot Type0)):<span class="kw">match</span> u <span class="kw">with</span> None  -&gt; True | (Some z)  -&gt; forall x.{:pattern } ==&gt;(mem x m, f x)</code></pre></div>
-<p>We would like to have a postcondition for [filter f l] saying that, for any element [x] of [filter f l], [f x] holds. To this end, we need to use [mem] as defined above, which would require the underlying type [a] of list elements to have decidable equality. However, we would still like to define [filter] on all element types, even those that do not have decidable equality. Thus, we define our postcondition as [mem_filter_spec f m u] below, where [m] is the intended [filter f l] and [u] indicates whether [a] has decidable equality ([None] if not). Requires, at type-checking time, [f] to be a pure total function.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> filter:Unidentified product: [#a:Type] Unidentified product: [f:(Unidentified product: [a] (Tot <span class="dt">bool</span>))] Unidentified product: [l:list a] (Tot (m:list a:{forall u.{:pattern } mem_filter_spec f m u}))</code></pre></div>
-<p>[filter f l] returns [l] with all elements [x] such that [f x] does not hold removed. Requires, at type-checking time, [f] to be a pure total function. Named as in: OCaml, Coq</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> mem_filter:#a:eqtype -&gt; f:(Unidentified product: [a] (Tot <span class="dt">bool</span>)) -&gt; l:list a -&gt; x:a -&gt; (Lemma ((requires (mem #a x (filter f l)))) ((ensures (f x))))</code></pre></div>
-<p>Postcondition on [filter f l] for types with decidable equality: for any element [x] of [filter f l], [f x] holds. Requires, at type-checking time, [f] to be a pure total function.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> mem_filter_forall:#a:eqtype -&gt; f:(Unidentified product: [a] (Tot <span class="dt">bool</span>)) -&gt; l:list a -&gt; (Lemma ((requires True)) ((ensures (forall x.{:pattern } ==&gt;(mem #a x (filter f l), f x)))) (Prims<span class="kw">.</span>Cons (SMTPat (filter f l)) (Prims<span class="kw">.</span>Nil )))</code></pre></div>
-<p>Postcondition on [filter f l] for types with decidable equality, stated with [forall]: for any element [x] of [filter f l], [f x] holds. Requires, at type-checking time, [f] to be a pure total function.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> for_all:Unidentified product: [(Unidentified product: [&#39;a] (Tot <span class="dt">bool</span>))] Unidentified product: [list &#39;a] (Tot <span class="dt">bool</span>)</code></pre></div>
-<p>[for_all f l] returns [true] if, and only if, for all elements [x] appearing in [l], [f x] holds. Requires, at type-checking time, [f] to be a pure total function. Named as in: OCaml. Similar to: List.forallb in Coq</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((for_all_mem (#a:eqtype) (f:(Unidentified product: [a] (Tot <span class="dt">bool</span>))) (l:list a)):(Lemma (&lt;==&gt;(for_all f l, (forall x.{:pattern } ==&gt;(mem x l, f x)))))):<span class="kw">match</span> l <span class="kw">with</span> []  -&gt; () | (Prims<span class="kw">.</span>Cons _ q)  -&gt; for_all_mem f q</code></pre></div>
-<p>Specification for [for_all f l] vs. mem</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> collect:Unidentified product: [(Unidentified product: [&#39;a] (Tot (list &#39;b)))] Unidentified product: [list &#39;a] (Tot (list &#39;b))</code></pre></div>
-<p>[collect f l] applies [f] to each element of [l] and returns the concatenation of the results, in the order of the original elements of [l]. It is equivalent to [flatten (map f l)]. Requires, at type-checking time, [f] to be a pure total function. TODO: what is the difference with [concatMap]?</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> tryFind:Unidentified product: [(Unidentified product: [&#39;a] (Tot <span class="dt">bool</span>))] Unidentified product: [list &#39;a] (Tot (<span class="dt">option</span> &#39;a))</code></pre></div>
-<p>[tryFind f l] returns [Some x] for some element [x] appearing in [l] such that [f x] holds, or [None] only if no such [x] exists. Requires, at type-checking time, [f] to be a pure total function. Contrary to [find], [tryFind] provides no postcondition on its result.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> tryPick:Unidentified product: [(Unidentified product: [&#39;a] (Tot (<span class="dt">option</span> &#39;b)))] Unidentified product: [list &#39;a] (Tot (<span class="dt">option</span> &#39;b))</code></pre></div>
-<p>[tryPick f l] returns [y] for some element [x] appearing in [l] such that [f x = Some y] for some y, or [None] only if [f x = None] for all elements [x] of [l]. Requires, at type-checking time, [f] to be a pure total function.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> choose:Unidentified product: [(Unidentified product: [&#39;a] (Tot (<span class="dt">option</span> &#39;b)))] Unidentified product: [list &#39;a] (Tot (list &#39;b))</code></pre></div>
-<p>[choose f l] returns the list of [y] for all elements [x] appearing in [l] such that [f x = Some y] for some [y]. Requires, at type-checking time, [f] to be a pure total function.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> partition:Unidentified product: [f:(Unidentified product: [&#39;a] (Tot <span class="dt">bool</span>))] Unidentified product: [list &#39;a] (Tot <span class="co">(*(list &#39;a, list &#39;a)))</span></code></pre></div>
-<p>[partition f l] returns the pair of lists [(l1, l2)] where all elements [x] of [l] are in [l1] if [f x] holds, and in [l2] otherwise. Both [l1] and [l2] retain the original order of [l]. Requires, at type-checking time, [f] to be a pure total function.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> subset:Unidentified product: [#a:eqtype] Unidentified product: [list a] Unidentified product: [list a] (Tot <span class="dt">bool</span>)</code></pre></div>
-<p>[subset la lb] is true if and only if all the elements from [la] are also in [lb]. Requires, at type-checking time, the type of elements of [la] and [lb] to have decidable equality.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> noRepeats:Unidentified product: [#a:eqtype] Unidentified product: [list a] (Tot <span class="dt">bool</span>)</code></pre></div>
-<p>[noRepeats l] returns [true] if, and only if, no element of [l] appears in [l] more than once. Requires, at type-checking time, the type of elements of [la] and [lb] to have decidable equality.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> no_repeats_p:Unidentified product: [#a:Type] Unidentified product: [list a] (Tot prop)</code></pre></div>
-<p>[no_repeats_p l] valid if, and only if, no element of [l] appears in [l] more than once.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> List <span class="kw">of</span> tuples *</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> assoc:Unidentified product: [#a:eqtype] Unidentified product: [#b:Type] Unidentified product: [a] Unidentified product: [list <span class="co">(*(a, b))] (Tot (option b))</span></code></pre></div>
-<p>[assoc x l] returns [Some y] where [(x, y)] is the first element of [l] whose first element is [x], or [None] only if no such element exists. Requires, at type-checking time, the type of [x] to have decidable equality. Named as in: OCaml.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> split:Unidentified product: [list <span class="co">(*(&#39;a, &#39;b))] (Tot (*(list &#39;a, list &#39;b)))</span></code></pre></div>
-<p>[split] takes a list of pairs [(x1, y1), ..., (xn, yn)] and returns the pair of lists ([x1, ..., xn], [y1, ..., yn]). Named as in: OCaml</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> unzip:split</code></pre></div>
-<p>[unzip] takes a list of pairs [(x1, y1), ..., (xn, yn)] and returns the pair of lists ([x1, ..., xn], [y1, ..., yn]). Named as in: Haskell</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> unzip3:Unidentified product: [list <span class="co">(*(*(&#39;a, &#39;b), &#39;c))] (Tot (*(*(list &#39;a, list &#39;b), list &#39;c)))</span></code></pre></div>
-<p>[unzip3] takes a list of triples [(x1, y1, z1), ..., (xn, yn, zn)] and returns the triple of lists ([x1, ..., xn], [y1, ..., yn], [z1, ..., zn]). Named as in: Haskell</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> Splitting a list at some index *</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((splitAt (#a:Type) (n:nat) (l:list a)):*(list a, list a)):<span class="kw">if</span> =(n, <span class="dv">0</span>) <span class="kw">then</span> (FStar<span class="kw">.</span>Pervasives<span class="kw">.</span>Native<span class="kw">.</span>Mktuple2 (Prims<span class="kw">.</span>Nil ) l) <span class="kw">else</span> <span class="kw">match</span> l <span class="kw">with</span> []  -&gt; (FStar<span class="kw">.</span>Pervasives<span class="kw">.</span>Native<span class="kw">.</span>Mktuple2 (Prims<span class="kw">.</span>Nil ) l) | (Prims<span class="kw">.</span>Cons x xs)  -&gt; <span class="kw">let</span>  (l1, l2) = splitAt (-(n, <span class="dv">1</span>)) xs <span class="kw">in</span> (FStar<span class="kw">.</span>Pervasives<span class="kw">.</span>Native<span class="kw">.</span>Mktuple2 (Prims<span class="kw">.</span>Cons x l1) l2)</code></pre></div>
-<p>[splitAt] takes a natural number n and a list and returns a pair of the maximal prefix of l of size smaller than n and the rest of the list</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> unsnoc:Unidentified product: [#a:Type] Unidentified product: [l:l:list a:{&gt;(length l, <span class="dv">0</span>)}] (Tot <span class="co">(*(list a, a)))</span></code></pre></div>
-<p>[unsnoc] is an inverse of [snoc]. It splits a list into all-elements-except-last and last element.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> split3:Unidentified product: [#a:Type] Unidentified product: [l:list a] Unidentified product: [i:i:nat:{&lt;(i, length l)}] (Tot <span class="co">(*(*(list a, a), list a)))</span></code></pre></div>
-<p>[split3] splits a list into 3 parts. This allows easy access to the part of the list before and after the element, as well as the element itself.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> Sorting (implemented <span class="kw">as</span> quicksort) *</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> partition_length:Unidentified product: [f:(Unidentified product: [&#39;a] (Tot <span class="dt">bool</span>))] Unidentified product: [l:list &#39;a] (Lemma ((requires True)) ((ensures (=(+(length (fst (partition f l)), length (snd (partition f l))), length l)))))</code></pre></div>
-<p>[partition] splits a list [l] into two lists, the sum of whose lengths is the length of [l].</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> bool_of_compare:Unidentified product: [#a:Type] Unidentified product: [(Unidentified product: [a] Unidentified product: [a] (Tot <span class="dt">int</span>))] Unidentified product: [a] Unidentified product: [a] (Tot <span class="dt">bool</span>)</code></pre></div>
-<p>[bool_of_compare] turns a comparison function into a strict order. More precisely, [bool_of_compare compare x y] returns true if, and only if, [compare x y] is positive. Inspired from OCaml, where polymorphic comparison using both the [compare] function and the (&gt;) infix operator are such that [compare x y] is positive if, and only if, x &gt; y. Requires, at type-checking time, [compare] to be a pure total function.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> compare_of_bool:Unidentified product: [#a:eqtype] Unidentified product: [(Unidentified product: [a] Unidentified product: [a] (Tot <span class="dt">bool</span>))] Unidentified product: [a] Unidentified product: [a] (Tot <span class="dt">int</span>)</code></pre></div>
-<p>[compare_of_bool] turns a strict order into a comparison function. More precisely, [compare_of_bool rel x y] returns a positive number if, and only if, x <code>rel</code> y holds. Inspired from OCaml, where polymorphic comparison using both the [compare] function and the (&gt;) infix operator are such that [compare x y] is positive if, and only if, x &gt; y. Requires, at type-checking time, [rel] to be a pure total function.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> sortWith:Unidentified product: [(Unidentified product: [&#39;a] Unidentified product: [&#39;a] (Tot <span class="dt">int</span>))] Unidentified product: [l:list &#39;a] (Tot (list &#39;a) (decreases (length l)))</code></pre></div>
-<p>[sortWith compare l] returns the list [l'] containing the elements of [l] sorted along the comparison function [compare], in such a way that if [compare x y &gt; 0], then [x] appears before [y] in [l']. Requires, at type-checking time, [compare] to be a pure total function.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> A l1 is a strict prefix <span class="kw">of</span> l2. </code></pre></div>
+comments at <a href="https://github.com/FStarLang/FStar/pull/1560">https://github.com/FStarLang/FStar/pull/1560</a></p>
+<h4>
+<a id="user-content-flatten" class="anchor" href="#flatten" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>flatten</h4>
+<p><code>flatten l</code>, where <code>l</code> is a list of lists, returns the list of the
+elements of the lists in <code>l</code>, preserving their order. Named as in:
+OCaml, Coq.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">flatten</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">flatten</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+    <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">append</span> <span class="pl-en">hd</span> <span class="pl-c1">(</span><span class="pl-en">flatten</span> <span class="pl-en">tl</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-map" class="anchor" href="#map" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>map</h4>
+<p><code>map f l</code> applies <code>f</code> to each element of <code>l</code> and returns the list
+of results, in the order of the original elements in <code>l</code>. Requires, at
+type-checking time, <code>f</code> to be a pure total function. Named as in: OCaml, Coq, F#</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">map</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">x</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+  <span class="pl-c1">|</span> <span class="pl-en">a</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span> <span class="pl-en">a</span><span class="pl-c1">::</span><span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-en">tl</span></pre></div>
+<h4>
+<a id="user-content-mapi_init" class="anchor" href="#mapi_init" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>mapi_init</h4>
+<p><code>mapi_init f n l</code> applies, for each <code>k</code>, <code>f (n+k)</code> to the <code>k</code>-th
+element of <code>l</code> and returns the list of results, in the order of the
+original elements in <code>l</code>. Requires, at type-checking time, <code>f</code> to be a
+pure total function.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mapi_init</span><span class="pl-c1">:</span> <span class="pl-c1">(int</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">mapi_init</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+    <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">i</span> <span class="pl-en">hd</span><span class="pl-c1">)::(</span><span class="pl-en">mapi_init</span> <span class="pl-en">f</span> <span class="pl-en">tl</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">+</span><span class="pl-c1">1</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-mapi" class="anchor" href="#mapi" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>mapi</h4>
+<p><code>mapi f l</code> applies, for each <code>k</code>, <code>f k</code> to the <code>k</code>-th element of
+<code>l</code> and returns the list of results, in the order of the original
+elements in <code>l</code>. Requires, at type-checking time, <code>f</code> to be a pure
+total function. Named as in: OCaml</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mapi</span><span class="pl-c1">:</span> <span class="pl-c1">(int</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">mapi</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-en">mapi_init</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">0</span></pre></div>
+<h4>
+<a id="user-content-concatmap" class="anchor" href="#concatmap" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>concatMap</h4>
+<p><code>concatMap f l</code> applies <code>f</code> to each element of <code>l</code> and returns the
+concatenation of the results, in the order of the original elements of
+<code>l</code>. This is equivalent to <code>flatten (map f l)</code>. Requires, at
+type-checking time, <code>f</code> to be a pure total function.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">concatMap</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'b</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">concatMap</span> <span class="pl-en">f</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+  <span class="pl-c1">|</span> <span class="pl-en">a</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">let</span> <span class="pl-en">fa</span> <span class="pl-c1">=</span> <span class="pl-en">f</span> <span class="pl-en">a</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">ftl</span> <span class="pl-c1">=</span> <span class="pl-en">concatMap</span> <span class="pl-en">f</span> <span class="pl-en">tl</span> <span class="pl-k">in</span>
+    <span class="pl-en">append</span> <span class="pl-en">fa</span> <span class="pl-en">ftl</span></pre></div>
+<h4>
+<a id="user-content-fold_left" class="anchor" href="#fold_left" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>fold_left</h4>
+<p><code>fold_left f x </code>y1; y2; ...; yn`` computes (f (... (f x y1) y2)
+... yn). Requires, at type-checking time, <code>f</code> to be a pure total
+function. Named as in: OCaml, Coq.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">fold_left</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-smi">'a</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">l</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">fold_left</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fold_left</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">hd</span><span class="pl-c1">)</span> <span class="pl-en">tl</span></pre></div>
+<h4>
+<a id="user-content-fold_right" class="anchor" href="#fold_right" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>fold_right</h4>
+<p><code>fold_right f </code>x1; x2; ...; xn<code> y</code> computes (f x1 (f x2 (... (f xn
+y)) ... )). Requires, at type-checking time, <code>f</code> to be a pure total
+function. Named as in: OCaml, Coq</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">fold_right</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-smi">'b</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">fold_right</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span> <span class="pl-en">hd</span> <span class="pl-c1">(</span><span class="pl-en">fold_right</span> <span class="pl-en">f</span> <span class="pl-en">tl</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-fold_right_gtot" class="anchor" href="#fold_right_gtot" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>fold_right_gtot</h4>
+<p><a href="#fold_right_gtot"><code>fold_right_gtot</code></a> is just like <a href="#fold_right"><code>fold_right</code></a>, except <code>f</code> is
+a ghost function *</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">fold_right_gtot</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-en">b</span>
+  <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span>
+    <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span> <span class="pl-en">hd</span> <span class="pl-c1">(</span><span class="pl-en">fold_right_gtot</span> <span class="pl-en">tl</span> <span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<p>We define map in terms of fold, to share simple lemmas</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">map_gtot</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-en">fold_right_gtot</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-c1">::</span> <span class="pl-en">tl</span><span class="pl-c1">)</span> <span class="pl-c1">[]</span></pre></div>
+<h4>
+<a id="user-content-fold_left2" class="anchor" href="#fold_left2" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>fold_left2</h4>
+<p><code>fold_left2 f x </code>y1; y2; ...; yn<code> </code>z1; z2; ...; zn`` computes (f
+(... (f x y1 z1) y2 z2) ... yn zn). Requires, at type-checking time,
+<code>f</code> to be a pure total function, and the lists `y1; y2; ...; yn` and
+`z1; z2; ...; zn` to have the same lengths. Named as in: OCaml</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">fold_left2</span> <span class="pl-c1">:</span> <span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'c</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">accu</span><span class="pl-c1">:</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l1</span><span class="pl-c1">:(</span><span class="pl-en">list</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l2</span><span class="pl-c1">:(</span><span class="pl-en">list</span> <span class="pl-smi">'c</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Pure</span> <span class="pl-smi">'a</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">l1</span> <span class="pl-c1">==</span> <span class="pl-en">length</span> <span class="pl-en">l2</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">l1</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">fold_left2</span> <span class="pl-en">f</span> <span class="pl-en">accu</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-c1">(</span><span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">([],</span> <span class="pl-c1">[])</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">accu</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">(</span><span class="pl-en">a1</span><span class="pl-c1">::</span><span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">a2</span><span class="pl-c1">::</span><span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fold_left2</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">accu</span> <span class="pl-en">a1</span> <span class="pl-en">a2</span><span class="pl-c1">)</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span></pre></div>
+<p>Propositional membership (as in Coq). Does not require decidable
+equality.</p>
+<h4>
+<a id="user-content-memp" class="anchor" href="#memp" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>memP</h4>
+<p><code>memP x l</code> holds if, and only if, <code>x</code> appears as an
+element of <code>l</code>. Similar to: List.In in Coq.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">memP</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type0</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">False</span>
+  <span class="pl-c1">|</span> <span class="pl-en">y</span> <span class="pl-c1">::</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">y</span> <span class="pl-c1">\/</span> <span class="pl-en">memP</span> <span class="pl-en">x</span> <span class="pl-en">q</span></pre></div>
+<p>List searching *</p>
+<h4>
+<a id="user-content-mem" class="anchor" href="#mem" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>mem</h4>
+<p><code>mem x l</code> returns <code>true</code> if, and only if, <code>x</code> appears as an
+element of <code>l</code>. Requires, at type-checking time, the type of elements
+of <code>l</code> to have decidable equality. Named as in: OCaml. See also:
+List.In in Coq, which is propositional.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mem</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">mem</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">false</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">if</span> <span class="pl-en">hd</span> <span class="pl-c1">=</span> <span class="pl-en">x</span> <span class="pl-k">then</span> <span class="pl-c1">true</span> <span class="pl-k">else</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">tl</span></pre></div>
+<h4>
+<a id="user-content-contains" class="anchor" href="#contains" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>contains</h4>
+<p><code>contains x l</code> returns <code>true</code> if, and only if, <code>x</code> appears as an
+element of <code>l</code>. Requires, at type-checking time, the type of elements
+of <code>l</code> to have decidable equality. It is equivalent to: `mem x
+l]. TODO: should we rather swap the order of arguments?</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">contains</span> <span class="pl-c1">=</span> <span class="pl-en">mem</span></pre></div>
+<h4>
+<a id="user-content-existsb" class="anchor" href="#existsb" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>existsb</h4>
+<p><code>existsb f l</code> returns <code>true</code> if, and only if, there exists some
+element <code>x</code> in <code>l</code> such that <code>f x</code> holds.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">existsb</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span>
+       <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool)</span>
+       <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-en">a</span>
+       <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">existsb</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+ <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">false</span>
+ <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">if</span> <span class="pl-en">f</span> <span class="pl-en">hd</span> <span class="pl-k">then</span> <span class="pl-c1">true</span> <span class="pl-k">else</span> <span class="pl-en">existsb</span> <span class="pl-en">f</span> <span class="pl-en">tl</span></pre></div>
+<h4>
+<a id="user-content-find" class="anchor" href="#find" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>find</h4>
+<p><code>find f l</code> returns <code>Some x</code> for some element <code>x</code> appearing in <code>l</code>
+such that <code>f x</code> holds, or <code>None</code> only if no such <code>x</code> exists.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">find</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span>
+        <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool)</span>
+        <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-en">a</span>
+        <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">option</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">}))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">find</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">None</span> <span class="pl-c1">#(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">})</span> <span class="pl-c">//These type annotations are only present because it makes bootstrapping go much faster</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">if</span> <span class="pl-en">f</span> <span class="pl-en">hd</span> <span class="pl-k">then</span> <span class="pl-c1">Some</span> <span class="pl-c1">#(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">})</span> <span class="pl-en">hd</span> <span class="pl-k">else</span> <span class="pl-en">find</span> <span class="pl-en">f</span> <span class="pl-en">tl</span></pre></div>
+<p>Filtering elements of a list <code>l</code> through a Boolean pure total
+predicate <code>f</code></p>
+<h4>
+<a id="user-content-filter" class="anchor" href="#filter" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>filter</h4>
+<p><code>filter f l</code> returns <code>l</code> with all elements <code>x</code> such that <code>f x</code>
+does not hold removed. Requires, at type-checking time, <code>f</code> to be a
+pure total function.  Named as in: OCaml, Coq</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">filter</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">memP</span> <span class="pl-en">x</span> <span class="pl-en">m</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">filter</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">if</span> <span class="pl-en">f</span> <span class="pl-en">hd</span> <span class="pl-k">then</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">filter</span> <span class="pl-en">f</span> <span class="pl-en">tl</span> <span class="pl-k">else</span> <span class="pl-en">filter</span> <span class="pl-en">f</span> <span class="pl-en">tl</span></pre></div>
+<h4>
+<a id="user-content-mem_filter" class="anchor" href="#mem_filter" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>mem_filter</h4>
+<p>Postcondition on <code>filter f l</code>: for any element <code>x</code> of <code>filter f l</code>,
+<code>f x</code> holds. Requires, at type-checking time, <code>f</code> to be a pure total
+function.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mem_filter</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool))</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">memP</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">filter</span> <span class="pl-en">f</span> <span class="pl-en">l</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">mem_filter</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<h4>
+<a id="user-content-mem_filter_forall" class="anchor" href="#mem_filter_forall" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>mem_filter_forall</h4>
+<p>Postcondition on <code>filter f l</code>: stated with <code>forall</code>: for any element
+<code>x</code> of <code>filter f l</code>, <code>f x</code> holds. Requires, at type-checking time, <code>f</code>
+to be a pure total function.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mem_filter_forall</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool))</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span> <span class="pl-c1">.</span> <span class="pl-en">memP</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">filter</span> <span class="pl-en">f</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">filter</span> <span class="pl-en">f</span> <span class="pl-en">l</span><span class="pl-c1">)]</span>
+<span class="pl-k">let</span> <span class="pl-en">mem_filter_forall</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-smi">FStar.Classical.</span><span class="pl-en">ghost_lemma</span> <span class="pl-c1">(</span><span class="pl-en">mem_filter</span> <span class="pl-en">f</span> <span class="pl-en">l</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-for_all" class="anchor" href="#for_all" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>for_all</h4>
+<p><code>for_all f l</code> returns <code>true</code> if, and only if, for all elements <code>x</code>
+appearing in <code>l</code>, <code>f x</code> holds. Requires, at type-checking time, <code>f</code> to
+be a pure total function. Named as in: OCaml. Similar to: List.forallb
+in Coq</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">for_all</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">for_all</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">true</span>
+    <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">if</span> <span class="pl-en">f</span> <span class="pl-en">hd</span> <span class="pl-k">then</span> <span class="pl-en">for_all</span> <span class="pl-en">f</span> <span class="pl-en">tl</span> <span class="pl-k">else</span> <span class="pl-c1">false</span></pre></div>
+<h4>
+<a id="user-content-for_all_mem" class="anchor" href="#for_all_mem" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>for_all_mem</h4>
+<p>Specification for <code>for_all f l</code> vs. mem</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">for_all_mem</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool))</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">for_all</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span> <span class="pl-c1">.</span> <span class="pl-en">memP</span> <span class="pl-en">x</span> <span class="pl-en">l</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+<span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">::</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">for_all_mem</span> <span class="pl-en">f</span> <span class="pl-en">q</span></pre></div>
+<h4>
+<a id="user-content-collect" class="anchor" href="#collect" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>collect</h4>
+<p><code>collect f l</code> applies <code>f</code> to each element of <code>l</code> and returns the
+concatenation of the results, in the order of the original elements of
+<code>l</code>. It is equivalent to <code>flatten (map f l)</code>. Requires, at
+type-checking time, <code>f</code> to be a pure total function. TODO: what is
+the difference with <a href="#concatMap"><code>concatMap</code></a>?</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">collect</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'b</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">collect</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+    <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">hd</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">collect</span> <span class="pl-en">f</span> <span class="pl-en">tl</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-tryfind" class="anchor" href="#tryfind" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>tryFind</h4>
+<p><code>tryFind f l</code> returns <code>Some x</code> for some element <code>x</code> appearing in
+<code>l</code> such that <code>f x</code> holds, or <code>None</code> only if no such <code>x</code>
+exists. Requires, at type-checking time, <code>f</code> to be a pure total
+function. Contrary to <a href="#find"><code>find</code></a>, <a href="#tryFind"><code>tryFind</code></a> provides no postcondition on
+its result.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">tryFind</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">option</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">tryFind</span> <span class="pl-en">p</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">None</span>
+    <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">if</span> <span class="pl-en">p</span> <span class="pl-en">hd</span> <span class="pl-k">then</span> <span class="pl-c1">Some</span> <span class="pl-en">hd</span> <span class="pl-k">else</span> <span class="pl-en">tryFind</span> <span class="pl-en">p</span> <span class="pl-en">tl</span></pre></div>
+<h4>
+<a id="user-content-trypick" class="anchor" href="#trypick" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>tryPick</h4>
+<p><code>tryPick f l</code> returns <code>y</code> for some element <code>x</code> appearing in <code>l</code>
+such that <code>f x = Some y</code> for some y, or <code>None</code> only if <code>f x = None</code>
+for all elements <code>x</code> of <code>l</code>. Requires, at type-checking time, <code>f</code> to
+be a pure total function.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">tryPick</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">option</span> <span class="pl-smi">'b</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">option</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">tryPick</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">None</span>
+    <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span>
+       <span class="pl-k">match</span> <span class="pl-en">f</span> <span class="pl-en">hd</span> <span class="pl-k">with</span>
+         <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Some</span> <span class="pl-en">x</span>
+         <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">tryPick</span> <span class="pl-en">f</span> <span class="pl-en">tl</span></pre></div>
+<h4>
+<a id="user-content-choose" class="anchor" href="#choose" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>choose</h4>
+<p><code>choose f l</code> returns the list of <code>y</code> for all elements <code>x</code>
+appearing in <code>l</code> such that <code>f x = Some y</code> for some <code>y</code>. Requires, at
+type-checking time, <code>f</code> to be a pure total function.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">choose</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">option</span> <span class="pl-smi">'b</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">choose</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+    <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span>
+       <span class="pl-k">match</span> <span class="pl-en">f</span> <span class="pl-en">hd</span> <span class="pl-k">with</span>
+         <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">::(</span><span class="pl-en">choose</span> <span class="pl-en">f</span> <span class="pl-en">tl</span><span class="pl-c1">)</span>
+         <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">choose</span> <span class="pl-en">f</span> <span class="pl-en">tl</span></pre></div>
+<h4>
+<a id="user-content-partition" class="anchor" href="#partition" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>partition</h4>
+<p><code>partition f l</code> returns the pair of lists <code>(l1, l2)</code> where all
+elements <code>x</code> of <code>l</code> are in <code>l1</code> if <code>f x</code> holds, and in <code>l2</code>
+otherwise. Both <code>l1</code> and <code>l2</code> retain the original order of
+<code>l</code>. Requires, at type-checking time, <code>f</code> to be a pure total
+function.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">partition</span><span class="pl-c1">:</span> <span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> * <span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">partition</span> <span class="pl-en">f</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[],</span> <span class="pl-c1">[]</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span>
+     <span class="pl-k">let</span> <span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">l2</span> <span class="pl-c1">=</span> <span class="pl-en">partition</span> <span class="pl-en">f</span> <span class="pl-en">tl</span> <span class="pl-k">in</span>
+     <span class="pl-k">if</span> <span class="pl-en">f</span> <span class="pl-en">hd</span>
+     <span class="pl-k">then</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">l2</span>
+     <span class="pl-k">else</span> <span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">l2</span></pre></div>
+<h4>
+<a id="user-content-subset" class="anchor" href="#subset" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>subset</h4>
+<p><code>subset la lb</code> is true if and only if all the elements from <code>la</code>
+are also in <code>lb</code>. Requires, at type-checking time, the type of
+elements of <code>la</code> and <code>lb</code> to have decidable equality.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">subset</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">subset</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">la</span> <span class="pl-en">lb</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">la</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">true</span>
+  <span class="pl-c1">|</span> <span class="pl-en">h</span> <span class="pl-c1">::</span> <span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span>  <span class="pl-en">mem</span> <span class="pl-en">h</span> <span class="pl-en">lb</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">subset</span> <span class="pl-en">tl</span> <span class="pl-en">lb</span></pre></div>
+<h4>
+<a id="user-content-norepeats" class="anchor" href="#norepeats" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>noRepeats</h4>
+<p><code>noRepeats l</code> returns <code>true</code> if, and only if, no element of <code>l</code>
+appears in <code>l</code> more than once. Requires, at type-checking time, the
+type of elements of <code>la</code> and <code>lb</code> to have decidable equality.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">noRepeats</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">noRepeats</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">la</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">la</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">true</span>
+  <span class="pl-c1">|</span> <span class="pl-en">h</span> <span class="pl-c1">::</span> <span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">not</span><span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">h</span> <span class="pl-en">tl</span><span class="pl-c1">)</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">noRepeats</span> <span class="pl-en">tl</span></pre></div>
+<h4>
+<a id="user-content-no_repeats_p" class="anchor" href="#no_repeats_p" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>no_repeats_p</h4>
+<p><code>no_repeats_p l</code> valid if, and only if, no element of <code>l</code>
+appears in <code>l</code> more than once.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">no_repeats_p</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">prop</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">no_repeats_p</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">la</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">la</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span>
+  <span class="pl-c1">|</span> <span class="pl-en">h</span> <span class="pl-c1">::</span> <span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">~(</span><span class="pl-en">memP</span> <span class="pl-en">h</span> <span class="pl-en">tl</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">no_repeats_p</span> <span class="pl-en">tl</span></pre></div>
+<p>List of tuples *</p>
+<h4>
+<a id="user-content-assoc" class="anchor" href="#assoc" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>assoc</h4>
+<p><code>assoc x l</code> returns <code>Some y</code> where <code>(x, y)</code> is the first element
+of <code>l</code> whose first element is <code>x</code>, or <code>None</code> only if no such element
+exists. Requires, at type-checking time, the type of <code>x</code> to have
+decidable equality. Named as in: OCaml.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">assoc</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">option</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">assoc</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">None</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">(</span><span class="pl-en">x'</span><span class="pl-c1">,</span> <span class="pl-en">y</span><span class="pl-c1">)::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">if</span> <span class="pl-en">x</span><span class="pl-c1">=</span><span class="pl-en">x'</span> <span class="pl-k">then</span> <span class="pl-c1">Some</span> <span class="pl-en">y</span> <span class="pl-k">else</span> <span class="pl-en">assoc</span> <span class="pl-en">x</span> <span class="pl-en">tl</span></pre></div>
+<h4>
+<a id="user-content-split" class="anchor" href="#split" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>split</h4>
+<p><a href="#split"><code>split</code></a> takes a list of pairs <code>(x1, y1), ..., (xn, yn)</code> and
+returns the pair of lists (<code>x1, ..., xn</code>, <code>y1, ..., yn</code>). Named as in:
+OCaml</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">split</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> * <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> * <span class="pl-en">list</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">split</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">([],[])</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">(</span><span class="pl-en">hd1</span><span class="pl-c1">,</span><span class="pl-en">hd2</span><span class="pl-c1">)::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span>
+       <span class="pl-k">let</span> <span class="pl-c1">(</span><span class="pl-en">tl1</span><span class="pl-c1">,</span><span class="pl-en">tl2</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">split</span> <span class="pl-en">tl</span> <span class="pl-k">in</span>
+       <span class="pl-c1">(</span><span class="pl-en">hd1</span><span class="pl-c1">::</span><span class="pl-en">tl1</span><span class="pl-c1">,</span><span class="pl-en">hd2</span><span class="pl-c1">::</span><span class="pl-en">tl2</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-unzip" class="anchor" href="#unzip" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>unzip</h4>
+<p><a href="#unzip"><code>unzip</code></a> takes a list of pairs <code>(x1, y1), ..., (xn, yn)</code> and
+returns the pair of lists (<code>x1, ..., xn</code>, <code>y1, ..., yn</code>). Named as in:
+Haskell</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">unzip</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-en">split</span> <span class="pl-en">l</span></pre></div>
+<h4>
+<a id="user-content-unzip3" class="anchor" href="#unzip3" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>unzip3</h4>
+<p><a href="#unzip3"><code>unzip3</code></a> takes a list of triples <code>(x1, y1, z1), ..., (xn, yn, zn)</code>
+and returns the triple of lists (<code>x1, ..., xn</code>, <code>y1, ..., yn</code>, `z1,
+..., zn]). Named as in: Haskell</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">unzip3</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> * <span class="pl-smi">'b</span> * <span class="pl-smi">'c</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> * <span class="pl-en">list</span> <span class="pl-smi">'b</span> * <span class="pl-en">list</span> <span class="pl-smi">'c</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">unzip3</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">([],[],[])</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">(</span><span class="pl-en">hd1</span><span class="pl-c1">,</span><span class="pl-en">hd2</span><span class="pl-c1">,</span><span class="pl-en">hd3</span><span class="pl-c1">)::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span>
+       <span class="pl-k">let</span> <span class="pl-c1">(</span><span class="pl-en">tl1</span><span class="pl-c1">,</span><span class="pl-en">tl2</span><span class="pl-c1">,</span><span class="pl-en">tl3</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">unzip3</span> <span class="pl-en">tl</span> <span class="pl-k">in</span>
+       <span class="pl-c1">(</span><span class="pl-en">hd1</span><span class="pl-c1">::</span><span class="pl-en">tl1</span><span class="pl-c1">,</span><span class="pl-en">hd2</span><span class="pl-c1">::</span><span class="pl-en">tl2</span><span class="pl-c1">,</span><span class="pl-en">hd3</span><span class="pl-c1">::</span><span class="pl-en">tl3</span><span class="pl-c1">)</span></pre></div>
+<p>Splitting a list at some index *</p>
+<h4>
+<a id="user-content-splitat" class="anchor" href="#splitat" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>splitAt</h4>
+<p><a href="#splitAt"><code>splitAt</code></a> takes a natural number n and a list and returns a pair
+of the maximal prefix of l of size smaller than n and the rest of
+the list</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">splitAt</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-en">a</span> * <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-c1">[],</span> <span class="pl-en">l</span>
+  <span class="pl-k">else</span>
+    <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[],</span> <span class="pl-en">l</span>
+    <span class="pl-c1">|</span> <span class="pl-en">x</span> <span class="pl-c1">::</span> <span class="pl-en">xs</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">let</span> <span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">l2</span> <span class="pl-c1">=</span> <span class="pl-en">splitAt</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">-</span><span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">xs</span> <span class="pl-k">in</span> <span class="pl-en">x</span> <span class="pl-c1">::</span> <span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">l2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">lemma_splitAt_snd_length</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">n</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">snd</span> <span class="pl-c1">(</span><span class="pl-en">splitAt</span> <span class="pl-en">n</span> <span class="pl-en">l</span><span class="pl-c1">))</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">-</span> <span class="pl-en">n</span><span class="pl-c1">))</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">n</span><span class="pl-c1">,</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">0</span><span class="pl-c1">,</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">_</span> <span class="pl-c1">::</span> <span class="pl-en">l'</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">lemma_splitAt_snd_length</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">l'</span></pre></div>
+<h4>
+<a id="user-content-unsnoc" class="anchor" href="#unsnoc" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>unsnoc</h4>
+<p><a href="#unsnoc"><code>unsnoc</code></a> is an inverse of <a href="#snoc"><code>snoc</code></a>. It splits a list into
+all-elements-except-last and last element.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">unsnoc</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">l</span> &gt; <span class="pl-c1">0</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-en">a</span> * <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">unsnoc</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">l</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">l2</span> <span class="pl-c1">=</span> <span class="pl-en">splitAt</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">l</span> <span class="pl-k">in</span>
+  <span class="pl-en">lemma_splitAt_snd_length</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">l</span><span class="pl-c1">;</span>
+  <span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">hd</span> <span class="pl-en">l2</span></pre></div>
+<h4>
+<a id="user-content-split3" class="anchor" href="#split3" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>split3</h4>
+<p><a href="#split3"><code>split3</code></a> splits a list into 3 parts. This allows easy access to
+the part of the list before and after the element, as well as the
+element itself.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">split3</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-en">a</span> * <span class="pl-en">a</span> * <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">split3</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">l</span> <span class="pl-en">i</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">a</span><span class="pl-c1">,</span> <span class="pl-en">as</span> <span class="pl-c1">=</span> <span class="pl-en">splitAt</span> <span class="pl-en">i</span> <span class="pl-en">l</span> <span class="pl-k">in</span>
+  <span class="pl-en">lemma_splitAt_snd_length</span> <span class="pl-en">i</span> <span class="pl-en">l</span><span class="pl-c1">;</span>
+  <span class="pl-k">let</span> <span class="pl-en">b</span> <span class="pl-c1">::</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">as</span> <span class="pl-k">in</span>
+  <span class="pl-en">a</span><span class="pl-c1">,</span> <span class="pl-en">b</span><span class="pl-c1">,</span> <span class="pl-en">c</span></pre></div>
+<p>Sorting (implemented as quicksort) *</p>
+<h4>
+<a id="user-content-partition_length" class="anchor" href="#partition_length" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>partition_length</h4>
+<p><a href="#partition"><code>partition</code></a> splits a list <code>l</code> into two lists, the sum of whose
+lengths is the length of <code>l</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">partition_length</span><span class="pl-c1">:</span> <span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool)</span>
+                    <span class="pl-c1">-&gt;</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span>
+                    <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+                            <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">fst</span> <span class="pl-c1">(</span><span class="pl-en">partition</span> <span class="pl-en">f</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+                                      <span class="pl-c1">+</span> <span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">snd</span> <span class="pl-c1">(</span><span class="pl-en">partition</span> <span class="pl-en">f</span> <span class="pl-en">l</span><span class="pl-c1">))</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">partition_length</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">partition_length</span> <span class="pl-en">f</span> <span class="pl-en">tl</span></pre></div>
+<h4>
+<a id="user-content-bool_of_compare" class="anchor" href="#bool_of_compare" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>bool_of_compare</h4>
+<p><a href="#bool_of_compare"><code>bool_of_compare</code></a> turns a comparison function into a strict
+order. More precisely, <code>bool_of_compare compare x y</code> returns true
+if, and only if, <code>compare x y</code> is negative, meaning <code>x</code> precedes
+<code>y</code> in the ordering defined by compare.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">bool_of_compare</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span>
+<span class="pl-k">let</span> <span class="pl-en">bool_of_compare</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">y</span> &lt; <span class="pl-c1">0</span></pre></div>
+<p>This is used in sorting, and is defined to be consistent with
+OCaml and F#, where sorting is performed in ascending order.</p>
+<h4>
+<a id="user-content-compare_of_bool" class="anchor" href="#compare_of_bool" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>compare_of_bool</h4>
+<p><a href="#compare_of_bool"><code>compare_of_bool</code></a> turns a strict order into a comparison
+function. More precisely, <code>compare_of_bool rel x y</code> returns a positive
+number if, and only if, x <code>rel</code> y holds. Inspired from OCaml, where
+polymorphic comparison using both the <code>compare</code> function and the (&gt;)
+infix operator are such that <code>compare x y</code> is positive if, and only
+if, x &gt; y. Requires, at type-checking time, <code>rel</code> to be a pure total
+function.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">compare_of_bool</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">int</span>
+<span class="pl-k">let</span> <span class="pl-en">compare_of_bool</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">rel</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">=</span>
+    <span class="pl-k">if</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">rel</span><span class="pl-c1">`</span> <span class="pl-en">y</span>  <span class="pl-k">then</span> <span class="pl-c1">-</span><span class="pl-c1">1</span>
+    <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">y</span> <span class="pl-k">then</span> <span class="pl-c1">0</span>
+    <span class="pl-k">else</span> <span class="pl-c1">1</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">compare_of_bool_of_compare</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">.</span> <span class="pl-en">bool_of_compare</span> <span class="pl-c1">(</span><span class="pl-en">compare_of_bool</span> <span class="pl-en">f</span><span class="pl-c1">)</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<h4>
+<a id="user-content-sortwith" class="anchor" href="#sortwith" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>sortWith</h4>
+<p><code>sortWith compare l</code> returns the list <code>l'</code> containing the elements
+of <code>l</code> sorted along the comparison function <code>compare</code>, in such a
+way that if <code>compare x y &gt; 0</code>, then <code>x</code> appears before <code>y</code> in
+<code>l'</code>. Sorts in ascending order</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sortWith</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">sortWith</span> <span class="pl-en">f</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+  <span class="pl-c1">|</span> <span class="pl-en">pivot</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span>
+     <span class="pl-k">let</span> <span class="pl-en">hi</span><span class="pl-c1">,</span> <span class="pl-en">lo</span> <span class="pl-c1">=</span> <span class="pl-en">partition</span> <span class="pl-c1">(</span><span class="pl-en">bool_of_compare</span> <span class="pl-en">f</span> <span class="pl-en">pivot</span><span class="pl-c1">)</span> <span class="pl-en">tl</span> <span class="pl-k">in</span>
+     <span class="pl-en">partition_length</span> <span class="pl-c1">(</span><span class="pl-en">bool_of_compare</span> <span class="pl-en">f</span> <span class="pl-en">pivot</span><span class="pl-c1">)</span> <span class="pl-en">tl</span><span class="pl-c1">;</span>
+     <span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">sortWith</span> <span class="pl-en">f</span> <span class="pl-en">lo</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">pivot</span><span class="pl-c1">::</span><span class="pl-en">sortWith</span> <span class="pl-en">f</span> <span class="pl-en">hi</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-strict_suffix_of" class="anchor" href="#strict_suffix_of" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>strict_suffix_of</h4>
+<p>A l1 is a strict suffix of l2.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">strict_suffix_of</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">Type0</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">l2</span><span class="pl-c1">)</span>
+<span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l2</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">False</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">::</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l1</span> <span class="pl-c1">==</span> <span class="pl-en">q</span> <span class="pl-c1">\/</span> <span class="pl-en">l1</span> <span class="pl-c1">`</span><span class="pl-en">strict_suffix_of</span><span class="pl-c1">`</span> <span class="pl-en">q</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>This function was misnamed: Please use 'strict_suffix_of'<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">strict_prefix_of</span> <span class="pl-c1">=</span> <span class="pl-en">strict_suffix_of</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">list_unref</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">})</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">list_unref</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-en">l</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+    <span class="pl-c1">|</span> <span class="pl-en">x</span><span class="pl-c1">::</span><span class="pl-en">xs</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span> <span class="pl-c1">::</span> <span class="pl-en">list_unref</span> <span class="pl-en">xs</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">list_refb</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span> <span class="pl-c1">{</span> <span class="pl-en">for_all</span> <span class="pl-en">p</span> <span class="pl-en">l</span> <span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">l'</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">{</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-c1">})</span> <span class="pl-c1">{</span>
+    <span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">l'</span> <span class="pl-c1">/\</span>
+    <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">i</span><span class="pl-c1">.</span> <span class="pl-c1">{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">l</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">}</span> <span class="pl-en">index</span> <span class="pl-en">l</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">index</span> <span class="pl-en">l'</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">list_refb</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-en">l</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span> <span class="pl-c1">::</span> <span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">hd</span> <span class="pl-c1">::</span> <span class="pl-en">list_refb</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-en">tl</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">list_ref</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">prop</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span> <span class="pl-c1">{</span>
+  <span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-c1">{:pattern</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">l</span><span class="pl-c1">}</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">l</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">p</span> <span class="pl-en">x</span>
+<span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">l'</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">{</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-c1">})</span> <span class="pl-c1">{</span>
+    <span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">l'</span> <span class="pl-c1">/\</span>
+    <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">i</span><span class="pl-c1">.</span> <span class="pl-c1">{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">l</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">}</span> <span class="pl-en">index</span> <span class="pl-en">l</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">index</span> <span class="pl-en">l'</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">list_ref</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-en">l</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span> <span class="pl-c1">::</span> <span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">hd</span> <span class="pl-en">l</span><span class="pl-c1">);</span>
+      <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">hd</span><span class="pl-c1">);</span>
+      <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-c1">{:pattern</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">tl</span><span class="pl-c1">}</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">tl</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">l</span><span class="pl-c1">);</span>
+      <span class="pl-en">hd</span> <span class="pl-c1">::</span> <span class="pl-en">list_ref</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-en">tl</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.List.Tot.Properties.html b/docs/FStar.List.Tot.Properties.html
index 8324441..7543af3 100644
--- a/docs/FStar.List.Tot.Properties.html
+++ b/docs/FStar.List.Tot.Properties.html
@@ -1,129 +1,1013 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.List.Tot.Properties</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.list.tot.properties">module FStar.List.Tot.Properties</h1>
-<p>Properties of pure total operations on lists</p>
-<p>This module states and proves some properties about pure and total operations on lists.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> (llist a (n:nat)):l:list a:{=(length l, n)}</code></pre></div>
+<h1>
+<a id="user-content-fstarlisttotproperties" class="anchor" href="#fstarlisttotproperties" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.List.Tot.Properties</h1>
+<ul>
+<li>Opens module <a href="FStar.List.Tot.Base.html">FStar.List.Tot.Base</a>
+This module states and proves some properties about pure and total
+operations on lists.</li>
+</ul>
+<p>@summary Properties of pure total operations on lists</p>
+<h4>
+<a id="user-content-llist" class="anchor" href="#llist" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>llist</h4>
 <p>A list indexed by its length *</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> Properties about mem *</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> mem_empty:Unidentified product: [#a:eqtype] Unidentified product: [x:a] (Lemma ((requires (mem x (Prims<span class="kw">.</span>Nil )))) ((ensures False)))</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">llist</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">=</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span> <span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">}</span></pre></div>
+<p>Properties about mem *</p>
+<h4>
+<a id="user-content-mem_empty" class="anchor" href="#mem_empty" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>mem_empty</h4>
 <p>The empty list has no elements</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> mem_existsb:Unidentified product: [#a:eqtype] Unidentified product: [f:(Unidentified product: [a] (Tot <span class="dt">bool</span>))] Unidentified product: [xs:list a] (Lemma ((ensures (&lt;==&gt;(existsb f xs, (exists x:a.{:pattern } (/\(=(f x, <span class="kw">true</span>), mem x xs))))))))</code></pre></div>
-<p>Full specification for [existsb]: [existsb f xs] holds if, and only if, there exists an element [x] of [xs] such that [f x] holds.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> Properties about rev *</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> rev_mem:Unidentified product: [#a:eqtype] Unidentified product: [l:list a] Unidentified product: [x:a] (Lemma ((requires True)) ((ensures (&lt;==&gt;(mem x (rev l), mem x l)))))</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mem_empty</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">[]))</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">False</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">mem_empty</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<h4>
+<a id="user-content-mem_existsb" class="anchor" href="#mem_existsb" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>mem_existsb</h4>
+<p>Full specification for <code>existsb</code>: <code>existsb f xs</code> holds if, and
+only if, there exists an element <code>x</code> of <code>xs</code> such that <code>f x</code> holds.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mem_existsb</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">xs</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span><span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">existsb</span> <span class="pl-en">f</span> <span class="pl-en">xs</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">true</span> <span class="pl-c1">/\</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">xs</span><span class="pl-c1">))))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">mem_existsb</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">xs</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">xs</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mem_existsb</span> <span class="pl-en">f</span> <span class="pl-en">tl</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">mem_count</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">l</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">count</span> <span class="pl-en">x</span> <span class="pl-en">l</span> &gt; <span class="pl-c1">0</span><span class="pl-c1">)</span>
+<span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">x'</span> <span class="pl-c1">::</span> <span class="pl-en">l'</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mem_count</span> <span class="pl-en">l'</span> <span class="pl-en">x</span></pre></div>
+<p>Properties about rev *</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">rev_acc_length</span> <span class="pl-c1">:</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">acc</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">rev_acc</span> <span class="pl-en">l</span> <span class="pl-en">acc</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">+</span> <span class="pl-en">length</span> <span class="pl-en">acc</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">rev_acc_length</span> <span class="pl-en">l</span> <span class="pl-en">acc</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+    <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">rev_acc_length</span> <span class="pl-en">tl</span> <span class="pl-c1">(</span><span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">acc</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">rev_length</span> <span class="pl-c1">:</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">rev</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">rev_length</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-en">rev_acc_length</span> <span class="pl-en">l</span> <span class="pl-c1">[]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">rev_acc_mem</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">acc</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">rev_acc</span> <span class="pl-en">l</span> <span class="pl-en">acc</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">l</span> <span class="pl-c1">\/</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">acc</span><span class="pl-c1">)))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">rev_acc_mem</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">l</span> <span class="pl-en">acc</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+    <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">rev_acc_mem</span> <span class="pl-en">tl</span> <span class="pl-c1">(</span><span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">acc</span><span class="pl-c1">)</span> <span class="pl-en">x</span></pre></div>
+<h4>
+<a id="user-content-rev_mem" class="anchor" href="#rev_mem" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>rev_mem</h4>
 <p>A list and its reversed have the same elements</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> Properties about append *</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((lemma_append_last (#a:Type) (l1:list a) (l2:list a)):(Lemma ((requires (&gt;(length l2, <span class="dv">0</span>)))) ((ensures (==(last (@(l1, l2)), last l2)))))):<span class="kw">match</span> l1 <span class="kw">with</span> []  -&gt; () | (Prims<span class="kw">.</span>Cons _ l1&#39;)  -&gt; lemma_append_last l1&#39; l2</code></pre></div>
-<p>The [last] element of a list remains the same, even after that list is [append]ed to another list.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> Properties mixing rev <span class="kw">and</span> append *</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> Properties about snoc </code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> Reverse induction principle *</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> Properties about iterators *</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> Properties about unsnoc </code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> lemma_unsnoc_snoc:Unidentified product: [#a:Type] Unidentified product: [l:l:list a:{&gt;(length l, <span class="dv">0</span>)}] (Lemma ((requires True)) ((ensures (==(snoc (unsnoc l), l)))) (Prims<span class="kw">.</span>Cons (SMTPat (snoc (unsnoc l))) (Prims<span class="kw">.</span>Nil )))</code></pre></div>
-<p>[unsnoc] is the inverse of [snoc]</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> lemma_snoc_unsnoc:Unidentified product: [#a:Type] Unidentified product: [lx:<span class="co">(*(list a, a))] (Lemma ((requires True)) ((ensures (==(unsnoc (snoc lx), lx)))) (decreases (length (fst (lx)))) (Prims.Cons (SMTPat (unsnoc (snoc lx))) (Prims.Nil )))</span></code></pre></div>
-<p>[snoc] is the inverse of [unsnoc]</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> lemma_unsnoc_length:Unidentified product: [#a:Type] Unidentified product: [l:l:list a:{&gt;(length l, <span class="dv">0</span>)}] (Lemma ((requires True)) ((ensures (==(length (fst (unsnoc l)), -(length l, <span class="dv">1</span>))))))</code></pre></div>
-<p>Doing an [unsnoc] gives us a list that is shorter in length by 1</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((lemma_unsnoc_append (#a:Type) (l1:list a) (l2:list a)):(Lemma ((requires (&gt;(length l2, <span class="dv">0</span>)))) ((ensures (<span class="kw">let</span>  (<span class="kw">as</span>, a) = unsnoc (@(l1, l2)) <span class="kw">in</span> <span class="kw">let</span>  (bs, b) = unsnoc l2 <span class="kw">in</span> /\(==(<span class="kw">as</span>, @(l1, bs)), ==(a, b))))))):<span class="kw">match</span> l1 <span class="kw">with</span> []  -&gt; () | (Prims<span class="kw">.</span>Cons _ l1&#39;)  -&gt; lemma_unsnoc_append l1&#39; l2</code></pre></div>
-<p>[unsnoc] followed by [append] can be connected to the same vice-versa.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((lemma_unsnoc_is_last (#t:Type) (l:list t)):(Lemma ((requires (&gt;(length l, <span class="dv">0</span>)))) ((ensures (/\(==(snd (unsnoc l), last l), ==(snd (unsnoc l), index l (-(length l, <span class="dv">1</span>))))))))):<span class="kw">match</span> l <span class="kw">with</span> [_]  -&gt; () | _  -&gt; lemma_unsnoc_is_last (tl l)</code></pre></div>
-<p>[unsnoc] gives you [last] element, which is [index]ed at [length l - 1]</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((lemma_unsnoc_index (#t:Type) (l:list t) (i:nat)):(Lemma ((requires (/\(&gt;(length l, <span class="dv">0</span>), &lt;(i, -(length l, <span class="dv">1</span>)))))) ((ensures (/\(&lt;(i, length (fst (unsnoc l))), ==(index (fst (unsnoc l)) i, index l i))))))):<span class="kw">match</span> i <span class="kw">with</span> <span class="dv">0</span>  -&gt; () | _  -&gt; lemma_unsnoc_index (tl l) (-(i, <span class="dv">1</span>))</code></pre></div>
-<p>[index]ing on the left part of an [unsnoc]d list is the same as indexing the original list.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> Definition <span class="kw">and</span> properties about [split_using] </code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((split_using (#t:Type) (l:list t) (x:x:t:{memP x l})):(GTot (r:<span class="co">(*(list t, list t))))):match l with [_]  -&gt; (FStar.Pervasives.Native.Mktuple2 (Prims.Nil ) l) | (Prims.Cons a as)  -&gt; if FStar.StrongExcludedMiddle.strong_excluded_middle (==(a, x)) then ((FStar.Pervasives.Native.Mktuple2 (Prims.Nil ) l)) else (let  (l1&#39;, l2&#39;) = split_using as x in (FStar.Pervasives.Native.Mktuple2 (Prims.Cons a l1&#39;) l2&#39;))</span></code></pre></div>
-<p>[split_using] splits a list at the first instance of finding an element in it.</p>
-<pre><code>NOTE: Uses [strong_excluded_middle] axiom. </code></pre>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> Definition <span class="kw">of</span> [index_of] </code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((index_of (#t:Type) (l:list t) (x:x:t:{memP x l})):(GTot (i:nat:{/\(&lt;(i, length l), ==(index l i, x))}))):<span class="kw">match</span> l <span class="kw">with</span> [_]  -&gt; <span class="dv">0</span> | (Prims<span class="kw">.</span>Cons a <span class="kw">as</span>)  -&gt; <span class="kw">if</span> FStar<span class="kw">.</span>StrongExcludedMiddle<span class="kw">.</span>strong_excluded_middle (==(a, x)) <span class="kw">then</span> (<span class="dv">0</span>) <span class="kw">else</span> (+(<span class="dv">1</span>, index_of <span class="kw">as</span> x))</code></pre></div>
-<p>[index_of l x] gives the index of the leftmost [x] in [l].</p>
-<pre><code>NOTE: Uses [strong_excluded_middle] axiom. </code></pre>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> Properties about partition *</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> partition_mem:Unidentified product: [#a:eqtype] Unidentified product: [f:(Unidentified product: [a] (Tot <span class="dt">bool</span>))] Unidentified product: [l:list a] Unidentified product: [x:a] (Lemma ((requires True)) ((ensures (<span class="kw">let</span>  (l1, l2) = partition f l <span class="kw">in</span> =(mem x l, (||(mem x l1, mem x l2)))))))</code></pre></div>
-<p>If [partition f l = (l1, l2)], then for any [x], [x] is in [l] if and only if [x] is in either one of [l1] or [l2]</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> partition_mem_forall:Unidentified product: [#a:eqtype] Unidentified product: [f:(Unidentified product: [a] (Tot <span class="dt">bool</span>))] Unidentified product: [l:list a] (Lemma ((requires True)) ((ensures (<span class="kw">let</span>  (l1, l2) = partition f l <span class="kw">in</span> (forall x.{:pattern } =(mem x l, (||(mem x l1, mem x l2))))))))</code></pre></div>
-<p>Same as [partition_mem], but using [forall]</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> partition_mem_p_forall:Unidentified product: [#a:eqtype] Unidentified product: [p:(Unidentified product: [a] (Tot <span class="dt">bool</span>))] Unidentified product: [l:list a] (Lemma ((requires True)) ((ensures (<span class="kw">let</span>  (l1, l2) = partition p l <span class="kw">in</span> /\((forall x.{:pattern } ==&gt;(mem x l1, p x)), (forall x.{:pattern } ==&gt;(mem x l2, <span class="kw">not</span> (p x))))))))</code></pre></div>
-<p>If [partition f l = (l1, l2)], then for any [x], if [x] is in [l1] (resp. [l2]), then [f x] holds (resp. does not hold)</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> partition_count:Unidentified product: [#a:eqtype] Unidentified product: [f:(Unidentified product: [a] (Tot <span class="dt">bool</span>))] Unidentified product: [l:list a] Unidentified product: [x:a] (Lemma ((requires True)) ((ensures (=(count x l, (+(count x (fst (partition f l)), count x (snd (partition f l)))))))))</code></pre></div>
-<p>If [partition f l = (l1, l2)], then the number of occurrences of any [x] in [l] is the same as the sum of the number of occurrences in [l1] and [l2].</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> partition_count_forall:Unidentified product: [#a:eqtype] Unidentified product: [f:(Unidentified product: [a] (Tot <span class="dt">bool</span>))] Unidentified product: [l:list a] (Lemma ((requires True)) ((ensures (forall x.{:pattern } =(count x l, (+(count x (fst (partition f l)), count x (snd (partition f l)))))))))</code></pre></div>
-<p>Same as [partition_count], but using [forall]</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> Correctness <span class="kw">of</span> quicksort *</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> sortWith_permutation:Unidentified product: [#a:eqtype] Unidentified product: [f:(Unidentified product: [a] Unidentified product: [a] (Tot <span class="dt">int</span>))] Unidentified product: [l:list a] (Lemma ((requires True)) ((ensures (forall x.{:pattern } =(count x l, count x (sortWith f l))))) (decreases (length l)))</code></pre></div>
-<p>Correctness of [sortWith], part 1/2: the number of occurrences of any [x] in [sortWith f l] is the same as the number of occurrences in [l].</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> sorted:Unidentified product: [(Unidentified product: [&#39;a] Unidentified product: [&#39;a] (Tot <span class="dt">bool</span>))] Unidentified product: [list &#39;a] (Tot <span class="dt">bool</span>)</code></pre></div>
-<p>[sorted f l] holds if, and only if, any two consecutive elements [x], [y] of [l] are such that [f x y] holds.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">typeabbrev </code></pre></div>
-<p>[f] is a total order if, and only if, it is reflexive, anti-symmetric, transitive and total.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> append_sorted:Unidentified product: [#a:eqtype] Unidentified product: [f:(Unidentified product: [a] Unidentified product: [a] (Tot <span class="dt">bool</span>))] Unidentified product: [l1:l1:list a:{sorted f l1}] Unidentified product: [l2:l2:list a:{sorted f l2}] Unidentified product: [pivot:a] (Lemma ((requires (/\(/\(total_order #a f, (forall y.{:pattern } ==&gt;(mem y l1, <span class="kw">not</span> (f pivot y)))), (forall y.{:pattern } ==&gt;(mem y l2, f pivot y)))))) ((ensures (sorted f (@(l1, ((Prims<span class="kw">.</span>Cons pivot l2))))))) (Prims<span class="kw">.</span>Cons (SMTPat (sorted f (@(l1, ((Prims<span class="kw">.</span>Cons pivot l2)))))) (Prims<span class="kw">.</span>Nil )))</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">rev_mem</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">rev</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">rev_mem</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">l</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">rev_acc_mem</span> <span class="pl-en">l</span> <span class="pl-c1">[]</span> <span class="pl-en">x</span></pre></div>
+<p>Properties about append *</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">append_nil_l</span><span class="pl-c1">:</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">([]</span>@<span class="pl-en">l</span> <span class="pl-c1">==</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">append_nil_l</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">append_l_nil</span><span class="pl-c1">:</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">l</span>@<span class="pl-c1">[]</span> <span class="pl-c1">==</span> <span class="pl-en">l</span><span class="pl-c1">))</span> <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">l</span>@<span class="pl-c1">[])]</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">append_l_nil</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">append_l_nil</span> <span class="pl-en">tl</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">append_cons_l</span><span class="pl-c1">:</span> <span class="pl-en">hd</span><span class="pl-c1">:</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">tl</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(((</span><span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span><span class="pl-c1">)</span>@<span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-en">hd</span><span class="pl-c1">::(</span><span class="pl-en">tl</span>@<span class="pl-en">l</span><span class="pl-c1">))))</span>
+<span class="pl-k">let</span> <span class="pl-en">append_cons_l</span> <span class="pl-en">hd</span> <span class="pl-en">tl</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">append_l_cons</span><span class="pl-c1">:</span> <span class="pl-en">hd</span><span class="pl-c1">:</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">tl</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">((</span><span class="pl-en">l</span>@<span class="pl-c1">(</span><span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span><span class="pl-c1">))</span> <span class="pl-c1">==</span> <span class="pl-c1">((</span><span class="pl-en">l</span>@<span class="pl-c1">[</span><span class="pl-en">hd</span><span class="pl-c1">])</span>@<span class="pl-en">tl</span><span class="pl-c1">)))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">append_l_cons</span> <span class="pl-en">hd</span> <span class="pl-en">tl</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+    <span class="pl-c1">|</span> <span class="pl-en">hd'</span><span class="pl-c1">::</span><span class="pl-en">tl'</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">append_l_cons</span> <span class="pl-en">hd</span> <span class="pl-en">tl</span> <span class="pl-en">tl'</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">append_assoc</span><span class="pl-c1">:</span> <span class="pl-en">l1</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l2</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l3</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">((</span><span class="pl-en">l1</span>@<span class="pl-c1">(</span><span class="pl-en">l2</span>@<span class="pl-en">l3</span><span class="pl-c1">))</span> <span class="pl-c1">==</span> <span class="pl-c1">((</span><span class="pl-en">l1</span>@<span class="pl-en">l2</span><span class="pl-c1">)</span>@<span class="pl-en">l3</span><span class="pl-c1">)))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">append_assoc</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-en">l3</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l1</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+    <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">append_assoc</span> <span class="pl-en">tl</span> <span class="pl-en">l2</span> <span class="pl-en">l3</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">append_length</span><span class="pl-c1">:</span> <span class="pl-en">l1</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l2</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">l1</span>@<span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">l1</span> <span class="pl-c1">+</span> <span class="pl-en">length</span> <span class="pl-en">l2</span><span class="pl-c1">))</span> <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> @ <span class="pl-en">l2</span><span class="pl-c1">))]</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">append_length</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l1</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">append_length</span> <span class="pl-en">tl</span> <span class="pl-en">l2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">append_mem</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">t</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span>  <span class="pl-en">l1</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">t</span>
+              <span class="pl-c1">-&gt;</span> <span class="pl-en">l2</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">t</span>
+              <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span>
+              <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+                       <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">l1</span>@<span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">a</span> <span class="pl-en">l1</span> <span class="pl-c1">||</span> <span class="pl-en">mem</span> <span class="pl-en">a</span> <span class="pl-en">l2</span><span class="pl-c1">)))</span></pre></div>
+<p><code>SMTPat (mem a (l1@l2))</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">append_mem</span> <span class="pl-c1">#</span><span class="pl-en">t</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l1</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">append_mem</span> <span class="pl-en">tl</span> <span class="pl-en">l2</span> <span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">append_mem_forall</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l1</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span>
+              <span class="pl-c1">-&gt;</span> <span class="pl-en">l2</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span>
+              <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+                       <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">a</span><span class="pl-c1">.</span> <span class="pl-en">mem</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">l1</span>@<span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">a</span> <span class="pl-en">l1</span> <span class="pl-c1">||</span> <span class="pl-en">mem</span> <span class="pl-en">a</span> <span class="pl-en">l2</span><span class="pl-c1">)))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">append_mem_forall</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l1</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">append_mem_forall</span> <span class="pl-en">tl</span> <span class="pl-en">l2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">append_count</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">t</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span>  <span class="pl-en">l1</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">t</span>
+              <span class="pl-c1">-&gt;</span> <span class="pl-en">l2</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">t</span>
+              <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span>
+              <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+                       <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">count</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">l1</span>@<span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">count</span> <span class="pl-en">a</span> <span class="pl-en">l1</span> <span class="pl-c1">+</span> <span class="pl-en">count</span> <span class="pl-en">a</span> <span class="pl-en">l2</span><span class="pl-c1">)))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">append_count</span> <span class="pl-c1">#</span><span class="pl-en">t</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l1</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">append_count</span> <span class="pl-en">tl</span> <span class="pl-en">l2</span> <span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">append_count_forall</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span>  <span class="pl-en">l1</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span>
+              <span class="pl-c1">-&gt;</span> <span class="pl-en">l2</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span>
+              <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+                       <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">a</span><span class="pl-c1">.</span> <span class="pl-en">count</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">l1</span>@<span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">count</span> <span class="pl-en">a</span> <span class="pl-en">l1</span> <span class="pl-c1">+</span> <span class="pl-en">count</span> <span class="pl-en">a</span> <span class="pl-en">l2</span><span class="pl-c1">)))</span></pre></div>
+<p><code>SMTPat (l1@l2)</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">append_count_forall</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l1</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">append_count_forall</span> <span class="pl-en">tl</span> <span class="pl-en">l2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">append_eq_nil</span><span class="pl-c1">:</span> <span class="pl-en">l1</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l2</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">l1</span>@<span class="pl-en">l2</span> <span class="pl-c1">==</span> <span class="pl-c1">[]))</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-c1">==</span> <span class="pl-c1">[]</span> <span class="pl-c1">/\</span> <span class="pl-en">l2</span> <span class="pl-c1">==</span> <span class="pl-c1">[]))</span>
+<span class="pl-k">let</span> <span class="pl-en">append_eq_nil</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">append_eq_singl</span><span class="pl-c1">:</span> <span class="pl-en">l1</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l2</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">l1</span>@<span class="pl-en">l2</span> <span class="pl-c1">==</span> <span class="pl-c1">[</span><span class="pl-en">x</span><span class="pl-c1">]))</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">((</span><span class="pl-en">l1</span> <span class="pl-c1">==</span> <span class="pl-c1">[</span><span class="pl-en">x</span><span class="pl-c1">]</span> <span class="pl-c1">/\</span> <span class="pl-en">l2</span> <span class="pl-c1">==</span> <span class="pl-c1">[])</span> <span class="pl-c1">\/</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-c1">==</span> <span class="pl-c1">[]</span> <span class="pl-c1">/\</span> <span class="pl-en">l2</span> <span class="pl-c1">==</span> <span class="pl-c1">[</span><span class="pl-en">x</span><span class="pl-c1">])))</span>
+<span class="pl-k">let</span> <span class="pl-en">append_eq_singl</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">append_inv_head</span><span class="pl-c1">:</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l1</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l2</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">((</span><span class="pl-en">l</span>@<span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-en">l</span>@<span class="pl-en">l2</span><span class="pl-c1">)))</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-c1">==</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">append_inv_head</span> <span class="pl-en">l</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+    <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">append_inv_head</span> <span class="pl-en">tl</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">append_inv_tail</span><span class="pl-c1">:</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l1</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l2</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">((</span><span class="pl-en">l1</span>@<span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-en">l2</span>@<span class="pl-en">l</span><span class="pl-c1">)))</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-c1">==</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">append_inv_tail</span> <span class="pl-en">l</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">l2</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[],</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+    <span class="pl-c1">|</span> <span class="pl-en">hd1</span><span class="pl-c1">::</span><span class="pl-en">tl1</span><span class="pl-c1">,</span> <span class="pl-en">hd2</span><span class="pl-c1">::</span><span class="pl-en">tl2</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">append_inv_tail</span> <span class="pl-en">l</span> <span class="pl-en">tl1</span> <span class="pl-en">tl2</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[],</span> <span class="pl-en">hd2</span><span class="pl-c1">::</span><span class="pl-en">tl2</span> <span class="pl-c1">-&gt;</span>
+       <span class="pl-c1">(</span><span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+          <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+          <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">append_l_cons</span> <span class="pl-en">hd</span> <span class="pl-en">tl</span> <span class="pl-en">tl2</span><span class="pl-c1">;</span> <span class="pl-en">append_inv_tail</span> <span class="pl-en">tl</span> <span class="pl-c1">[]</span> <span class="pl-c1">(</span><span class="pl-en">tl2</span>@<span class="pl-c1">[</span><span class="pl-en">hd</span><span class="pl-c1">])</span></pre></div>
+<p>We can here apply the induction hypothesis thanks to termination on a lexicographical ordering of the arguments!</p>
+<div class="highlight highlight-source-fstar"><pre>   <span class="pl-c1">)</span>
+<span class="pl-c1">|</span> <span class="pl-en">hd1</span><span class="pl-c1">::</span><span class="pl-en">tl1</span><span class="pl-c1">,</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span>
+   <span class="pl-c1">(</span><span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+      <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">append_l_cons</span> <span class="pl-en">hd</span> <span class="pl-en">tl</span> <span class="pl-en">tl1</span><span class="pl-c1">;</span> <span class="pl-en">append_inv_tail</span> <span class="pl-en">tl</span> <span class="pl-c1">(</span><span class="pl-en">tl1</span>@<span class="pl-c1">[</span><span class="pl-en">hd</span><span class="pl-c1">])</span> <span class="pl-c1">[]</span></pre></div>
+<p>Idem</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">append_length_inv_head</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">left1</span> <span class="pl-en">right1</span> <span class="pl-en">left2</span> <span class="pl-en">right2</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">left1</span> <span class="pl-en">right1</span> <span class="pl-c1">==</span> <span class="pl-en">append</span> <span class="pl-en">left2</span> <span class="pl-en">right2</span> <span class="pl-c1">/\</span> <span class="pl-en">length</span> <span class="pl-en">left1</span> <span class="pl-c1">==</span> <span class="pl-en">length</span> <span class="pl-en">left2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">left1</span> <span class="pl-c1">==</span> <span class="pl-en">left2</span> <span class="pl-c1">/\</span> <span class="pl-en">right1</span> <span class="pl-c1">==</span> <span class="pl-en">right2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">left1</span><span class="pl-c1">)</span>
+<span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">left1</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">::</span> <span class="pl-en">left1'</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">append_length_inv_head</span> <span class="pl-en">left1'</span> <span class="pl-en">right1</span> <span class="pl-c1">(</span><span class="pl-en">tl</span> <span class="pl-en">left2</span><span class="pl-c1">)</span> <span class="pl-en">right2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">append_length_inv_tail</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">left1</span> <span class="pl-en">right1</span> <span class="pl-en">left2</span> <span class="pl-en">right2</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">left1</span> <span class="pl-en">right1</span> <span class="pl-c1">==</span> <span class="pl-en">append</span> <span class="pl-en">left2</span> <span class="pl-en">right2</span> <span class="pl-c1">/\</span> <span class="pl-en">length</span> <span class="pl-en">right1</span> <span class="pl-c1">==</span> <span class="pl-en">length</span> <span class="pl-en">right2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">left1</span> <span class="pl-c1">==</span> <span class="pl-en">left2</span> <span class="pl-c1">/\</span> <span class="pl-en">right1</span> <span class="pl-c1">==</span> <span class="pl-en">right2</span><span class="pl-c1">))</span>
+<span class="pl-c1">=</span> <span class="pl-en">append_length</span> <span class="pl-en">left1</span> <span class="pl-en">right1</span><span class="pl-c1">;</span>
+  <span class="pl-en">append_length</span> <span class="pl-en">left2</span> <span class="pl-en">right2</span><span class="pl-c1">;</span>
+  <span class="pl-en">append_length_inv_head</span> <span class="pl-en">left1</span> <span class="pl-en">right1</span> <span class="pl-en">left2</span> <span class="pl-en">right2</span></pre></div>
+<h4>
+<a id="user-content-lemma_append_last" class="anchor" href="#lemma_append_last" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lemma_append_last</h4>
+<p>The <code>last</code> element of a list remains the same, even after that list is
+<code>append</code>ed to another list.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">lemma_append_last</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">l2</span> &gt; <span class="pl-c1">0</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">last</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> @ <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">last</span> <span class="pl-en">l2</span><span class="pl-c1">))</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">l1</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">::</span> <span class="pl-en">l1'</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">lemma_append_last</span> <span class="pl-en">l1'</span> <span class="pl-en">l2</span></pre></div>
+<p>Properties mixing rev and append *</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">rev'</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">rev'</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">rev'</span> <span class="pl-en">tl</span><span class="pl-c1">)</span>@<span class="pl-c1">[</span><span class="pl-en">hd</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">rev'T</span> <span class="pl-c1">=</span> <span class="pl-en">rev'</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">rev_acc_rev'</span><span class="pl-c1">:</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">acc</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">True</span><span class="pl-c1">))</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">((</span><span class="pl-en">rev_acc</span> <span class="pl-en">l</span> <span class="pl-en">acc</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">((</span><span class="pl-en">rev'</span> <span class="pl-en">l</span><span class="pl-c1">)</span>@<span class="pl-en">acc</span><span class="pl-c1">)))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">rev_acc_rev'</span> <span class="pl-en">l</span> <span class="pl-en">acc</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+    <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">rev_acc_rev'</span> <span class="pl-en">tl</span> <span class="pl-c1">(</span><span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">acc</span><span class="pl-c1">);</span> <span class="pl-en">append_l_cons</span> <span class="pl-en">hd</span> <span class="pl-en">acc</span> <span class="pl-c1">(</span><span class="pl-en">rev'</span> <span class="pl-en">tl</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">rev_rev'</span><span class="pl-c1">:</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">((</span><span class="pl-en">rev</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-en">rev'</span> <span class="pl-en">l</span><span class="pl-c1">)))</span>
+<span class="pl-k">let</span> <span class="pl-en">rev_rev'</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-en">rev_acc_rev'</span> <span class="pl-en">l</span> <span class="pl-c1">[];</span> <span class="pl-en">append_l_nil</span> <span class="pl-c1">(</span><span class="pl-en">rev'</span> <span class="pl-en">l</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">rev'_append</span><span class="pl-c1">:</span> <span class="pl-en">l1</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l2</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">((</span><span class="pl-en">rev'</span> <span class="pl-c1">(</span><span class="pl-en">l1</span>@<span class="pl-en">l2</span><span class="pl-c1">))</span> <span class="pl-c1">==</span> <span class="pl-c1">((</span><span class="pl-en">rev'</span> <span class="pl-en">l2</span><span class="pl-c1">)</span>@<span class="pl-c1">(</span><span class="pl-en">rev'</span> <span class="pl-en">l1</span><span class="pl-c1">))))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">rev'_append</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l1</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">append_l_nil</span> <span class="pl-c1">(</span><span class="pl-en">rev'</span> <span class="pl-en">l2</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">rev'_append</span> <span class="pl-en">tl</span> <span class="pl-en">l2</span><span class="pl-c1">;</span> <span class="pl-en">append_assoc</span> <span class="pl-c1">(</span><span class="pl-en">rev'</span> <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">rev'</span> <span class="pl-en">tl</span><span class="pl-c1">)</span> <span class="pl-c1">[</span><span class="pl-en">hd</span><span class="pl-c1">]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">rev_append</span><span class="pl-c1">:</span> <span class="pl-en">l1</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l2</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">((</span><span class="pl-en">rev</span> <span class="pl-c1">(</span><span class="pl-en">l1</span>@<span class="pl-en">l2</span><span class="pl-c1">))</span> <span class="pl-c1">==</span> <span class="pl-c1">((</span><span class="pl-en">rev</span> <span class="pl-en">l2</span><span class="pl-c1">)</span>@<span class="pl-c1">(</span><span class="pl-en">rev</span> <span class="pl-en">l1</span><span class="pl-c1">))))</span>
+<span class="pl-k">let</span> <span class="pl-en">rev_append</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-c1">=</span> <span class="pl-en">rev_rev'</span> <span class="pl-en">l1</span><span class="pl-c1">;</span> <span class="pl-en">rev_rev'</span> <span class="pl-en">l2</span><span class="pl-c1">;</span> <span class="pl-en">rev_rev'</span> <span class="pl-c1">(</span><span class="pl-en">l1</span>@<span class="pl-en">l2</span><span class="pl-c1">);</span> <span class="pl-en">rev'_append</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">rev'_involutive</span> <span class="pl-c1">:</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">rev'</span> <span class="pl-c1">(</span><span class="pl-en">rev'</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">rev'_involutive</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">rev'_append</span> <span class="pl-c1">(</span><span class="pl-en">rev'</span> <span class="pl-en">tl</span><span class="pl-c1">)</span> <span class="pl-c1">[</span><span class="pl-en">hd</span><span class="pl-c1">];</span> <span class="pl-en">rev'_involutive</span> <span class="pl-en">tl</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">rev_involutive</span> <span class="pl-c1">:</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">rev</span> <span class="pl-c1">(</span><span class="pl-en">rev</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">rev_involutive</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-en">rev_rev'</span> <span class="pl-en">l</span><span class="pl-c1">;</span> <span class="pl-en">rev_rev'</span> <span class="pl-c1">(</span><span class="pl-en">rev'</span> <span class="pl-en">l</span><span class="pl-c1">);</span> <span class="pl-en">rev'_involutive</span> <span class="pl-en">l</span></pre></div>
+<p>Properties about snoc</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_snoc_length</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">lx</span><span class="pl-c1">:(</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> * <span class="pl-smi">'a</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">snoc</span> <span class="pl-en">lx</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">fst</span> <span class="pl-en">lx</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_snoc_length</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">,</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">append_length</span> <span class="pl-en">l</span> <span class="pl-c1">[</span><span class="pl-en">x</span><span class="pl-c1">]</span></pre></div>
+<p>Reverse induction principle *</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">rev'_list_ind</span><span class="pl-c1">:</span> <span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">((</span><span class="pl-en">p</span> <span class="pl-c1">[])</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">hd</span> <span class="pl-en">tl</span><span class="pl-c1">.</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-en">rev'</span> <span class="pl-en">tl</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-en">rev'</span> <span class="pl-c1">(</span><span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span><span class="pl-c1">)))))</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-en">rev'</span> <span class="pl-en">l</span><span class="pl-c1">)))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">rev'_list_ind</span> <span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">rev'_list_ind</span> <span class="pl-en">p</span> <span class="pl-en">tl</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">rev_ind</span><span class="pl-c1">:</span> <span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">((</span><span class="pl-en">p</span> <span class="pl-c1">[])</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">hd</span> <span class="pl-en">tl</span><span class="pl-c1">.</span> <span class="pl-en">p</span> <span class="pl-en">hd</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-en">hd</span>@<span class="pl-c1">[</span><span class="pl-en">tl</span><span class="pl-c1">]))))</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">rev_ind</span> <span class="pl-en">p</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-en">rev'_involutive</span> <span class="pl-en">l</span><span class="pl-c1">;</span> <span class="pl-en">rev'_list_ind</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-en">rev'</span> <span class="pl-en">l</span><span class="pl-c1">)</span></pre></div>
+<p>Properties about iterators *</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">map_lemma</span><span class="pl-c1">:</span> <span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span>
+             <span class="pl-c1">-&gt;</span> <span class="pl-en">l</span><span class="pl-c1">:(</span><span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span>
+             <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+                      <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-en">l</span><span class="pl-c1">))</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">)</span>
+                      <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-en">l</span><span class="pl-c1">)]</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">map_lemma</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+    <span class="pl-c1">|</span> <span class="pl-en">h</span><span class="pl-c1">::</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">map_lemma</span> <span class="pl-en">f</span> <span class="pl-en">t</span></pre></div>
+<p>Properties about unsnoc</p>
+<h4>
+<a id="user-content-lemma_unsnoc_snoc" class="anchor" href="#lemma_unsnoc_snoc" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lemma_unsnoc_snoc</h4>
+<p><code>unsnoc</code> is the inverse of <code>snoc</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_unsnoc_snoc</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">l</span> &gt; <span class="pl-c1">0</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">snoc</span> <span class="pl-c1">(</span><span class="pl-en">unsnoc</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">snoc</span> <span class="pl-c1">(</span><span class="pl-en">unsnoc</span> <span class="pl-en">l</span><span class="pl-c1">))]</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_unsnoc_snoc</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">l</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">l'</span><span class="pl-c1">,</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">unsnoc</span> <span class="pl-en">l</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">l2</span> <span class="pl-c1">=</span> <span class="pl-en">l'</span><span class="pl-c1">,</span> <span class="pl-c1">[</span><span class="pl-en">x</span><span class="pl-c1">]</span> <span class="pl-k">in</span>
+  <span class="pl-en">lemma_splitAt_snd_length</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">l</span><span class="pl-c1">;</span></pre></div>
+<p>assert ((l1, l2) == splitAt (length l - 1) l);</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">aux</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">l</span> &gt; <span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">l2</span> <span class="pl-c1">=</span> <span class="pl-en">splitAt</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">l</span> <span class="pl-k">in</span>
+         <span class="pl-en">append</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-c1">==</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-c1">1</span> <span class="pl-k">then</span> <span class="pl-c1">()</span> <span class="pl-k">else</span> <span class="pl-en">aux</span> <span class="pl-c1">(</span><span class="pl-en">tl</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+<span class="pl-en">aux</span> <span class="pl-en">l</span></pre></div>
+<h4>
+<a id="user-content-lemma_snoc_unsnoc" class="anchor" href="#lemma_snoc_unsnoc" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lemma_snoc_unsnoc</h4>
+<p><code>snoc</code> is the inverse of <code>unsnoc</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_snoc_unsnoc</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">lx</span><span class="pl-c1">:(</span><span class="pl-en">list</span> <span class="pl-en">a</span> * <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">unsnoc</span> <span class="pl-c1">(</span><span class="pl-en">snoc</span> <span class="pl-en">lx</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">lx</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">fst</span> <span class="pl-c1">(</span><span class="pl-en">lx</span><span class="pl-c1">))))</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">unsnoc</span> <span class="pl-c1">(</span><span class="pl-en">snoc</span> <span class="pl-en">lx</span><span class="pl-c1">))]</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">lemma_snoc_unsnoc</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">lx</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">l</span><span class="pl-c1">,</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">lx</span> <span class="pl-k">in</span>
+  <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">lemma_snoc_unsnoc</span> <span class="pl-c1">(</span><span class="pl-en">tl</span> <span class="pl-en">l</span><span class="pl-c1">,</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-lemma_unsnoc_length" class="anchor" href="#lemma_unsnoc_length" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lemma_unsnoc_length</h4>
+<p>Doing an <code>unsnoc</code> gives us a list that is shorter in length by 1</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_unsnoc_length</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">l</span> &gt; <span class="pl-c1">0</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">fst</span> <span class="pl-c1">(</span><span class="pl-en">unsnoc</span> <span class="pl-en">l</span><span class="pl-c1">))</span> <span class="pl-c1">==</span> <span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_unsnoc_length</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">l</span> <span class="pl-c1">=</span>
+  <span class="pl-en">lemma_snoc_length</span> <span class="pl-c1">(</span><span class="pl-en">unsnoc</span> <span class="pl-en">l</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-lemma_unsnoc_append" class="anchor" href="#lemma_unsnoc_append" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lemma_unsnoc_append</h4>
+<p><code>unsnoc</code> followed by <code>append</code> can be connected to the same vice-versa.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">lemma_unsnoc_append</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">l2</span> &gt; <span class="pl-c1">0</span><span class="pl-c1">))</span> <span class="pl-c">// the [length l2 = 0] is trivial</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span>
+        <span class="pl-k">let</span> <span class="pl-en">as</span><span class="pl-c1">,</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">unsnoc</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> @ <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+        <span class="pl-k">let</span> <span class="pl-en">bs</span><span class="pl-c1">,</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">unsnoc</span> <span class="pl-en">l2</span> <span class="pl-k">in</span>
+        <span class="pl-en">as</span> <span class="pl-c1">==</span> <span class="pl-en">l1</span> @ <span class="pl-en">bs</span> <span class="pl-c1">/\</span> <span class="pl-en">a</span> <span class="pl-c1">==</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">l1</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">::</span> <span class="pl-en">l1'</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">lemma_unsnoc_append</span> <span class="pl-en">l1'</span> <span class="pl-en">l2</span></pre></div>
+<h4>
+<a id="user-content-lemma_unsnoc_is_last" class="anchor" href="#lemma_unsnoc_is_last" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lemma_unsnoc_is_last</h4>
+<p><code>unsnoc</code> gives you <code>last</code> element, which is <code>index</code>ed at <code>length l - 1</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">lemma_unsnoc_is_last</span> <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">l</span> &gt; <span class="pl-c1">0</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">snd</span> <span class="pl-c1">(</span><span class="pl-en">unsnoc</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">last</span> <span class="pl-en">l</span> <span class="pl-c1">/\</span> <span class="pl-en">snd</span> <span class="pl-c1">(</span><span class="pl-en">unsnoc</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">index</span> <span class="pl-en">l</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)))</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[</span><span class="pl-c1">_</span><span class="pl-c1">]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">lemma_unsnoc_is_last</span> <span class="pl-c1">(</span><span class="pl-en">tl</span> <span class="pl-en">l</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-lemma_unsnoc_index" class="anchor" href="#lemma_unsnoc_index" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lemma_unsnoc_index</h4>
+<p><code>index</code>ing on the left part of an <code>unsnoc</code>d list is the same as indexing
+the original list.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">lemma_unsnoc_index</span> <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat)</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">l</span> &gt; <span class="pl-c1">0</span> <span class="pl-c1">/\</span> <span class="pl-en">i</span> &lt; <span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span>
+        <span class="pl-en">i</span> &lt; <span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">fst</span> <span class="pl-c1">(</span><span class="pl-en">unsnoc</span> <span class="pl-en">l</span><span class="pl-c1">))</span> <span class="pl-c1">/\</span>
+        <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">fst</span> <span class="pl-c1">(</span><span class="pl-en">unsnoc</span> <span class="pl-en">l</span><span class="pl-c1">))</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-en">index</span> <span class="pl-en">l</span> <span class="pl-en">i</span><span class="pl-c1">))</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">i</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">lemma_unsnoc_index</span> <span class="pl-c1">(</span><span class="pl-en">tl</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span></pre></div>
+<p>Definition and properties about <a href="#split_using"><code>split_using</code></a></p>
+<h4>
+<a id="user-content-split_using" class="anchor" href="#split_using" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>split_using</h4>
+<p><a href="#split_using"><code>split_using</code></a> splits a list at the first instance of finding an
+element in it.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">split_using</span> <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">memP</span><span class="pl-c1">`</span> <span class="pl-en">l</span><span class="pl-c1">})</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-en">t</span> * <span class="pl-en">list</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[</span><span class="pl-c1">_</span><span class="pl-c1">]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[],</span> <span class="pl-en">l</span>
+  <span class="pl-c1">|</span> <span class="pl-en">a</span> <span class="pl-c1">::</span> <span class="pl-en">as</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">if</span> <span class="pl-smi">FStar.StrongExcludedMiddle.</span><span class="pl-en">strong_excluded_middle</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-k">then</span> <span class="pl-c1">(</span>
+      <span class="pl-c1">[],</span> <span class="pl-en">l</span>
+    <span class="pl-c1">)</span> <span class="pl-k">else</span> <span class="pl-c1">(</span>
+      <span class="pl-k">let</span> <span class="pl-en">l1'</span><span class="pl-c1">,</span> <span class="pl-en">l2'</span> <span class="pl-c1">=</span> <span class="pl-en">split_using</span> <span class="pl-en">as</span> <span class="pl-en">x</span> <span class="pl-k">in</span>
+      <span class="pl-en">a</span> <span class="pl-c1">::</span> <span class="pl-en">l1'</span><span class="pl-c1">,</span> <span class="pl-en">l2'</span>
+    <span class="pl-c1">)</span></pre></div>
+<p>NOTE: Uses <code>strong_excluded_middle</code> axiom.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">lemma_split_using</span> <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">memP</span><span class="pl-c1">`</span> <span class="pl-en">l</span><span class="pl-c1">})</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span>
+        <span class="pl-k">let</span> <span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">l2</span> <span class="pl-c1">=</span> <span class="pl-en">split_using</span> <span class="pl-en">l</span> <span class="pl-en">x</span> <span class="pl-k">in</span>
+         <span class="pl-en">length</span> <span class="pl-en">l2</span> &gt; <span class="pl-c1">0</span> <span class="pl-c1">/\</span>
+        <span class="pl-c1">~(</span><span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">memP</span><span class="pl-c1">`</span> <span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+         <span class="pl-en">hd</span> <span class="pl-en">l2</span> <span class="pl-c1">==</span> <span class="pl-en">x</span> <span class="pl-c1">/\</span>
+        <span class="pl-en">append</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-c1">==</span> <span class="pl-en">l</span><span class="pl-c1">))</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[</span><span class="pl-c1">_</span><span class="pl-c1">]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">a</span> <span class="pl-c1">::</span> <span class="pl-en">as</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">let</span> <span class="pl-en">goal</span> <span class="pl-c1">=</span>
+      <span class="pl-k">let</span> <span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">l2</span> <span class="pl-c1">=</span> <span class="pl-en">split_using</span> <span class="pl-en">l</span> <span class="pl-en">x</span> <span class="pl-k">in</span>
+        <span class="pl-en">length</span> <span class="pl-en">l2</span> &gt; <span class="pl-c1">0</span> <span class="pl-c1">/\</span>
+        <span class="pl-c1">~(</span><span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">memP</span><span class="pl-c1">`</span> <span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+         <span class="pl-en">hd</span> <span class="pl-en">l2</span> <span class="pl-c1">==</span> <span class="pl-en">x</span> <span class="pl-c1">/\</span>
+        <span class="pl-en">append</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-c1">==</span> <span class="pl-en">l</span>
+    <span class="pl-k">in</span>
+    <span class="pl-smi">FStar.Classical.</span><span class="pl-en">or_elim</span>
+      <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-c1">_</span>
+      <span class="pl-c1">#(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">goal</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-c1">_</span><span class="pl-c1">:</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">())</span>
+      <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-c1">_</span><span class="pl-c1">:</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">memP</span><span class="pl-c1">`</span> <span class="pl-en">as</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">lemma_split_using</span> <span class="pl-en">as</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<p>Definition of <a href="#index_of"><code>index_of</code></a></p>
+<h4>
+<a id="user-content-index_of" class="anchor" href="#index_of" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>index_of</h4>
+<p><code>index_of l x</code> gives the index of the leftmost <code>x</code> in <code>l</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">index_of</span> <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">memP</span><span class="pl-c1">`</span> <span class="pl-en">l</span><span class="pl-c1">})</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">/\</span> <span class="pl-en">index</span> <span class="pl-en">l</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">})</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[</span><span class="pl-c1">_</span><span class="pl-c1">]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">0</span>
+  <span class="pl-c1">|</span> <span class="pl-en">a</span> <span class="pl-c1">::</span> <span class="pl-en">as</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">if</span> <span class="pl-smi">FStar.StrongExcludedMiddle.</span><span class="pl-en">strong_excluded_middle</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-k">then</span> <span class="pl-c1">(</span>
+      <span class="pl-c1">0</span>
+    <span class="pl-c1">)</span> <span class="pl-k">else</span> <span class="pl-c1">(</span>
+      <span class="pl-c1">1</span> <span class="pl-c1">+</span> <span class="pl-en">index_of</span> <span class="pl-en">as</span> <span class="pl-en">x</span>
+    <span class="pl-c1">)</span></pre></div>
+<p>NOTE: Uses <code>strong_excluded_middle</code> axiom.</p>
+<p>Properties about partition *</p>
+<h4>
+<a id="user-content-partition_mem" class="anchor" href="#partition_mem" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>partition_mem</h4>
+<p>If <code>partition f l = (l1, l2)</code>, then for any <code>x</code>, <code>x</code> is in <code>l</code> if
+and only if <code>x</code> is in either one of <code>l1</code> or <code>l2</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">partition_mem</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool)</span>
+                  <span class="pl-c1">-&gt;</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span>
+                  <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span>
+                  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+                          <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">l2</span> <span class="pl-c1">=</span> <span class="pl-en">partition</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-k">in</span>
+                        <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">l1</span> <span class="pl-c1">||</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">l2</span><span class="pl-c1">)))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">partition_mem</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">partition_mem</span> <span class="pl-en">f</span> <span class="pl-en">tl</span> <span class="pl-en">x</span></pre></div>
+<h4>
+<a id="user-content-partition_mem_forall" class="anchor" href="#partition_mem_forall" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>partition_mem_forall</h4>
+<p>Same as <a href="#partition_mem"><code>partition_mem</code></a>, but using <code>forall</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">partition_mem_forall</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool)</span>
+                  <span class="pl-c1">-&gt;</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span>
+                  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+                          <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">l2</span> <span class="pl-c1">=</span> <span class="pl-en">partition</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-k">in</span>
+                                    <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">l1</span> <span class="pl-c1">||</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">l2</span><span class="pl-c1">))))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">partition_mem_forall</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">partition_mem_forall</span> <span class="pl-en">f</span> <span class="pl-en">tl</span></pre></div>
+<h4>
+<a id="user-content-partition_mem_p_forall" class="anchor" href="#partition_mem_p_forall" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>partition_mem_p_forall</h4>
+<p>If <code>partition f l = (l1, l2)</code>, then for any <code>x</code>, if <code>x</code> is in <code>l1</code>
+(resp. <code>l2</code>), then <code>f x</code> holds (resp. does not hold)</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">partition_mem_p_forall</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool)</span>
+                  <span class="pl-c1">-&gt;</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span>
+                  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+                          <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">l2</span> <span class="pl-c1">=</span> <span class="pl-en">partition</span> <span class="pl-en">p</span> <span class="pl-en">l</span> <span class="pl-k">in</span>
+                                    <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">l1</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">l2</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">))))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">partition_mem_p_forall</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">p</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">partition_mem_p_forall</span> <span class="pl-en">p</span> <span class="pl-en">tl</span></pre></div>
+<h4>
+<a id="user-content-partition_count" class="anchor" href="#partition_count" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>partition_count</h4>
+<p>If <code>partition f l = (l1, l2)</code>, then the number of occurrences of
+any <code>x</code> in <code>l</code> is the same as the sum of the number of occurrences in
+<code>l1</code> and <code>l2</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">partition_count</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool)</span>
+                  <span class="pl-c1">-&gt;</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span>
+                  <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span>
+                  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+                           <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">count</span> <span class="pl-en">x</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">count</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">fst</span> <span class="pl-c1">(</span><span class="pl-en">partition</span> <span class="pl-en">f</span> <span class="pl-en">l</span><span class="pl-c1">))</span> <span class="pl-c1">+</span> <span class="pl-en">count</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">snd</span> <span class="pl-c1">(</span><span class="pl-en">partition</span> <span class="pl-en">f</span> <span class="pl-en">l</span><span class="pl-c1">)))))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">partition_count</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">partition_count</span> <span class="pl-en">f</span> <span class="pl-en">tl</span> <span class="pl-en">x</span></pre></div>
+<h4>
+<a id="user-content-partition_count_forall" class="anchor" href="#partition_count_forall" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>partition_count_forall</h4>
+<p>Same as <a href="#partition_count"><code>partition_count</code></a>, but using <code>forall</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">partition_count_forall</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool)</span>
+                  <span class="pl-c1">-&gt;</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span>
+                  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+                           <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">count</span> <span class="pl-en">x</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">count</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">fst</span> <span class="pl-c1">(</span><span class="pl-en">partition</span> <span class="pl-en">f</span> <span class="pl-en">l</span><span class="pl-c1">))</span> <span class="pl-c1">+</span> <span class="pl-en">count</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">snd</span> <span class="pl-c1">(</span><span class="pl-en">partition</span> <span class="pl-en">f</span> <span class="pl-en">l</span><span class="pl-c1">)))))</span></pre></div>
+<p><code>SMTPat (partitionT f l)</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">partition_count_forall</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">l</span><span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">partition_count_forall</span> <span class="pl-en">f</span> <span class="pl-en">tl</span></pre></div>
+<p>Correctness of quicksort *</p>
+<h4>
+<a id="user-content-sortwith_permutation" class="anchor" href="#sortwith_permutation" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>sortWith_permutation</h4>
+<p>Correctness of <code>sortWith</code>, part 1/2: the number of occurrences of
+any <code>x</code> in <code>sortWith f l</code> is the same as the number of occurrences in
+<code>l</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sortWith_permutation</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">count</span> <span class="pl-en">x</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-en">count</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">sortWith</span> <span class="pl-en">f</span> <span class="pl-en">l</span><span class="pl-c1">)))</span>
+        <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">sortWith_permutation</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+    <span class="pl-c1">|</span> <span class="pl-en">pivot</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span>
+       <span class="pl-k">let</span> <span class="pl-en">hi</span><span class="pl-c1">,</span> <span class="pl-en">lo</span>  <span class="pl-c1">=</span> <span class="pl-en">partition</span> <span class="pl-c1">(</span><span class="pl-en">bool_of_compare</span> <span class="pl-en">f</span> <span class="pl-en">pivot</span><span class="pl-c1">)</span> <span class="pl-en">tl</span> <span class="pl-k">in</span>
+       <span class="pl-en">partition_length</span> <span class="pl-c1">(</span><span class="pl-en">bool_of_compare</span> <span class="pl-en">f</span> <span class="pl-en">pivot</span><span class="pl-c1">)</span> <span class="pl-en">tl</span><span class="pl-c1">;</span>
+       <span class="pl-en">partition_count_forall</span> <span class="pl-c1">(</span><span class="pl-en">bool_of_compare</span> <span class="pl-en">f</span> <span class="pl-en">pivot</span><span class="pl-c1">)</span> <span class="pl-en">tl</span><span class="pl-c1">;</span>
+       <span class="pl-en">sortWith_permutation</span> <span class="pl-en">f</span> <span class="pl-en">lo</span><span class="pl-c1">;</span>
+       <span class="pl-en">sortWith_permutation</span> <span class="pl-en">f</span> <span class="pl-en">hi</span><span class="pl-c1">;</span>
+       <span class="pl-en">append_count_forall</span> <span class="pl-c1">(</span><span class="pl-en">sortWith</span> <span class="pl-en">f</span> <span class="pl-en">lo</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">pivot</span><span class="pl-c1">::</span><span class="pl-en">sortWith</span> <span class="pl-en">f</span> <span class="pl-en">hi</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-sorted" class="anchor" href="#sorted" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>sorted</h4>
+<p><code>sorted f l</code> holds if, and only if, any two consecutive elements
+<code>x</code>, <code>y</code> of <code>l</code> are such that <code>f x y</code> holds</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sorted</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">sorted</span> <span class="pl-en">f</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[</span><span class="pl-c1">_</span><span class="pl-c1">]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">true</span>
+  <span class="pl-c1">|</span> <span class="pl-en">x</span><span class="pl-c1">::</span><span class="pl-en">y</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">sorted</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">::</span><span class="pl-en">tl</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-total_order" class="anchor" href="#total_order" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>total_order</h4>
+<p><code>f</code> is a total order if, and only if, it is reflexive,
+anti-symmetric, transitive and total.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">total_order</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool))</span> <span class="pl-c1">=</span>
+    <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">a</span><span class="pl-c1">.</span> <span class="pl-en">f</span> <span class="pl-en">a</span> <span class="pl-en">a</span><span class="pl-c1">)</span>                                           <span class="pl-c"><span class="pl-c">(*</span> reflexivity   <span class="pl-c">*)</span></span>
+    <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">a1</span> <span class="pl-en">a2</span><span class="pl-c1">.</span> <span class="pl-en">f</span> <span class="pl-en">a1</span> <span class="pl-en">a2</span> <span class="pl-c1">/\</span> <span class="pl-en">f</span> <span class="pl-en">a2</span> <span class="pl-en">a1</span>  <span class="pl-c1">==&gt;</span> <span class="pl-en">a1</span> <span class="pl-c1">==</span> <span class="pl-en">a2</span><span class="pl-c1">)</span>          <span class="pl-c"><span class="pl-c">(*</span> anti-symmetry <span class="pl-c">*)</span></span>
+    <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">a1</span> <span class="pl-en">a2</span> <span class="pl-en">a3</span><span class="pl-c1">.</span> <span class="pl-en">f</span> <span class="pl-en">a1</span> <span class="pl-en">a2</span> <span class="pl-c1">/\</span> <span class="pl-en">f</span> <span class="pl-en">a2</span> <span class="pl-en">a3</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">f</span> <span class="pl-en">a1</span> <span class="pl-en">a3</span><span class="pl-c1">)</span>        <span class="pl-c"><span class="pl-c">(*</span> transitivity  <span class="pl-c">*)</span></span>
+    <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">a1</span> <span class="pl-en">a2</span><span class="pl-c1">.</span> <span class="pl-en">f</span> <span class="pl-en">a1</span> <span class="pl-en">a2</span> <span class="pl-c1">\/</span> <span class="pl-en">f</span> <span class="pl-en">a2</span> <span class="pl-en">a1</span><span class="pl-c1">)</span>                       <span class="pl-c"><span class="pl-c">(*</span> totality <span class="pl-c">*)</span></span></pre></div>
+<h4>
+<a id="user-content-append_sorted" class="anchor" href="#append_sorted" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>append_sorted</h4>
 <p>Correctness of the merging of two sorted lists around a pivot.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> sortWith_sorted:Unidentified product: [#a:eqtype] Unidentified product: [f:(Unidentified product: [a] Unidentified product: [a] (Tot <span class="dt">int</span>))] Unidentified product: [l:list a] (Lemma ((requires (total_order #a (bool_of_compare f)))) ((ensures (/\((sorted (bool_of_compare f) (sortWith f l)), (forall x.{:pattern } =(mem x l, mem x (sortWith f l))))))) (decreases (length l)))</code></pre></div>
-<p>Correctness of [sortWith], part 2/2: the elements of [sortWith f l] are sorted according to comparison function [f], and the elements of [sortWith f l] are the elements of [l].</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((mem_memP (#a:eqtype) (x:a) (l:list a)):(Lemma ((ensures (&lt;==&gt;(mem x l, memP x l)))))):<span class="kw">match</span> l <span class="kw">with</span> []  -&gt; () | (Prims<span class="kw">.</span>Cons a q)  -&gt; mem_memP x q</code></pre></div>
-<p>Correctness of [mem] for types with decidable equality. TODO: replace [mem] with [memP] in relevant lemmas and define the right SMTPat to automatically recover lemmas about [mem] for types with decidable equality</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((lemma_index_memP (#t:Type) (l:list t) (i:i:nat:{&lt;(i, length l)})):(Lemma ((ensures (memP index l i l))) (Prims<span class="kw">.</span>Cons (SMTPat (memP index l i l)) (Prims<span class="kw">.</span>Nil )))):<span class="kw">match</span> i <span class="kw">with</span> <span class="dv">0</span>  -&gt; () | _  -&gt; lemma_index_memP (tl l) (-(i, <span class="dv">1</span>))</code></pre></div>
-<p>If an element can be [index]ed, then it is a [memP] of the list.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> memP_empty:Unidentified product: [#a:Type] Unidentified product: [x:a] (Lemma ((requires (memP x (Prims<span class="kw">.</span>Nil )))) ((ensures False)))</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">append_sorted</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span>
+               <span class="pl-c1">-&gt;</span>  <span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool)</span>
+               <span class="pl-c1">-&gt;</span>  <span class="pl-en">l1</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">sorted</span> <span class="pl-en">f</span> <span class="pl-en">l1</span><span class="pl-c1">}</span>
+               <span class="pl-c1">-&gt;</span>  <span class="pl-en">l2</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">sorted</span> <span class="pl-en">f</span> <span class="pl-en">l2</span><span class="pl-c1">}</span>
+               <span class="pl-c1">-&gt;</span>  <span class="pl-en">pivot</span><span class="pl-c1">:</span><span class="pl-en">a</span>
+               <span class="pl-c1">-&gt;</span>  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">total_order</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span>
+                                    <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">y</span><span class="pl-c1">.</span> <span class="pl-en">mem</span> <span class="pl-en">y</span> <span class="pl-en">l1</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">not</span><span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">pivot</span> <span class="pl-en">y</span><span class="pl-c1">))</span>
+                                    <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">y</span><span class="pl-c1">.</span> <span class="pl-en">mem</span> <span class="pl-en">y</span> <span class="pl-en">l2</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">f</span> <span class="pl-en">pivot</span> <span class="pl-en">y</span><span class="pl-c1">)))</span>
+                        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">sorted</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">l1</span>@<span class="pl-c1">(</span><span class="pl-en">pivot</span><span class="pl-c1">::</span><span class="pl-en">l2</span><span class="pl-c1">))))</span>
+                        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">sorted</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">l1</span>@<span class="pl-c1">(</span><span class="pl-en">pivot</span><span class="pl-c1">::</span><span class="pl-en">l2</span><span class="pl-c1">)))]</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">append_sorted</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-en">pivot</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l1</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">append_sorted</span> <span class="pl-en">f</span> <span class="pl-en">tl</span> <span class="pl-en">l2</span> <span class="pl-en">pivot</span></pre></div>
+<h4>
+<a id="user-content-sortwith_sorted" class="anchor" href="#sortwith_sorted" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>sortWith_sorted</h4>
+<p>Correctness of <code>sortWith</code>, part 2/2: the elements of <code>sortWith f l</code> are sorted according to comparison function <code>f</code>, and the elements
+of <code>sortWith f l</code> are the elements of <code>l</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sortWith_sorted</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">total_order</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">bool_of_compare</span> <span class="pl-en">f</span><span class="pl-c1">)))</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">((</span><span class="pl-en">sorted</span> <span class="pl-c1">(</span><span class="pl-en">bool_of_compare</span> <span class="pl-en">f</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">sortWith</span> <span class="pl-en">f</span> <span class="pl-en">l</span><span class="pl-c1">))</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">sortWith</span> <span class="pl-en">f</span> <span class="pl-en">l</span><span class="pl-c1">))))</span>
+        <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">sortWith_sorted</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+    <span class="pl-c1">|</span> <span class="pl-en">pivot</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span>
+       <span class="pl-k">let</span> <span class="pl-en">hi</span><span class="pl-c1">,</span> <span class="pl-en">lo</span>  <span class="pl-c1">=</span> <span class="pl-en">partition</span> <span class="pl-c1">(</span><span class="pl-en">bool_of_compare</span> <span class="pl-en">f</span> <span class="pl-en">pivot</span><span class="pl-c1">)</span> <span class="pl-en">tl</span> <span class="pl-k">in</span>
+       <span class="pl-en">partition_length</span> <span class="pl-c1">(</span><span class="pl-en">bool_of_compare</span> <span class="pl-en">f</span> <span class="pl-en">pivot</span><span class="pl-c1">)</span> <span class="pl-en">tl</span><span class="pl-c1">;</span>
+       <span class="pl-en">partition_mem_forall</span> <span class="pl-c1">(</span><span class="pl-en">bool_of_compare</span> <span class="pl-en">f</span> <span class="pl-en">pivot</span><span class="pl-c1">)</span> <span class="pl-en">tl</span><span class="pl-c1">;</span>
+       <span class="pl-en">partition_mem_p_forall</span> <span class="pl-c1">(</span><span class="pl-en">bool_of_compare</span> <span class="pl-en">f</span> <span class="pl-en">pivot</span><span class="pl-c1">)</span> <span class="pl-en">tl</span><span class="pl-c1">;</span>
+       <span class="pl-en">sortWith_sorted</span> <span class="pl-en">f</span> <span class="pl-en">lo</span><span class="pl-c1">;</span>
+       <span class="pl-en">sortWith_sorted</span> <span class="pl-en">f</span> <span class="pl-en">hi</span><span class="pl-c1">;</span>
+       <span class="pl-en">append_mem_forall</span> <span class="pl-c1">(</span><span class="pl-en">sortWith</span> <span class="pl-en">f</span> <span class="pl-en">lo</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">pivot</span><span class="pl-c1">::</span><span class="pl-en">sortWith</span> <span class="pl-en">f</span> <span class="pl-en">hi</span><span class="pl-c1">);</span>
+       <span class="pl-en">append_sorted</span> <span class="pl-c1">(</span><span class="pl-en">bool_of_compare</span> <span class="pl-en">f</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">sortWith</span> <span class="pl-en">f</span> <span class="pl-en">lo</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">sortWith</span> <span class="pl-en">f</span> <span class="pl-en">hi</span><span class="pl-c1">)</span> <span class="pl-en">pivot</span></pre></div>
+<h4>
+<a id="user-content-mem_memp" class="anchor" href="#mem_memp" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>mem_memP</h4>
+<p>Correctness of <code>mem</code> for types with decidable equality. TODO:
+replace <code>mem</code> with <code>memP</code> in relevant lemmas and define the right
+SMTPat to automatically recover lemmas about <code>mem</code> for types with
+decidable equality</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">mem_memP</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">l</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">memP</span> <span class="pl-en">x</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">l</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">memP</span> <span class="pl-en">x</span> <span class="pl-en">l</span><span class="pl-c1">)]</span>
+<span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">a</span> <span class="pl-c1">::</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mem_memP</span> <span class="pl-en">x</span> <span class="pl-en">q</span></pre></div>
+<h4>
+<a id="user-content-lemma_index_memp" class="anchor" href="#lemma_index_memp" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lemma_index_memP</h4>
+<p>If an element can be <code>index</code>ed, then it is a <code>memP</code> of the list.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">lemma_index_memP</span> <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">})</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">l</span> <span class="pl-en">i</span> <span class="pl-c1">`</span><span class="pl-en">memP</span><span class="pl-c1">`</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">l</span> <span class="pl-en">i</span> <span class="pl-c1">`</span><span class="pl-en">memP</span><span class="pl-c1">`</span> <span class="pl-en">l</span><span class="pl-c1">)]</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">i</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">lemma_index_memP</span> <span class="pl-c1">(</span><span class="pl-en">tl</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-memp_empty" class="anchor" href="#memp_empty" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>memP_empty</h4>
 <p>The empty list has no elements.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> memP_existsb:Unidentified product: [#a:Type] Unidentified product: [f:(Unidentified product: [a] (Tot <span class="dt">bool</span>))] Unidentified product: [xs:list a] (Lemma ((ensures (&lt;==&gt;(existsb f xs, (exists x:a.{:pattern } (/\(=(f x, <span class="kw">true</span>), memP x xs))))))))</code></pre></div>
-<p>Full specification for [existsb]: [existsb f xs] holds if, and only if, there exists an element [x] of [xs] such that [f x] holds.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((noRepeats_nil (#a:eqtype)):(Lemma ((ensures (noRepeats #a (Prims<span class="kw">.</span>Nil )))))):()</code></pre></div>
-<p>Properties of [noRepeats]</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> Properties <span class="kw">of</span> [assoc] </code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> Properties <span class="kw">of</span> [fold_left] </code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> Properties <span class="kw">of</span> [strict_prefix_of] </code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> Properties <span class="kw">of</span> <span class="st">&lt;&lt; with lists </span></code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> Properties about find </code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> Properties <span class="kw">of</span> init <span class="kw">and</span> last </code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">memP_empty</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">memP</span> <span class="pl-en">x</span> <span class="pl-c1">[]))</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">False</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">memP_empty</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<h4>
+<a id="user-content-memp_existsb" class="anchor" href="#memp_existsb" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>memP_existsb</h4>
+<p>Full specification for <code>existsb</code>: <code>existsb f xs</code> holds if, and
+only if, there exists an element <code>x</code> of <code>xs</code> such that <code>f x</code> holds.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">memP_existsb</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">xs</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span><span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">existsb</span> <span class="pl-en">f</span> <span class="pl-en">xs</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">true</span> <span class="pl-c1">/\</span> <span class="pl-en">memP</span> <span class="pl-en">x</span> <span class="pl-en">xs</span><span class="pl-c1">))))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">memP_existsb</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">xs</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">xs</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">memP_existsb</span> <span class="pl-en">f</span> <span class="pl-en">tl</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">memP_map_intro</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">memP</span> <span class="pl-en">x</span> <span class="pl-en">l</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">memP</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-en">l</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">l</span><span class="pl-c1">)</span>
+<span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">::</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">memP_map_intro</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">q</span> <span class="pl-c"><span class="pl-c">(*</span> NOTE: would fail if [requires memP x l] instead of [ ==&gt; ] <span class="pl-c">*)</span></span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">memP_map_elim</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">memP</span> <span class="pl-en">y</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">.</span> <span class="pl-en">memP</span> <span class="pl-en">x</span> <span class="pl-en">l</span> <span class="pl-c1">/\</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">y</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">l</span><span class="pl-c1">)</span>
+<span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">::</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">memP_map_elim</span> <span class="pl-en">f</span> <span class="pl-en">y</span> <span class="pl-en">q</span></pre></div>
+<h4>
+<a id="user-content-norepeats_nil" class="anchor" href="#norepeats_nil" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>noRepeats_nil</h4>
+<p>Properties of <code>noRepeats</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">noRepeats_nil</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">noRepeats</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">[]))</span>
+<span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">noRepeats_cons</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">tl</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">((~</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">h</span> <span class="pl-en">tl</span><span class="pl-c1">))</span> <span class="pl-c1">/\</span> <span class="pl-en">noRepeats</span> <span class="pl-en">tl</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">noRepeats</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">::</span><span class="pl-en">tl</span><span class="pl-c1">)))</span>
+<span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">noRepeats_append_elim</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">noRepeats</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> @ <span class="pl-en">l2</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">noRepeats</span> <span class="pl-en">l1</span> <span class="pl-c1">/\</span> <span class="pl-en">noRepeats</span> <span class="pl-en">l2</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span> <span class="pl-c1">.</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">l1</span> <span class="pl-c1">==&gt;</span> <span class="pl-c1">~</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">l2</span><span class="pl-c1">))))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">l1</span><span class="pl-c1">)</span>
+<span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l1</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">x</span> <span class="pl-c1">::</span> <span class="pl-en">q1</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">append_mem</span> <span class="pl-en">q1</span> <span class="pl-en">l2</span> <span class="pl-en">x</span><span class="pl-c1">;</span>
+    <span class="pl-en">noRepeats_append_elim</span> <span class="pl-en">q1</span> <span class="pl-en">l2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">noRepeats_append_intro</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">noRepeats</span> <span class="pl-en">l1</span> <span class="pl-c1">/\</span> <span class="pl-en">noRepeats</span> <span class="pl-en">l2</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span> <span class="pl-c1">.</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">l1</span> <span class="pl-c1">==&gt;</span> <span class="pl-c1">~</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">l2</span><span class="pl-c1">))))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">noRepeats</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> @ <span class="pl-en">l2</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">l1</span><span class="pl-c1">)</span>
+<span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l1</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">x</span> <span class="pl-c1">::</span> <span class="pl-en">q1</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">append_mem</span> <span class="pl-en">q1</span> <span class="pl-en">l2</span> <span class="pl-en">x</span><span class="pl-c1">;</span>
+    <span class="pl-en">noRepeats_append_intro</span> <span class="pl-en">q1</span> <span class="pl-en">l2</span></pre></div>
+<p>Properties of <code>assoc</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">assoc_nil</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">assoc</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-en">x</span> <span class="pl-c1">[]</span> <span class="pl-c1">==</span> <span class="pl-c1">None</span><span class="pl-c1">))</span>
+<span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">assoc_cons_eq</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">q</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">))</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">assoc</span> <span class="pl-en">x</span> <span class="pl-c1">((</span><span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">::</span> <span class="pl-en">q</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">Some</span> <span class="pl-en">y</span><span class="pl-c1">))</span>
+<span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">assoc_cons_not_eq</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-en">x'</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">q</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">))</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">x</span> &lt;&gt; <span class="pl-en">x'</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">assoc</span> <span class="pl-en">x'</span> <span class="pl-c1">((</span><span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">::</span> <span class="pl-en">q</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">assoc</span> <span class="pl-en">x'</span> <span class="pl-en">q</span><span class="pl-c1">))</span>
+<span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">assoc_append_elim_r</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">))</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">assoc</span> <span class="pl-en">x</span> <span class="pl-en">l2</span> <span class="pl-c1">==</span> <span class="pl-c1">None</span> <span class="pl-c1">\/</span> <span class="pl-c1">~</span> <span class="pl-c1">(</span><span class="pl-en">assoc</span> <span class="pl-en">x</span> <span class="pl-en">l1</span> <span class="pl-c1">==</span> <span class="pl-c1">None</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">assoc</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> @ <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">assoc</span> <span class="pl-en">x</span> <span class="pl-en">l1</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">l1</span><span class="pl-c1">)</span>
+<span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l1</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">(</span><span class="pl-en">x'</span><span class="pl-c1">,</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">::</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">if</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">x'</span> <span class="pl-k">then</span> <span class="pl-c1">()</span> <span class="pl-k">else</span> <span class="pl-en">assoc_append_elim_r</span> <span class="pl-en">x</span> <span class="pl-en">q</span> <span class="pl-en">l2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">assoc_append_elim_l</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">))</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">assoc</span> <span class="pl-en">x</span> <span class="pl-en">l1</span> <span class="pl-c1">==</span> <span class="pl-c1">None</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">assoc</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> @ <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">assoc</span> <span class="pl-en">x</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">l1</span><span class="pl-c1">)</span>
+<span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l1</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">(</span><span class="pl-en">x'</span><span class="pl-c1">,</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">::</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">if</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">x'</span> <span class="pl-k">then</span> <span class="pl-k">assert</span> <span class="pl-c1">False</span> <span class="pl-k">else</span> <span class="pl-en">assoc_append_elim_l</span> <span class="pl-en">x</span> <span class="pl-en">q</span> <span class="pl-en">l2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">assoc_memP_some</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">))</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">assoc</span> <span class="pl-en">x</span> <span class="pl-en">l</span> <span class="pl-c1">==</span> <span class="pl-c1">Some</span> <span class="pl-en">y</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">memP</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">l</span><span class="pl-c1">)</span>
+<span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">(</span><span class="pl-en">x'</span><span class="pl-c1">,</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">::</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">if</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">x'</span> <span class="pl-k">then</span> <span class="pl-c1">()</span> <span class="pl-k">else</span> <span class="pl-en">assoc_memP_some</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-en">q</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">assoc_memP_none</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">))</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">assoc</span> <span class="pl-en">x</span> <span class="pl-en">l</span> <span class="pl-c1">==</span> <span class="pl-c1">None</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">y</span> <span class="pl-c1">.</span> <span class="pl-c1">~</span> <span class="pl-c1">(</span><span class="pl-en">memP</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-en">l</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">l</span><span class="pl-c1">)</span>
+<span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">(</span><span class="pl-en">x'</span><span class="pl-c1">,</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">::</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">if</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">x'</span> <span class="pl-k">then</span> <span class="pl-k">assert</span> <span class="pl-c1">False</span> <span class="pl-k">else</span> <span class="pl-en">assoc_memP_none</span> <span class="pl-en">x</span> <span class="pl-en">q</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">assoc_mem</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">))</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">fst</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-en">y</span> <span class="pl-c1">.</span> <span class="pl-en">assoc</span> <span class="pl-en">x</span> <span class="pl-en">l</span> <span class="pl-c1">==</span> <span class="pl-c1">Some</span> <span class="pl-en">y</span><span class="pl-c1">)))</span>
+<span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">assoc</span> <span class="pl-en">x</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">assoc_memP_none</span> <span class="pl-en">x</span> <span class="pl-en">l</span><span class="pl-c1">;</span>
+    <span class="pl-en">mem_memP</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">fst</span> <span class="pl-en">l</span><span class="pl-c1">);</span>
+    <span class="pl-en">memP_map_elim</span> <span class="pl-en">fst</span> <span class="pl-en">x</span> <span class="pl-en">l</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">assoc_memP_some</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-en">l</span><span class="pl-c1">;</span>
+    <span class="pl-en">memP_map_intro</span> <span class="pl-en">fst</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-en">l</span><span class="pl-c1">;</span>
+    <span class="pl-en">mem_memP</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">fst</span> <span class="pl-en">l</span><span class="pl-c1">)</span></pre></div>
+<p>Properties of <code>fold_left</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">fold_left_invar</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type0))</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">.</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">memP</span> <span class="pl-en">y</span> <span class="pl-en">l</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">.</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-en">fold_left</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+<span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">y</span> <span class="pl-c1">::</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fold_left_invar</span> <span class="pl-en">f</span> <span class="pl-en">q</span> <span class="pl-en">p</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">fold_left_map</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">f_aba</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">f_bc</span><span class="pl-c1">:</span>  <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">f_aca</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">.</span> <span class="pl-en">f_aba</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">f_aca</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">f_bc</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">.</span> <span class="pl-en">fold_left</span> <span class="pl-en">f_aba</span> <span class="pl-en">x</span> <span class="pl-en">l</span> <span class="pl-c1">==</span> <span class="pl-en">fold_left</span> <span class="pl-en">f_aca</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">f_bc</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">)</span>
+  <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">y</span> <span class="pl-c1">::</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fold_left_map</span> <span class="pl-en">f_aba</span> <span class="pl-en">f_bc</span> <span class="pl-en">f_aca</span> <span class="pl-en">q</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">map_append</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> @ <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-en">l1</span> @ <span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-en">l2</span><span class="pl-c1">)</span>
+<span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">l1</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">x</span> <span class="pl-c1">::</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">map_append</span> <span class="pl-en">f</span> <span class="pl-en">q</span> <span class="pl-en">l2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">fold_left_append</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-k">forall</span> <span class="pl-en">x</span> <span class="pl-c1">.</span> <span class="pl-en">fold_left</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> @ <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">fold_left</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">fold_left</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-en">l2</span><span class="pl-c1">)</span>
+<span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l1</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">x</span> <span class="pl-c1">::</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fold_left_append</span> <span class="pl-en">f</span> <span class="pl-en">q</span> <span class="pl-en">l2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">fold_left_monoid</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">opA</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">zeroA</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span>
+    <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">u</span> <span class="pl-en">v</span> <span class="pl-en">w</span> <span class="pl-c1">.</span> <span class="pl-c1">(</span><span class="pl-en">u</span> <span class="pl-c1">`</span><span class="pl-en">opA</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-c1">`</span><span class="pl-en">opA</span><span class="pl-c1">`</span> <span class="pl-en">w</span><span class="pl-c1">))</span> <span class="pl-c1">==</span> <span class="pl-c1">((</span><span class="pl-en">u</span> <span class="pl-c1">`</span><span class="pl-en">opA</span><span class="pl-c1">`</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-c1">`</span><span class="pl-en">opA</span><span class="pl-c1">`</span> <span class="pl-en">w</span><span class="pl-c1">))</span> <span class="pl-c1">/\</span>
+    <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span> <span class="pl-c1">.</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">opA</span><span class="pl-c1">`</span> <span class="pl-en">zeroA</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+    <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span> <span class="pl-c1">.</span> <span class="pl-c1">(</span><span class="pl-en">zeroA</span> <span class="pl-c1">`</span><span class="pl-en">opA</span><span class="pl-c1">`</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>
+    <span class="pl-k">forall</span> <span class="pl-en">x</span> <span class="pl-c1">.</span>
+    <span class="pl-c1">(</span><span class="pl-en">fold_left</span> <span class="pl-en">opA</span> <span class="pl-en">x</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">opA</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">fold_left</span> <span class="pl-en">opA</span> <span class="pl-en">zeroA</span> <span class="pl-en">l</span><span class="pl-c1">)))</span>
+<span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">x</span> <span class="pl-c1">::</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fold_left_monoid</span> <span class="pl-en">opA</span> <span class="pl-en">zeroA</span> <span class="pl-en">q</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">fold_left_append_monoid</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span>
+    <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">u</span> <span class="pl-en">v</span> <span class="pl-en">w</span> <span class="pl-c1">.</span> <span class="pl-en">f</span> <span class="pl-en">u</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">v</span> <span class="pl-en">w</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">u</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-en">w</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+    <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span> <span class="pl-c1">.</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">z</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+    <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span> <span class="pl-c1">.</span> <span class="pl-en">f</span> <span class="pl-en">z</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>
+    <span class="pl-en">fold_left</span> <span class="pl-en">f</span> <span class="pl-en">z</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> @ <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">fold_left</span> <span class="pl-en">f</span> <span class="pl-en">z</span> <span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">fold_left</span> <span class="pl-en">f</span> <span class="pl-en">z</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+<span class="pl-c1">=</span> <span class="pl-en">fold_left_append</span> <span class="pl-en">f</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">;</span>
+  <span class="pl-en">fold_left_monoid</span> <span class="pl-en">f</span> <span class="pl-en">z</span> <span class="pl-en">l2</span></pre></div>
+<p>Properties of <code>index</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">index_extensionality_aux</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l_len</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">l_len</span><span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">{</span> <span class="pl-en">length</span> <span class="pl-en">l1</span> <span class="pl-c1">==</span> <span class="pl-en">length</span> <span class="pl-en">l2</span> <span class="pl-c1">}</span> <span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">l_index</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-c1">nat</span> <span class="pl-c1">{</span><span class="pl-en">i</span> &lt; <span class="pl-en">length</span> <span class="pl-en">l1</span><span class="pl-c1">}))</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">l_index</span><span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">{</span><span class="pl-en">index</span> <span class="pl-en">l1</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-en">index</span> <span class="pl-en">l2</span> <span class="pl-en">i</span><span class="pl-c1">}))</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-c1">==</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+<span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-c1">(</span><span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">(</span><span class="pl-en">a1</span><span class="pl-c1">::</span><span class="pl-en">q1</span><span class="pl-c1">,</span> <span class="pl-en">a2</span><span class="pl-c1">::</span><span class="pl-en">q2</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">let</span> <span class="pl-en">a_eq</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a_eq</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">{</span><span class="pl-en">a1</span> <span class="pl-c1">==</span> <span class="pl-en">a2</span><span class="pl-c1">})</span> <span class="pl-c1">=</span> <span class="pl-en">l_index</span> <span class="pl-c1">0</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">q_len</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">q_len</span><span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">q1</span> <span class="pl-c1">==</span> <span class="pl-en">length</span> <span class="pl-en">q2</span><span class="pl-c1">})</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">q_index</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-c1">nat</span> <span class="pl-c1">{</span><span class="pl-en">i</span> &lt; <span class="pl-en">length</span> <span class="pl-en">q1</span><span class="pl-c1">}))</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">q_index</span><span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">{</span><span class="pl-en">index</span> <span class="pl-en">q1</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-en">index</span> <span class="pl-en">q2</span> <span class="pl-en">i</span><span class="pl-c1">})</span> <span class="pl-c1">=</span>
+      <span class="pl-en">l_index</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">q_eq</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">q_eq</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">{</span><span class="pl-en">l1</span> <span class="pl-c1">==</span> <span class="pl-en">l2</span><span class="pl-c1">})</span> <span class="pl-c1">=</span> <span class="pl-en">index_extensionality_aux</span> <span class="pl-en">q1</span> <span class="pl-en">q2</span> <span class="pl-en">q_len</span> <span class="pl-en">q_index</span> <span class="pl-k">in</span>
+    <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">index_extensionality</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span>
+    <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">l1</span> <span class="pl-c1">==</span> <span class="pl-en">length</span> <span class="pl-en">l2</span> <span class="pl-c1">/\</span>
+    <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">.</span> <span class="pl-en">i</span> &lt; <span class="pl-en">length</span> <span class="pl-en">l1</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">index</span> <span class="pl-en">l1</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-en">index</span> <span class="pl-en">l2</span> <span class="pl-en">i</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-c1">==</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+<span class="pl-c1">=</span> <span class="pl-en">index_extensionality_aux</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-c1">()</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">i</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">())</span></pre></div>
+<p>Properties of <code>strict_suffix_of</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">strict_suffix_of_nil</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">strict_suffix_of</span> <span class="pl-c1">[]</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">::</span><span class="pl-en">l</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">l</span><span class="pl-c1">)</span>
+<span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">a'</span> <span class="pl-c1">::</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">strict_suffix_of_nil</span> <span class="pl-en">a'</span> <span class="pl-en">q</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">strict_suffix_of_or_eq_nil</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">strict_suffix_of</span> <span class="pl-c1">[]</span> <span class="pl-en">l</span> <span class="pl-c1">\/</span> <span class="pl-en">l</span> <span class="pl-c1">==</span> <span class="pl-c1">[]))</span>
+<span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">a</span> <span class="pl-c1">::</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">strict_suffix_of_nil</span> <span class="pl-en">a</span> <span class="pl-en">q</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">strict_suffix_of_cons</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">strict_suffix_of</span> <span class="pl-en">l</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">::</span><span class="pl-en">l</span><span class="pl-c1">)))</span>
+<span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">strict_suffix_of_trans</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-en">l3</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">((</span><span class="pl-en">strict_suffix_of</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-c1">/\</span> <span class="pl-en">strict_suffix_of</span> <span class="pl-en">l2</span> <span class="pl-en">l3</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">strict_suffix_of</span> <span class="pl-en">l1</span> <span class="pl-en">l3</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">l3</span><span class="pl-c1">)</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">strict_suffix_of</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">strict_suffix_of</span> <span class="pl-en">l2</span> <span class="pl-en">l3</span><span class="pl-c1">)]</span>
+<span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l3</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">::</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">strict_suffix_of_trans</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-en">q</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">strict_suffix_of_correct</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">strict_suffix_of</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">l1</span> &lt;&lt; <span class="pl-en">l2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">l2</span><span class="pl-c1">)</span>
+<span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l2</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">::</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">strict_suffix_of_correct</span> <span class="pl-en">l1</span> <span class="pl-en">q</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">map_strict_suffix_of</span> <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">l1</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">l2</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span>
+ <span class="pl-c1">Lemma</span>
+ <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+ <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">strict_suffix_of</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">strict_suffix_of</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-en">l2</span><span class="pl-c1">)))</span>
+ <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">l2</span><span class="pl-c1">)</span>
+<span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l2</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">a</span><span class="pl-c1">::</span><span class="pl-en">q</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">map_strict_suffix_of</span> <span class="pl-en">f</span> <span class="pl-en">l1</span> <span class="pl-en">q</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">mem_strict_suffix_of</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">l1</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">l2</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">((</span><span class="pl-en">mem</span> <span class="pl-en">m</span> <span class="pl-en">l1</span> <span class="pl-c1">/\</span> <span class="pl-en">strict_suffix_of</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">mem</span> <span class="pl-en">m</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+<span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l2</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">a</span> <span class="pl-c1">::</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">mem_strict_suffix_of</span> <span class="pl-en">l1</span> <span class="pl-en">m</span> <span class="pl-en">q</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">strict_suffix_of_exists_append</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">strict_suffix_of</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-c1">==&gt;</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-en">l3</span> <span class="pl-c1">.</span> <span class="pl-en">l2</span> <span class="pl-c1">==</span> <span class="pl-en">append</span> <span class="pl-en">l3</span> <span class="pl-en">l1</span><span class="pl-c1">)))</span>
+<span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l2</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">a</span> <span class="pl-c1">::</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-smi">FStar.Classical.</span><span class="pl-en">or_elim</span>
+      <span class="pl-c1">#(</span><span class="pl-en">l1</span> <span class="pl-c1">==</span> <span class="pl-en">q</span><span class="pl-c1">)</span>
+      <span class="pl-c1">#(</span><span class="pl-en">strict_suffix_of</span> <span class="pl-en">l1</span> <span class="pl-en">q</span><span class="pl-c1">)</span>
+      <span class="pl-c1">#(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">exists</span> <span class="pl-en">l3</span> <span class="pl-c1">.</span> <span class="pl-en">l2</span> <span class="pl-c1">==</span> <span class="pl-en">append</span> <span class="pl-en">l3</span> <span class="pl-en">l1</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-smi">FStar.Classical.</span><span class="pl-en">exists_intro</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">l3</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l2</span> <span class="pl-c1">==</span> <span class="pl-en">append</span> <span class="pl-en">l3</span> <span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">::</span> <span class="pl-c1">[]))</span>
+      <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-smi">FStar.Classical.</span><span class="pl-en">exists_elim</span>
+      <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-en">l3</span> <span class="pl-c1">.</span> <span class="pl-en">l2</span> <span class="pl-c1">==</span> <span class="pl-en">append</span> <span class="pl-en">l3</span> <span class="pl-en">l1</span><span class="pl-c1">)</span>
+      <span class="pl-c1">#</span><span class="pl-c1">_</span>
+      <span class="pl-c1">#(</span><span class="pl-k">fun</span> <span class="pl-en">l3</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">q</span> <span class="pl-c1">==</span> <span class="pl-en">append</span> <span class="pl-en">l3</span> <span class="pl-en">l1</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">strict_suffix_of_exists_append</span> <span class="pl-en">l1</span> <span class="pl-en">q</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">l3</span> <span class="pl-c1">-&gt;</span>
+         <span class="pl-smi">FStar.Classical.</span><span class="pl-en">exists_intro</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">l3</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l2</span> <span class="pl-c1">==</span> <span class="pl-en">append</span> <span class="pl-en">l3</span> <span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">::</span> <span class="pl-en">l3</span><span class="pl-c1">)</span>
+         <span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">strict_suffix_of_or_eq_exists_append</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">((</span><span class="pl-en">strict_suffix_of</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-c1">\/</span> <span class="pl-en">l1</span> <span class="pl-c1">==</span> <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-en">l3</span> <span class="pl-c1">.</span> <span class="pl-en">l2</span> <span class="pl-c1">==</span> <span class="pl-en">append</span> <span class="pl-en">l3</span> <span class="pl-en">l1</span><span class="pl-c1">)))</span>
+<span class="pl-c1">=</span> <span class="pl-smi">FStar.Classical.</span><span class="pl-en">or_elim</span>
+    <span class="pl-c1">#(</span><span class="pl-en">strict_suffix_of</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">)</span>
+    <span class="pl-c1">#(</span><span class="pl-en">l1</span> <span class="pl-c1">==</span> <span class="pl-en">l2</span><span class="pl-c1">)</span>
+    <span class="pl-c1">#(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">exists</span> <span class="pl-en">l3</span> <span class="pl-c1">.</span> <span class="pl-en">l2</span> <span class="pl-c1">==</span> <span class="pl-en">append</span> <span class="pl-en">l3</span> <span class="pl-en">l1</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">strict_suffix_of_exists_append</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-smi">FStar.Classical.</span><span class="pl-en">exists_intro</span>
+      <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">l3</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l2</span> <span class="pl-c1">==</span> <span class="pl-en">append</span> <span class="pl-en">l3</span> <span class="pl-en">l1</span><span class="pl-c1">)</span>
+      <span class="pl-c1">[]</span> <span class="pl-c1">)</span></pre></div>
+<p>Properties of &lt;&lt; with lists</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">precedes_tl</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span> <span class="pl-c1">{</span><span class="pl-c1">Cons</span><span class="pl-c1">?</span> <span class="pl-en">l</span><span class="pl-c1">})</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">tl</span> <span class="pl-en">l</span> &lt;&lt; <span class="pl-en">l</span><span class="pl-c1">))</span>
+<span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">precedes_append_cons_r</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l1</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l2</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">x</span> &lt;&lt; <span class="pl-en">append</span> <span class="pl-en">l1</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">::</span> <span class="pl-en">l2</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">x</span> &lt;&lt; <span class="pl-en">append</span> <span class="pl-en">l1</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">::</span> <span class="pl-en">l2</span><span class="pl-c1">))]</span>
+<span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l1</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">::</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">precedes_append_cons_r</span> <span class="pl-en">q</span> <span class="pl-en">x</span> <span class="pl-en">l2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">precedes_append_cons_prod_r</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l1</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l2</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">))</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>
+    <span class="pl-en">x</span> &lt;&lt; <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">l1</span> <span class="pl-c1">((</span><span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">::</span> <span class="pl-en">l2</span><span class="pl-c1">))</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">y</span> &lt;&lt; <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">l1</span> <span class="pl-c1">((</span><span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">::</span> <span class="pl-en">l2</span><span class="pl-c1">)))</span>
+<span class="pl-c1">=</span> <span class="pl-en">precedes_append_cons_r</span> <span class="pl-en">l1</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-en">l2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">memP_precedes</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">memP</span> <span class="pl-en">x</span> <span class="pl-en">l</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">x</span> &lt;&lt; <span class="pl-en">l</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">l</span><span class="pl-c1">)</span>
+<span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">y</span> <span class="pl-c1">::</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-smi">FStar.Classical.</span><span class="pl-en">or_elim</span>
+      <span class="pl-c1">#(</span><span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-c1">#(</span><span class="pl-en">memP</span> <span class="pl-en">x</span> <span class="pl-en">q</span><span class="pl-c1">)</span>
+      <span class="pl-c1">#(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span> &lt;&lt; <span class="pl-en">l</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">())</span>
+      <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">memP_precedes</span> <span class="pl-en">x</span> <span class="pl-en">q</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">assoc_precedes</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">assoc</span> <span class="pl-en">x</span> <span class="pl-en">l</span> <span class="pl-c1">==</span> <span class="pl-c1">Some</span> <span class="pl-en">y</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">x</span> &lt;&lt; <span class="pl-en">l</span> <span class="pl-c1">/\</span> <span class="pl-en">y</span> &lt;&lt; <span class="pl-en">l</span><span class="pl-c1">))</span>
+<span class="pl-c1">=</span> <span class="pl-en">assoc_memP_some</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-en">l</span><span class="pl-c1">;</span>
+  <span class="pl-en">memP_precedes</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-en">l</span></pre></div>
+<p>Properties about find</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">find_none</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool))</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">find</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">==</span> <span class="pl-c1">None</span> <span class="pl-c1">/\</span> <span class="pl-en">memP</span> <span class="pl-en">x</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-c1">false</span><span class="pl-c1">))</span>
+<span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-c1">(</span><span class="pl-en">x'</span> <span class="pl-c1">::</span> <span class="pl-en">l'</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">l</span> <span class="pl-k">in</span>
+  <span class="pl-smi">Classical.</span><span class="pl-en">or_elim</span>
+    <span class="pl-c1">#(</span><span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">x'</span><span class="pl-c1">)</span>
+    <span class="pl-c1">#(~</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">x'</span><span class="pl-c1">))</span>
+    <span class="pl-c1">#(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-c1">false</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">())</span>
+    <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">find_none</span> <span class="pl-en">f</span> <span class="pl-en">l'</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<p>Properties of init and last</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">append_init_last</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span> <span class="pl-c1">{</span> <span class="pl-c1">Cons</span><span class="pl-c1">?</span> <span class="pl-en">l</span> <span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span> <span class="pl-c1">==</span> <span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">init</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">[</span><span class="pl-en">last</span> <span class="pl-en">l</span><span class="pl-c1">])</span>
+<span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-en">a</span> <span class="pl-c1">::</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">if</span> <span class="pl-c1">Cons</span><span class="pl-c1">?</span> <span class="pl-en">q</span>
+    <span class="pl-k">then</span>
+      <span class="pl-en">append_init_last</span> <span class="pl-en">q</span>
+    <span class="pl-k">else</span>
+      <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">init_last_def</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-en">l'</span> <span class="pl-c1">=</span> <span class="pl-en">append</span> <span class="pl-en">l</span> <span class="pl-c1">[</span><span class="pl-en">x</span><span class="pl-c1">]</span> <span class="pl-k">in</span>
+  <span class="pl-en">init</span> <span class="pl-en">l'</span> <span class="pl-c1">==</span> <span class="pl-en">l</span> <span class="pl-c1">/\</span> <span class="pl-en">last</span> <span class="pl-en">l'</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+<span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">y</span> <span class="pl-c1">::</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">init_last_def</span> <span class="pl-en">q</span> <span class="pl-en">x</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">init_last_inj</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">l1</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span> <span class="pl-c1">{</span> <span class="pl-c1">Cons</span><span class="pl-c1">?</span> <span class="pl-en">l1</span> <span class="pl-c1">}</span> <span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">l2</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span> <span class="pl-c1">{</span> <span class="pl-c1">Cons</span><span class="pl-c1">?</span> <span class="pl-en">l2</span> <span class="pl-c1">}</span> <span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">init</span> <span class="pl-en">l1</span> <span class="pl-c1">==</span> <span class="pl-en">init</span> <span class="pl-en">l2</span> <span class="pl-c1">/\</span> <span class="pl-en">last</span> <span class="pl-en">l1</span> <span class="pl-c1">==</span> <span class="pl-en">last</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-c1">==</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+<span class="pl-c1">=</span> <span class="pl-en">append_init_last</span> <span class="pl-en">l1</span><span class="pl-c1">;</span>
+  <span class="pl-en">append_init_last</span> <span class="pl-en">l2</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.List.Tot.html b/docs/FStar.List.Tot.html
index c3d6373..7bdec58 100644
--- a/docs/FStar.List.Tot.html
+++ b/docs/FStar.List.Tot.html
@@ -1,16 +1,19 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.List.Tot</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.list.tot">module FStar.List.Tot</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarlisttot" class="anchor" href="#fstarlisttot" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.List.Tot</h1>
+<ul>
+<li>Includes module <a href="FStar.List.Tot.Base.html">FStar.List.Tot.Base</a>
+</li>
+<li>Includes module <a href="FStar.List.Tot.Properties.html">FStar.List.Tot.Properties</a>
+</li>
+</ul>
+
 </body>
 </html>
diff --git a/docs/FStar.List.html b/docs/FStar.List.html
index 20c8498..5bd1a77 100644
--- a/docs/FStar.List.html
+++ b/docs/FStar.List.html
@@ -1,127 +1,379 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.List</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.list">module FStar.List</h1>
-<p>F* stdlib List module.</p>
-<p>F* standard library List module.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> Base operations *</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> hd:Unidentified product: [list &#39;a] (ML &#39;a)</code></pre></div>
-<p>[hd l] returns the first element of [l]. Raises an exception if [l] is empty (thus, [hd] hides [List.Tot.hd] which requires [l] to be nonempty at type-checking time.) Named as in: OCaml, F#, Coq</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> tail:Unidentified product: [list &#39;a] (ML (list &#39;a))</code></pre></div>
-<p>[tail l] returns [l] without its first element. Raises an exception if [l] is empty (thus, [tail] hides [List.Tot.tail] which requires [l] to be nonempty at type-checking time). Similar to: tl in OCaml, F#, Coq</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> tl:Unidentified product: [list &#39;a] (ML (list &#39;a))</code></pre></div>
-<p>[tl l] returns [l] without its first element. Raises an exception if [l] is empty (thus, [tl] hides [List.Tot.tl] which requires [l] to be nonempty at type-checking time). Named as in: tl in OCaml, F#, Coq</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> last:Unidentified product: [list &#39;a] (ML &#39;a)</code></pre></div>
-<p>[last l] returns the last element of [l]. Requires, at type-checking time, that [l] be nonempty. Named as in: Haskell</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> init:Unidentified product: [list &#39;a] (ML (list &#39;a))</code></pre></div>
-<p>[init l] returns [l] without its last element. Requires, at type-checking time, that [l] be nonempty. Named as in: Haskell</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> [nth l n] returns the [n]-th element <span class="kw">in</span> list [l] (<span class="kw">with</span> the first
-element being the <span class="dv">0</span>-th) <span class="kw">if</span> [l] is long enough, <span class="kw">or</span> raises an <span class="kw">exception</span>
-otherwise (thus, [nth] hides [List<span class="kw">.</span>Tot<span class="kw">.</span>nth] which has [<span class="dt">option</span>] <span class="kw">type</span>.)
-Named <span class="kw">as</span> <span class="kw">in</span>: OCaml, F#, Coq </code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> Iterators *</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> iter:Unidentified product: [(Unidentified product: [&#39;a] (ML <span class="dt">unit</span>))] Unidentified product: [list &#39;a] (ML <span class="dt">unit</span>)</code></pre></div>
-<p>[iter f l] performs [f x] for each element [x] of [l], in the order in which they appear in [l]. Named as in: OCaml, F# .</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> iteri_aux:Unidentified product: [<span class="dt">int</span>] Unidentified product: [(Unidentified product: [<span class="dt">int</span>] Unidentified product: [&#39;a] (ML <span class="dt">unit</span>))] Unidentified product: [list &#39;a] (ML <span class="dt">unit</span>)</code></pre></div>
-<p>[iteri_aux n f l] performs, for each i, [f (i+n) x] for the i-th element [x] of [l], in the order in which they appear in [l].</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> iteri:Unidentified product: [(Unidentified product: [<span class="dt">int</span>] Unidentified product: [&#39;a] (ML <span class="dt">unit</span>))] Unidentified product: [list &#39;a] (ML <span class="dt">unit</span>)</code></pre></div>
-<p>[iteri_aux f l] performs, for each [i], [f i x] for the i-th element [x] of [l], in the order in which they appear in [l]. Named as in: OCaml</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> map:Unidentified product: [(Unidentified product: [&#39;a] (ML &#39;b))] Unidentified product: [list &#39;a] (ML (list &#39;b))</code></pre></div>
-<p>[map f l] applies [f] to each element of [l] and returns the list of results, in the order of the original elements in [l]. (Hides [List.Tot.map] which requires, at type-checking time, [f] to be a pure total function.) Named as in: OCaml, Coq, F#</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> mapT:Unidentified product: [(Unidentified product: [&#39;a] (Tot &#39;b))] Unidentified product: [list &#39;a] (Tot (list &#39;b))</code></pre></div>
-<p>[mapT f l] applies [f] to each element of [l] and returns the list of results, in the order of the original elements in [l]. Requires, at type-checking time, [f] to be a pure total function.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> mapi_init:Unidentified product: [(Unidentified product: [<span class="dt">int</span>] Unidentified product: [&#39;a] (ML &#39;b))] Unidentified product: [list &#39;a] Unidentified product: [<span class="dt">int</span>] (ML (list &#39;b))</code></pre></div>
-<p>[mapi_init f n l] applies, for each [k], [f (n+k)] to the [k]-th element of [l] and returns the list of results, in the order of the original elements in [l]. (Hides [List.Tot.mapi_init] which requires, at type-checking time, [f] to be a pure total function.)</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> mapi:Unidentified product: [(Unidentified product: [<span class="dt">int</span>] Unidentified product: [&#39;a] (ML &#39;b))] Unidentified product: [list &#39;a] (ML (list &#39;b))</code></pre></div>
-<p>[mapi f l] applies, for each [k], [f k] to the [k]-th element of [l] and returns the list of results, in the order of the original elements in [l]. (Hides [List.Tot.mapi] which requires, at type-checking time, [f] to be a pure total function.) Named as in: OCaml</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> [concatMap f l] applies [f] <span class="kw">to</span> each element <span class="kw">of</span> [l] <span class="kw">and</span> returns the
-concatenation <span class="kw">of</span> the results, <span class="kw">in</span> the order <span class="kw">of</span> the original elements <span class="kw">of</span>
-[l]. This is equivalent <span class="kw">to</span> [flatten (map f l)]. (Hides
-[List<span class="kw">.</span>Tot<span class="kw">.</span>concatMap], which requires, at <span class="kw">type</span>-checking time, [f] <span class="kw">to</span> be
-a pure total <span class="kw">function</span>.) </code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> map2:Unidentified product: [(Unidentified product: [&#39;a] Unidentified product: [&#39;b] (ML &#39;c))] Unidentified product: [list &#39;a] Unidentified product: [list &#39;b] (ML (list &#39;c))</code></pre></div>
-<p>[map2 f l1 l2] computes [f x1 x2] for each element x1 of [l1] and the element [x2] of [l2] at the same position, and returns the list of such results, in the order of the original elements in [l1]. Raises an exception if [l1] and [l2] have different lengths. Named as in: OCaml</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> map3:Unidentified product: [(Unidentified product: [&#39;a] Unidentified product: [&#39;b] Unidentified product: [&#39;c] (ML &#39;d))] Unidentified product: [list &#39;a] Unidentified product: [list &#39;b] Unidentified product: [list &#39;c] (ML (list &#39;d))</code></pre></div>
-<p>[map3 f l1 l2 l3] computes [f x1 x2 x3] for each element x1 of [l1] and the element [x2] of [l2] and the element [x3] of [l3] at the same position, and returns the list of such results, in the order of the original elements in [l1]. Raises an exception if [l1], [l2] and [l3] have different lengths. Named as in: OCaml</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> fold_left:Unidentified product: [(Unidentified product: [&#39;a] Unidentified product: [&#39;b] (ML &#39;a))] Unidentified product: [&#39;a] Unidentified product: [list &#39;b] (ML &#39;a)</code></pre></div>
-<p>[fold_left f x [y1; y2; ...; yn]] computes (f (... (f x y1) y2) ... yn). (Hides [List.Tot.fold_left], which requires, at type-checking time, [f] to be a pure total function.) Named as in: OCaml, Coq</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> fold_left2:Unidentified product: [(Unidentified product: [&#39;s] Unidentified product: [&#39;a] Unidentified product: [&#39;b] (ML &#39;s))] Unidentified product: [&#39;s] Unidentified product: [list &#39;a] Unidentified product: [list &#39;b] (ML &#39;s)</code></pre></div>
-<p>[fold_left2 f x [y1; y2; ...; yn] [z1; z2; ...; zn]] computes (f (... (f x y1 z1) y2 z2 ... yn zn). Raises an exception if [y1; y2; ...] and [z1; z2; ...] have different lengths. (Thus, hides [List.Tot.fold_left2] which requires such a condition at type-checking time.) Named as in: OCaml</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> fold_right:Unidentified product: [(Unidentified product: [&#39;a] Unidentified product: [&#39;b] (ML &#39;b))] Unidentified product: [list &#39;a] Unidentified product: [&#39;b] (ML &#39;b)</code></pre></div>
-<p>[fold_right f [x1; x2; ...; xn] y] computes (f x1 (f x2 (... (f xn y)) ... )). (Hides [List.Tot.fold_right], which requires, at type-checking time, [f] to be a pure total function.) Named as in: OCaml, Coq</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> List searching *</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> filter:Unidentified product: [(Unidentified product: [&#39;a] (ML <span class="dt">bool</span>))] Unidentified product: [list &#39;a] (ML (list &#39;a))</code></pre></div>
-<p>[filter f l] returns [l] with all elements [x] such that [f x] does not hold removed. (Hides [List.Tot.filter] which requires, at type-checking time, [f] to be a pure total function.) Named as in: OCaml, Coq</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> for_all:Unidentified product: [(Unidentified product: [&#39;a] (ML <span class="dt">bool</span>))] Unidentified product: [list &#39;a] (ML <span class="dt">bool</span>)</code></pre></div>
-<p>[for_all f l] returns [true] if, and only if, for all elements [x] appearing in [l], [f x] holds. (Hides [List.Tot.for_all], which requires, at type-checking time, [f] to be a pure total function.) Named as in: OCaml. Similar to: List.forallb in Coq</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> forall2:Unidentified product: [(Unidentified product: [&#39;a] Unidentified product: [&#39;b] (ML <span class="dt">bool</span>))] Unidentified product: [list &#39;a] Unidentified product: [list &#39;b] (ML <span class="dt">bool</span>)</code></pre></div>
-<p>[for_all f l1 l2] returns [true] if, and only if, for all elements [x1] appearing in [l1] and the element [x2] appearing in [l2] at the same position, [f x1 x2] holds. Raises an exception if [l1] and [l2] have different lengths. Similar to: List.for_all2 in OCaml. Similar to: List.Forall2 in Coq (which is propositional)</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> collect:Unidentified product: [(Unidentified product: [&#39;a] (ML (list &#39;b)))] Unidentified product: [list &#39;a] (ML (list &#39;b))</code></pre></div>
-<p>[collect f l] applies [f] to each element of [l] and returns the concatenation of the results, in the order of the original elements of [l]. It is equivalent to [flatten (map f l)]. (Hides [List.Tot.collect] which requires, at type-checking time, [f] to be a pure total function.) TODO: what is the difference with [concatMap]?</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> tryFind:Unidentified product: [(Unidentified product: [&#39;a] (ML <span class="dt">bool</span>))] Unidentified product: [list &#39;a] (ML (<span class="dt">option</span> &#39;a))</code></pre></div>
-<p>[tryFind f l] returns [Some x] for some element [x] appearing in [l] such that [f x] holds, or [None] only if no such [x] exists. (Hides [List.Tot.tryFind], which requires, at type-checking time, [f] to be a pure total function.)</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> tryPick:Unidentified product: [(Unidentified product: [&#39;a] (ML (<span class="dt">option</span> &#39;b)))] Unidentified product: [list &#39;a] (ML (<span class="dt">option</span> &#39;b))</code></pre></div>
-<p>[tryPick f l] returns [y] for some element [x] appearing in [l] such that [f x = Some y] for some y, or [None] only if [f x = None] for all elements [x] of [l]. (Hides [List.Tot.tryPick], which requires, at type-checking time, [f] to be a pure total function.)</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> choose:Unidentified product: [(Unidentified product: [&#39;a] (ML (<span class="dt">option</span> &#39;b)))] Unidentified product: [list &#39;a] (ML (list &#39;b))</code></pre></div>
-<p>[choose f l] returns the list of [y] for all elements [x] appearing in [l] such that [f x = Some y] for some [y]. (Hides [List.Tot.choose] which requires, at type-checking time, [f] to be a pure total function.)</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> partition:Unidentified product: [(Unidentified product: [&#39;a] (ML <span class="dt">bool</span>))] Unidentified product: [list &#39;a] (ML <span class="co">(*(list &#39;a, list &#39;a)))</span></code></pre></div>
-<p>[partition f l] returns the pair of lists [(l1, l2)] where all elements [x] of [l] are in [l1] if [f x] holds, and in [l2] otherwise. Both [l1] and [l2] retain the original order of [l]. (Hides [List.Tot.partition], which requires, at type-checking time, [f] to be a pure total function.)</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> List <span class="kw">of</span> tuples *</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> zip:Unidentified product: [list &#39;a] Unidentified product: [list &#39;b] (ML (list <span class="co">(*(&#39;a, &#39;b))))</span></code></pre></div>
-<p>[zip] takes two lists [x1, ..., xn] and [y1, ..., yn] and returns the list of pairs [(x1, y1), ..., (xn, yn)]. Raises an exception if the two lists have different lengths. Named as in: Haskell</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> Sorting (implemented <span class="kw">as</span> quicksort) *</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> sortWith:Unidentified product: [(Unidentified product: [&#39;a] Unidentified product: [&#39;a] (ML <span class="dt">int</span>))] Unidentified product: [list &#39;a] (ML (list &#39;a))</code></pre></div>
-<p>[sortWith compare l] returns the list [l'] containing the elements of [l] sorted along the comparison function [compare], in such a way that if [compare x y &gt; 0], then [x] appears before [y] in [l']. (Hides [List.Tot.sortWith], which requires, at type-checking time, [compare] to be a pure total function.)</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> splitAt:Unidentified product: [nat] Unidentified product: [list &#39;a] (ML <span class="co">(*(list &#39;a, list &#39;a)))</span></code></pre></div>
-<p>[splitAt n l] returns the pair of lists [(l1, l2)] such that [l1] contains the first [n] elements of [l] and [l2] contains the rest. Raises an exception if [l] has fewer than [n] elements.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((filter_map (f:Unidentified product: [&#39;a] (ML (<span class="dt">option</span> &#39;b))) (l:list &#39;a)):(ML (list &#39;b))):<span class="kw">let</span> <span class="kw">rec</span> ((filter_map_acc (acc:list &#39;b) (l:list &#39;a)):(ML (list &#39;b)))=<span class="kw">match</span> l <span class="kw">with</span> []  -&gt; rev acc | (Prims<span class="kw">.</span>Cons hd tl)  -&gt; <span class="kw">match</span> f hd <span class="kw">with</span> (Some hd)  -&gt; filter_map_acc ((Prims<span class="kw">.</span>Cons hd acc)) tl | None  -&gt; filter_map_acc acc tl <span class="kw">in</span> filter_map_acc (Prims<span class="kw">.</span>Nil ) l</code></pre></div>
-<p>[filter_map f l] returns the list of [y] for all elements [x] appearing in [l] such that [f x = Some y] for some [y]. (Implemented here as a tail-recursive version of [choose]</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> index:Unidentified product: [(Unidentified product: [&#39;a] (ML <span class="dt">bool</span>))] Unidentified product: [list &#39;a] (ML <span class="dt">int</span>)</code></pre></div>
-<p>[index f l] returns the position index in list [l] of the first element [x] in [l] such that [f x] holds. Raises an exception if no such [x] exists. TODO: rename this function (it hides List.Tot.index which has a completely different semantics.)</p>
+<h1>
+<a id="user-content-fstarlist" class="anchor" href="#fstarlist" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.List</h1>
+<ul>
+<li>Opens module <a href="FStar.All.html">FStar.All</a>
+</li>
+<li>Includes module <a href="FStar.List.Tot.html">FStar.List.Tot</a>
+F* standard library List module.</li>
+</ul>
+<p>@summary F* stdlib List module.</p>
+<p>Base operations *</p>
+<h4>
+<a id="user-content-hd" class="anchor" href="#hd" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>hd</h4>
+<p><code>hd l</code> returns the first element of <code>l</code>. Raises an exception if
+<code>l</code> is empty (thus, <a href="#hd"><code>hd</code></a> hides <code>List.Tot.hd</code> which requires <code>l</code> to be
+nonempty at type-checking time.) Named as in: OCaml, F#, Coq</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">hd</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-smi">'a</span>
+<span class="pl-k">let</span> <span class="pl-en">hd</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">hd</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">failwith</span> <span class="pl-s"><span class="pl-pds">"</span>head of empty list<span class="pl-pds">"</span></span></pre></div>
+<h4>
+<a id="user-content-tail" class="anchor" href="#tail" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>tail</h4>
+<p><code>tail l</code> returns <code>l</code> without its first element. Raises an
+exception if <code>l</code> is empty (thus, <a href="#tail"><code>tail</code></a> hides <code>List.Tot.tail</code> which
+requires <code>l</code> to be nonempty at type-checking time). Similar to: tl in
+OCaml, F#, Coq</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">tail</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">tail</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">tl</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">failwith</span> <span class="pl-s"><span class="pl-pds">"</span>tail of empty list<span class="pl-pds">"</span></span></pre></div>
+<h4>
+<a id="user-content-tl" class="anchor" href="#tl" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>tl</h4>
+<p><code>tl l</code> returns <code>l</code> without its first element. Raises an exception
+if <code>l</code> is empty (thus, <a href="#tl"><code>tl</code></a> hides <code>List.Tot.tl</code> which requires <code>l</code> to
+be nonempty at type-checking time). Named as in: tl in OCaml, F#, Coq</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">tl</span> <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">tl</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-en">tail</span> <span class="pl-en">l</span></pre></div>
+<h4>
+<a id="user-content-last" class="anchor" href="#last" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>last</h4>
+<p><code>last l</code> returns the last element of <code>l</code>. Requires, at
+type-checking time, that <code>l</code> be nonempty. Named as in: Haskell</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">last</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-smi">'a</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">last</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[</span><span class="pl-en">hd</span><span class="pl-c1">]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">hd</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">last</span> <span class="pl-en">tl</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">failwith</span> <span class="pl-s"><span class="pl-pds">"</span>last of empty list<span class="pl-pds">"</span></span></pre></div>
+<h4>
+<a id="user-content-init" class="anchor" href="#init" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>init</h4>
+<p><code>init l</code> returns <code>l</code> without its last element. Requires, at
+type-checking time, that <code>l</code> be nonempty. Named as in: Haskell</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">init</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">init</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[</span><span class="pl-c1">_</span><span class="pl-c1">]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">hd</span><span class="pl-c1">::(</span><span class="pl-en">init</span> <span class="pl-en">tl</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">failwith</span> <span class="pl-s"><span class="pl-pds">"</span>init of empty list<span class="pl-pds">"</span></span></pre></div>
+<p><code>nth l n</code> returns the <code>n</code>-th element in list <code>l</code> (with the first
+element being the 0-th) if <code>l</code> is long enough, or raises an exception
+otherwise (thus, <code>nth</code> hides <code>List.Tot.nth</code> which has <code>option</code> type.)
+Named as in: OCaml, F#, Coq</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">nth</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-smi">'a</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">nth</span> <span class="pl-en">l</span> <span class="pl-en">n</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">n</span> &lt; <span class="pl-c1">0</span> <span class="pl-k">then</span>
+    <span class="pl-k">failwith</span> <span class="pl-s"><span class="pl-pds">"</span>nth takes a non-negative integer as input<span class="pl-pds">"</span></span>
+  <span class="pl-k">else</span>
+    <span class="pl-k">if</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span>
+      <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+        <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">failwith</span> <span class="pl-s"><span class="pl-pds">"</span>not enough elements<span class="pl-pds">"</span></span>
+        <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">hd</span>
+    <span class="pl-k">else</span>
+      <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+        <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">failwith</span> <span class="pl-s"><span class="pl-pds">"</span>not enough elements<span class="pl-pds">"</span></span>
+        <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">nth</span> <span class="pl-en">tl</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span></pre></div>
+<p>Iterators *</p>
+<h4>
+<a id="user-content-iter" class="anchor" href="#iter" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>iter</h4>
+<p><code>iter f l</code> performs <code>f x</code> for each element <code>x</code> of <code>l</code>, in the
+order in which they appear in <code>l</code>. Named as in: OCaml, F# .</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">iter</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">unit)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">unit</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">iter</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">x</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">a</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">let</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-en">f</span> <span class="pl-en">a</span> <span class="pl-k">in</span> <span class="pl-en">iter</span> <span class="pl-en">f</span> <span class="pl-en">tl</span></pre></div>
+<h4>
+<a id="user-content-iteri_aux" class="anchor" href="#iteri_aux" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>iteri_aux</h4>
+<p><code>iteri_aux n f l</code> performs, for each i, <code>f (i+n) x</code> for the i-th
+element <code>x</code> of <code>l</code>, in the order in which they appear in <code>l</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">iteri_aux</span><span class="pl-c1">:</span> <span class="pl-c1">int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(int</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">unit)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">unit</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">iteri_aux</span> <span class="pl-en">i</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">x</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">a</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span> <span class="pl-en">i</span> <span class="pl-en">a</span><span class="pl-c1">;</span> <span class="pl-en">iteri_aux</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">+</span><span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">f</span> <span class="pl-en">tl</span></pre></div>
+<h4>
+<a id="user-content-iteri" class="anchor" href="#iteri" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>iteri</h4>
+<p><code>iteri_aux f l</code> performs, for each <code>i</code>, <code>f i x</code> for the i-th
+element <code>x</code> of <code>l</code>, in the order in which they appear in <code>l</code>. Named as
+in: OCaml</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">iteri</span><span class="pl-c1">:</span> <span class="pl-c1">(int</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">unit)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">unit</span>
+<span class="pl-k">let</span> <span class="pl-en">iteri</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">iteri_aux</span> <span class="pl-c1">0</span> <span class="pl-en">f</span> <span class="pl-en">x</span></pre></div>
+<h4>
+<a id="user-content-map" class="anchor" href="#map" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>map</h4>
+<p><code>map f l</code> applies <code>f</code> to each element of <code>l</code> and returns the list
+of results, in the order of the original elements in <code>l</code>. (Hides
+<code>List.Tot.map</code> which requires, at type-checking time, <code>f</code> to be a pure
+total function.)  Named as in: OCaml, Coq, F#</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">map</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">x</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+  <span class="pl-c1">|</span> <span class="pl-en">a</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span> <span class="pl-en">a</span><span class="pl-c1">::</span><span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-en">tl</span></pre></div>
+<h4>
+<a id="user-content-mapt" class="anchor" href="#mapt" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>mapT</h4>
+<p><code>mapT f l</code> applies <code>f</code> to each element of <code>l</code> and returns the list
+of results, in the order of the original elements in <code>l</code>. Requires, at
+type-checking time, <code>f</code> to be a pure total function.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mapT</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">mapT</span> <span class="pl-c1">=</span> <span class="pl-smi">FStar.List.Tot.</span><span class="pl-en">map</span></pre></div>
+<h4>
+<a id="user-content-mapi_init" class="anchor" href="#mapi_init" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>mapi_init</h4>
+<p><code>mapi_init f n l</code> applies, for each <code>k</code>, <code>f (n+k)</code> to the <code>k</code>-th
+element of <code>l</code> and returns the list of results, in the order of the
+original elements in <code>l</code>. (Hides <code>List.Tot.mapi_init</code> which requires,
+at type-checking time, <code>f</code> to be a pure total function.)</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mapi_init</span><span class="pl-c1">:</span> <span class="pl-c1">(int</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">mapi_init</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+    <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">i</span> <span class="pl-en">hd</span><span class="pl-c1">)::(</span><span class="pl-en">mapi_init</span> <span class="pl-en">f</span> <span class="pl-en">tl</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">+</span><span class="pl-c1">1</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-mapi" class="anchor" href="#mapi" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>mapi</h4>
+<p><code>mapi f l</code> applies, for each <code>k</code>, <code>f k</code> to the <code>k</code>-th element of
+<code>l</code> and returns the list of results, in the order of the original
+elements in <code>l</code>. (Hides <code>List.Tot.mapi</code> which requires, at
+type-checking time, <code>f</code> to be a pure total function.) Named as in:
+OCaml</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mapi</span><span class="pl-c1">:</span> <span class="pl-c1">(int</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">mapi</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-en">mapi_init</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">0</span></pre></div>
+<p><code>concatMap f l</code> applies <code>f</code> to each element of <code>l</code> and returns the
+concatenation of the results, in the order of the original elements of
+<code>l</code>. This is equivalent to <code>flatten (map f l)</code>. (Hides
+<code>List.Tot.concatMap</code>, which requires, at type-checking time, <code>f</code> to be
+a pure total function.)</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">concatMap</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'b</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">concatMap</span> <span class="pl-en">f</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+  <span class="pl-c1">|</span> <span class="pl-en">a</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">let</span> <span class="pl-en">fa</span> <span class="pl-c1">=</span> <span class="pl-en">f</span> <span class="pl-en">a</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">ftl</span> <span class="pl-c1">=</span> <span class="pl-en">concatMap</span> <span class="pl-en">f</span> <span class="pl-en">tl</span> <span class="pl-k">in</span>
+    <span class="pl-en">fa</span> @ <span class="pl-en">ftl</span></pre></div>
+<h4>
+<a id="user-content-map2" class="anchor" href="#map2" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>map2</h4>
+<p><code>map2 f l1 l2</code> computes <code>f x1 x2</code> for each element x1 of <code>l1</code> and
+the element <code>x2</code> of <code>l2</code> at the same position, and returns the list of
+such results, in the order of the original elements in <code>l1</code>. Raises an
+exception if <code>l1</code> and <code>l2</code> have different lengths.  Named as in: OCaml</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">map2</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-smi">'c</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'c</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">map2</span> <span class="pl-en">f</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">l2</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[],</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+    <span class="pl-c1">|</span> <span class="pl-en">hd1</span><span class="pl-c1">::</span><span class="pl-en">tl1</span><span class="pl-c1">,</span> <span class="pl-en">hd2</span><span class="pl-c1">::</span><span class="pl-en">tl2</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">hd1</span> <span class="pl-en">hd2</span><span class="pl-c1">)::(</span><span class="pl-en">map2</span> <span class="pl-en">f</span> <span class="pl-en">tl1</span> <span class="pl-en">tl2</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">failwith</span> <span class="pl-s"><span class="pl-pds">"</span>The lists do not have the same length<span class="pl-pds">"</span></span></pre></div>
+<h4>
+<a id="user-content-map3" class="anchor" href="#map3" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>map3</h4>
+<p><code>map3 f l1 l2 l3</code> computes <code>f x1 x2 x3</code> for each element x1 of
+<code>l1</code> and the element <code>x2</code> of <code>l2</code> and the element <code>x3</code> of <code>l3</code> at the
+same position, and returns the list of such results, in the order of
+the original elements in <code>l1</code>. Raises an exception if <code>l1</code>, <code>l2</code> and
+<code>l3</code> have different lengths.  Named as in: OCaml</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">map3</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'c</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-smi">'d</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'c</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'d</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">map3</span> <span class="pl-en">f</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-en">l3</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">l2</span><span class="pl-c1">,</span> <span class="pl-en">l3</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[],</span> <span class="pl-c1">[],</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+    <span class="pl-c1">|</span> <span class="pl-en">hd1</span><span class="pl-c1">::</span><span class="pl-en">tl1</span><span class="pl-c1">,</span> <span class="pl-en">hd2</span><span class="pl-c1">::</span><span class="pl-en">tl2</span><span class="pl-c1">,</span> <span class="pl-en">hd3</span><span class="pl-c1">::</span><span class="pl-en">tl3</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">hd1</span> <span class="pl-en">hd2</span> <span class="pl-en">hd3</span><span class="pl-c1">)::(</span><span class="pl-en">map3</span> <span class="pl-en">f</span> <span class="pl-en">tl1</span> <span class="pl-en">tl2</span> <span class="pl-en">tl3</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">failwith</span> <span class="pl-s"><span class="pl-pds">"</span>The lists do not have the same length<span class="pl-pds">"</span></span></pre></div>
+<h4>
+<a id="user-content-fold_left" class="anchor" href="#fold_left" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>fold_left</h4>
+<p><code>fold_left f x </code>y1; y2; ...; yn`` computes (f (... (f x y1) y2)
+... yn). (Hides <code>List.Tot.fold_left</code>, which requires, at type-checking
+time, `f` to be a pure total function.) Named as in: OCaml, Coq</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">fold_left</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-smi">'a</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">fold_left</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">y</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fold_left</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">hd</span><span class="pl-c1">)</span> <span class="pl-en">tl</span></pre></div>
+<h4>
+<a id="user-content-fold_left2" class="anchor" href="#fold_left2" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>fold_left2</h4>
+<p><code>fold_left2 f x </code>y1; y2; ...; yn<code> </code>z1; z2; ...; zn`` computes (f
+(... (f x y1 z1) y2 z2 ... yn zn). Raises an exception if [y1; y2;
+...<code>and</code>z1; z2; ...` have different lengths. (Thus, hides
+`List.Tot.fold_left2` which requires such a condition at type-checking
+time.) Named as in: OCaml</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">fold_left2</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'s</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-smi">'s</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'s</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-smi">'s</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">fold_left2</span> <span class="pl-en">f</span> <span class="pl-en">a</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">l2</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[],</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span>
+    <span class="pl-c1">|</span> <span class="pl-en">hd1</span><span class="pl-c1">::</span><span class="pl-en">tl1</span><span class="pl-c1">,</span> <span class="pl-en">hd2</span><span class="pl-c1">::</span><span class="pl-en">tl2</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fold_left2</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">a</span> <span class="pl-en">hd1</span> <span class="pl-en">hd2</span><span class="pl-c1">)</span> <span class="pl-en">tl1</span> <span class="pl-en">tl2</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">failwith</span> <span class="pl-s"><span class="pl-pds">"</span>The lists do not have the same length<span class="pl-pds">"</span></span></pre></div>
+<h4>
+<a id="user-content-fold_right" class="anchor" href="#fold_right" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>fold_right</h4>
+<p><code>fold_right f </code>x1; x2; ...; xn<code> y</code> computes (f x1 (f x2 (... (f xn
+y)) ... )). (Hides <code>List.Tot.fold_right</code>, which requires, at
+type-checking time, <code>f</code> to be a pure total function.) Named as in:
+OCaml, Coq</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">fold_right</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-smi">'b</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">fold_right</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span> <span class="pl-en">hd</span> <span class="pl-c1">(</span><span class="pl-en">fold_right</span> <span class="pl-en">f</span> <span class="pl-en">tl</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<p>List searching *</p>
+<h4>
+<a id="user-content-filter" class="anchor" href="#filter" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>filter</h4>
+<p><code>filter f l</code> returns <code>l</code> with all elements <code>x</code> such that <code>f x</code>
+does not hold removed. (Hides <code>List.Tot.filter</code> which requires, at
+type-checking time, <code>f</code> to be a pure total function.) Named as in:
+OCaml, Coq</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">filter</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">filter</span> <span class="pl-en">f</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">if</span> <span class="pl-en">f</span> <span class="pl-en">hd</span> <span class="pl-k">then</span> <span class="pl-en">hd</span><span class="pl-c1">::(</span><span class="pl-en">filter</span> <span class="pl-en">f</span> <span class="pl-en">tl</span><span class="pl-c1">)</span> <span class="pl-k">else</span> <span class="pl-en">filter</span> <span class="pl-en">f</span> <span class="pl-en">tl</span></pre></div>
+<h4>
+<a id="user-content-for_all" class="anchor" href="#for_all" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>for_all</h4>
+<p><code>for_all f l</code> returns <code>true</code> if, and only if, for all elements <code>x</code>
+appearing in <code>l</code>, <code>f x</code> holds. (Hides <code>List.Tot.for_all</code>, which
+requires, at type-checking time, <code>f</code> to be a pure total function.)
+Named as in: OCaml. Similar to: List.forallb in Coq</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">for_all</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">bool</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">for_all</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">true</span>
+    <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">if</span> <span class="pl-en">f</span> <span class="pl-en">hd</span> <span class="pl-k">then</span> <span class="pl-en">for_all</span> <span class="pl-en">f</span> <span class="pl-en">tl</span> <span class="pl-k">else</span> <span class="pl-c1">false</span></pre></div>
+<h4>
+<a id="user-content-forall2" class="anchor" href="#forall2" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>forall2</h4>
+<p><code>for_all f l1 l2</code> returns <code>true</code> if, and only if, for all elements
+<code>x1</code> appearing in <code>l1</code> and the element <code>x2</code> appearing in <code>l2</code> at the
+same position, <code>f x1 x2</code> holds. Raises an exception if <code>l1</code> and <code>l2</code>
+have different lengths. Similar to: List.for_all2 in OCaml. Similar
+to: List.Forall2 in Coq (which is propositional)</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">forall2</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">bool</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">forall2</span> <span class="pl-en">f</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l1</span><span class="pl-c1">,</span><span class="pl-en">l2</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[],</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">true</span>
+    <span class="pl-c1">|</span> <span class="pl-en">hd1</span><span class="pl-c1">::</span><span class="pl-en">tl1</span><span class="pl-c1">,</span> <span class="pl-en">hd2</span><span class="pl-c1">::</span><span class="pl-en">tl2</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">if</span> <span class="pl-en">f</span> <span class="pl-en">hd1</span> <span class="pl-en">hd2</span> <span class="pl-k">then</span> <span class="pl-en">forall2</span> <span class="pl-en">f</span> <span class="pl-en">tl1</span> <span class="pl-en">tl2</span> <span class="pl-k">else</span> <span class="pl-c1">false</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">failwith</span> <span class="pl-s"><span class="pl-pds">"</span>The lists do not have the same length<span class="pl-pds">"</span></span></pre></div>
+<h4>
+<a id="user-content-collect" class="anchor" href="#collect" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>collect</h4>
+<p><code>collect f l</code> applies <code>f</code> to each element of <code>l</code> and returns the
+concatenation of the results, in the order of the original elements of
+<code>l</code>. It is equivalent to <code>flatten (map f l)</code>. (Hides
+<code>List.Tot.collect</code> which requires, at type-checking time, <code>f</code> to be a
+pure total function.) TODO: what is the difference with <code>concatMap</code>?</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">collect</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'b</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">collect</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+    <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">hd</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">collect</span> <span class="pl-en">f</span> <span class="pl-en">tl</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-tryfind" class="anchor" href="#tryfind" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>tryFind</h4>
+<p><code>tryFind f l</code> returns <code>Some x</code> for some element <code>x</code> appearing in
+<code>l</code> such that <code>f x</code> holds, or <code>None</code> only if no such <code>x</code>
+exists. (Hides <code>List.Tot.tryFind</code>, which requires, at type-checking
+time, <code>f</code> to be a pure total function.)</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">tryFind</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">(</span><span class="pl-en">option</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">tryFind</span> <span class="pl-en">p</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">None</span>
+    <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">if</span> <span class="pl-en">p</span> <span class="pl-en">hd</span> <span class="pl-k">then</span> <span class="pl-c1">Some</span> <span class="pl-en">hd</span> <span class="pl-k">else</span> <span class="pl-en">tryFind</span> <span class="pl-en">p</span> <span class="pl-en">tl</span></pre></div>
+<h4>
+<a id="user-content-trypick" class="anchor" href="#trypick" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>tryPick</h4>
+<p><code>tryPick f l</code> returns <code>y</code> for some element <code>x</code> appearing in <code>l</code>
+such that <code>f x = Some y</code> for some y, or <code>None</code> only if <code>f x = None</code>
+for all elements <code>x</code> of <code>l</code>. (Hides <code>List.Tot.tryPick</code>, which
+requires, at type-checking time, <code>f</code> to be a pure total function.)</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">tryPick</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">(</span><span class="pl-en">option</span> <span class="pl-smi">'b</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">(</span><span class="pl-en">option</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">tryPick</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">None</span>
+    <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span>
+       <span class="pl-k">match</span> <span class="pl-en">f</span> <span class="pl-en">hd</span> <span class="pl-k">with</span>
+         <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Some</span> <span class="pl-en">x</span>
+         <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">tryPick</span> <span class="pl-en">f</span> <span class="pl-en">tl</span></pre></div>
+<h4>
+<a id="user-content-choose" class="anchor" href="#choose" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>choose</h4>
+<p><code>choose f l</code> returns the list of <code>y</code> for all elements <code>x</code>
+appearing in <code>l</code> such that <code>f x = Some y</code> for some <code>y</code>. (Hides
+<code>List.Tot.choose</code> which requires, at type-checking time, <code>f</code> to be a
+pure total function.)</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">choose</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">(</span><span class="pl-en">option</span> <span class="pl-smi">'b</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">choose</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+    <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span>
+       <span class="pl-k">match</span> <span class="pl-en">f</span> <span class="pl-en">hd</span> <span class="pl-k">with</span>
+         <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">::(</span><span class="pl-en">choose</span> <span class="pl-en">f</span> <span class="pl-en">tl</span><span class="pl-c1">)</span>
+         <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">choose</span> <span class="pl-en">f</span> <span class="pl-en">tl</span></pre></div>
+<h4>
+<a id="user-content-partition" class="anchor" href="#partition" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>partition</h4>
+<p><code>partition f l</code> returns the pair of lists <code>(l1, l2)</code> where all
+elements <code>x</code> of <code>l</code> are in <code>l1</code> if <code>f x</code> holds, and in <code>l2</code>
+otherwise. Both <code>l1</code> and <code>l2</code> retain the original order of <code>l</code>. (Hides
+<code>List.Tot.partition</code>, which requires, at type-checking time, <code>f</code> to be
+a pure total function.)</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">partition</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> * <span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">partition</span> <span class="pl-en">f</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[],</span> <span class="pl-c1">[]</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span>
+     <span class="pl-k">let</span> <span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">l2</span> <span class="pl-c1">=</span> <span class="pl-en">partition</span> <span class="pl-en">f</span> <span class="pl-en">tl</span> <span class="pl-k">in</span>
+     <span class="pl-k">if</span> <span class="pl-en">f</span> <span class="pl-en">hd</span>
+     <span class="pl-k">then</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">l2</span>
+     <span class="pl-k">else</span> <span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">l2</span></pre></div>
+<p>List of tuples *</p>
+<h4>
+<a id="user-content-zip" class="anchor" href="#zip" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>zip</h4>
+<p><a href="#zip"><code>zip</code></a> takes two lists <code>x1, ..., xn</code> and <code>y1, ..., yn</code> and returns
+the list of pairs <code>(x1, y1), ..., (xn, yn)</code>. Raises an exception if
+the two lists have different lengths. Named as in: Haskell</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">zip</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> * <span class="pl-smi">'b</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">zip</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l1</span><span class="pl-c1">,</span><span class="pl-en">l2</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[],</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+    <span class="pl-c1">|</span> <span class="pl-en">hd1</span><span class="pl-c1">::</span><span class="pl-en">tl1</span><span class="pl-c1">,</span> <span class="pl-en">hd2</span><span class="pl-c1">::</span><span class="pl-en">tl2</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">hd1</span><span class="pl-c1">,</span><span class="pl-en">hd2</span><span class="pl-c1">)::(</span><span class="pl-en">zip</span> <span class="pl-en">tl1</span> <span class="pl-en">tl2</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">failwith</span> <span class="pl-s"><span class="pl-pds">"</span>The lists do not have the same length<span class="pl-pds">"</span></span></pre></div>
+<p>Sorting (implemented as quicksort) *</p>
+<h4>
+<a id="user-content-sortwith" class="anchor" href="#sortwith" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>sortWith</h4>
+<p><code>sortWith compare l</code> returns the list <code>l'</code> containing the elements
+of <code>l</code> sorted along the comparison function <code>compare</code>, in such a way
+that if <code>compare x y &gt; 0</code>, then <code>x</code> appears before <code>y</code> in <code>l'</code>. (Hides
+<code>List.Tot.sortWith</code>, which requires, at type-checking time, <code>compare</code>
+to be a pure total function.)</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sortWith</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">sortWith</span> <span class="pl-en">f</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+  <span class="pl-c1">|</span> <span class="pl-en">pivot</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span>
+     <span class="pl-k">let</span> <span class="pl-en">hi</span><span class="pl-c1">,</span> <span class="pl-en">lo</span>  <span class="pl-c1">=</span> <span class="pl-en">partition</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span> <span class="pl-en">pivot</span> <span class="pl-en">x</span> &gt; <span class="pl-c1">0</span><span class="pl-c1">)</span> <span class="pl-en">tl</span> <span class="pl-k">in</span>
+     <span class="pl-en">sortWith</span> <span class="pl-en">f</span> <span class="pl-en">lo</span>@<span class="pl-c1">(</span><span class="pl-en">pivot</span><span class="pl-c1">::</span><span class="pl-en">sortWith</span> <span class="pl-en">f</span> <span class="pl-en">hi</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-splitat" class="anchor" href="#splitat" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>splitAt</h4>
+<p><code>splitAt n l</code> returns the pair of lists <code>(l1, l2)</code> such that <code>l1</code>
+contains the first <code>n</code> elements of <code>l</code> and <code>l2</code> contains the
+rest. Raises an exception if <code>l</code> has fewer than <code>n</code> elements.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">splitAt</span><span class="pl-c1">:</span> <span class="pl-c1">nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'a</span> * <span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">splitAt</span> <span class="pl-en">n</span> <span class="pl-en">l</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-c1">[],</span> <span class="pl-en">l</span>
+  <span class="pl-k">else</span>
+    <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">[]</span>     <span class="pl-c1">-&gt;</span> <span class="pl-k">failwith</span> <span class="pl-s"><span class="pl-pds">"</span>splitAt index is more that list length<span class="pl-pds">"</span></span>
+      <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">let</span> <span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">l2</span> <span class="pl-c1">=</span> <span class="pl-en">splitAt</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">tl</span> <span class="pl-k">in</span>
+        <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">l2</span></pre></div>
+<h4>
+<a id="user-content-filter_map_acc" class="anchor" href="#filter_map_acc" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>filter_map_acc</h4>
+<p><code>filter_map f l</code> returns the list of <code>y</code> for all elements <code>x</code>
+appearing in <code>l</code> such that <code>f x = Some y</code> for some <code>y</code>. (Implemented
+here as a tail-recursive version of <a href="#choose"><code>choose</code></a></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">filter_map</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">(</span><span class="pl-en">option</span> <span class="pl-smi">'b</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">ML</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">filter_map_acc</span> <span class="pl-c1">(</span><span class="pl-en">acc</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">ML</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-en">rev</span> <span class="pl-en">acc</span>
+    <span class="pl-c1">|</span> <span class="pl-en">hd</span> <span class="pl-c1">::</span> <span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">match</span> <span class="pl-en">f</span> <span class="pl-en">hd</span> <span class="pl-k">with</span>
+        <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">hd</span> <span class="pl-c1">-&gt;</span>
+            <span class="pl-en">filter_map_acc</span> <span class="pl-c1">(</span><span class="pl-en">hd</span> <span class="pl-c1">::</span> <span class="pl-en">acc</span><span class="pl-c1">)</span> <span class="pl-en">tl</span>
+        <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span>
+            <span class="pl-en">filter_map_acc</span> <span class="pl-en">acc</span> <span class="pl-en">tl</span>
+  <span class="pl-k">in</span>
+  <span class="pl-en">filter_map_acc</span> <span class="pl-c1">[]</span> <span class="pl-en">l</span></pre></div>
+<h4>
+<a id="user-content-index" class="anchor" href="#index" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>index</h4>
+<p><code>index f l</code> returns the position index in list <code>l</code> of the first
+element <code>x</code> in <code>l</code> such that <code>f x</code> holds. Raises an exception if no
+such <code>x</code> exists. TODO: rename this function (it hides List.Tot.index
+which has a completely different semantics.)</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">index</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">int</span>
+<span class="pl-k">let</span> <span class="pl-en">index</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">index</span> <span class="pl-en">l</span> <span class="pl-en">i</span> <span class="pl-c1">:</span> <span class="pl-c1">ML</span> <span class="pl-c1">int</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">failwith</span> <span class="pl-s"><span class="pl-pds">"</span>List.index: not found<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-en">hd</span> <span class="pl-c1">::</span> <span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">if</span> <span class="pl-en">f</span> <span class="pl-en">hd</span> <span class="pl-k">then</span>
+          <span class="pl-en">i</span>
+        <span class="pl-k">else</span>
+          <span class="pl-en">index</span> <span class="pl-en">tl</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">)</span>
+  <span class="pl-k">in</span>
+  <span class="pl-en">index</span> <span class="pl-en">l</span> <span class="pl-c1">0</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.MRef.html b/docs/FStar.MRef.html
index 1d5da0e..50801e9 100644
--- a/docs/FStar.MRef.html
+++ b/docs/FStar.MRef.html
@@ -1,16 +1,45 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.MRef</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.mref">module FStar.MRef</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarmref" class="anchor" href="#fstarmref" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.MRef</h1>
+<ul>
+<li>
+<p>Opens module <a href="FStar.Heap.html">FStar.Heap</a></p>
+</li>
+<li>
+<p>Opens module <a href="FStar.ST.html">FStar.ST</a></p>
+</li>
+<li>
+<p>Opens module <a href="FStar.Preorder.html">FStar.Preorder</a></p>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">stable</span> <span class="pl-c1">=</span> <span class="pl-smi">FStar.Preorder.</span><span class="pl-en">stable</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">token</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type){</span><span class="pl-en">stable</span> <span class="pl-en">p</span> <span class="pl-en">b</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Type0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">witness_token</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type){</span><span class="pl-en">stable</span> <span class="pl-en">p</span> <span class="pl-en">b</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">ST</span> <span class="pl-c1">unit</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-en">h0</span> <span class="pl-en">m</span><span class="pl-c1">)))</span>
+            <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-c1">_</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">h0</span><span class="pl-c1">==</span><span class="pl-en">h1</span> <span class="pl-c1">/\</span> <span class="pl-en">token</span> <span class="pl-en">m</span> <span class="pl-en">p</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">recall_token</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type){</span><span class="pl-en">stable</span> <span class="pl-en">p</span> <span class="pl-en">b</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">ST</span> <span class="pl-c1">unit</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>  <span class="pl-en">token</span> <span class="pl-en">m</span> <span class="pl-en">p</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-c1">_</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">h0</span><span class="pl-c1">==</span><span class="pl-en">h1</span> <span class="pl-c1">/\</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-en">h1</span> <span class="pl-en">m</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">spred</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type){</span><span class="pl-smi">Preorder.</span><span class="pl-en">stable</span> <span class="pl-en">p</span> <span class="pl-en">rel</span><span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_functoriality</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">q</span><span class="pl-c1">:</span><span class="pl-en">spred</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">token</span> <span class="pl-en">r</span> <span class="pl-en">p</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">q</span> <span class="pl-en">x</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">token</span> <span class="pl-en">r</span> <span class="pl-en">q</span><span class="pl-c1">))</span></pre></div>
+<p>KM : These don't have much to do here...</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">recall</span><span class="pl-c1">:</span> <span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">heap</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type){</span><span class="pl-c1">ST</span><span class="pl-c1">.</span><span class="pl-en">stable</span> <span class="pl-en">p</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">ST</span> <span class="pl-c1">unit</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>  <span class="pl-en">witnessed</span> <span class="pl-en">p</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-c1">_</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">h0</span> <span class="pl-c1">==</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span> <span class="pl-en">p</span> <span class="pl-en">h1</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">witness</span><span class="pl-c1">:</span> <span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">heap</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type){</span><span class="pl-c1">ST</span><span class="pl-c1">.</span><span class="pl-en">stable</span> <span class="pl-en">p</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">ST</span> <span class="pl-c1">unit</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-en">h0</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-c1">_</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">h0</span><span class="pl-c1">==</span><span class="pl-en">h1</span> <span class="pl-c1">/\</span> <span class="pl-en">witnessed</span> <span class="pl-en">p</span><span class="pl-c1">))</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Map.html b/docs/FStar.Map.html
index 45a54a8..8c50974 100644
--- a/docs/FStar.Map.html
+++ b/docs/FStar.Map.html
@@ -1,57 +1,134 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Map</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.map">module FStar.Map</h1>
-<p>FStar.Map provides a polymorphic, partial map from keys to</p>
-<p>values, where keys support decidable equality.</p>
+<h1>
+<a id="user-content-fstarmap" class="anchor" href="#fstarmap" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Map</h1>
+<ul>
+<li>Aliases module <a href="FStar.Set.html"> FStar.Set</a> as <code>S </code>
+@summary FStar.Map provides a polymorphic, partial map from keys to
+values, where keys support decidable equality.</li>
+</ul>
 <p><code>m:Map.t key value</code> is a partial map from <code>key</code> to <code>value</code></p>
 <p>A distinctive feature of the library is in its model of partiality.</p>
-<p>A map can be seen as a pair of: 1. a total map <code>key -&gt; Tot value</code> 2. a set of keys that record the domain of the map</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">* Extensional equality **</code></pre></div>
+<p>A map can be seen as a pair of:</p>
+<ol>
+<li>a total map <code>key -&gt; Tot value</code>
+</li>
+<li>a set of keys that record the domain of the map</li>
+</ol>
+<p>Map.t key value: The main type provided by this module</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">t</span> <span class="pl-c1">(</span><span class="pl-en">key</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">value</span><span class="pl-c1">:Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span></pre></div>
+<p>sel m k : Look up key <code>k</code> in map <code>m</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sel</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">key</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">value</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">value</span></pre></div>
+<p>upd m k v : A map identical to <code>m</code> except mapping <code>k</code> to <code>v</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">upd</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">key</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">value</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">value</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span><span class="pl-c1">)</span></pre></div>
+<p>const v : A constant map mapping all keys to <code>v</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">const</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">key</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">value</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">value</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span><span class="pl-c1">)</span></pre></div>
+<p>domain m : The set of keys on which this partial map is defined</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">domain</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">key</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">value</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">set</span> <span class="pl-en">key</span><span class="pl-c1">)</span></pre></div>
+<p>contains m k: Decides if key <code>k</code> is in the map <code>m</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">contains</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">key</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">value</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span></pre></div>
+<p>concat m1 m2 :
+A map whose domain is the union of the domains of <code>m1</code> and <code>m2</code>.</p>
+<pre><code> Maps every key `k` in the domain of `m1` to `sel m1 k`
+ and all other keys to `sel m2 k`.
+</code></pre>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">concat</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">key</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">value</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span><span class="pl-c1">)</span></pre></div>
+<p>map_val f m:
+A map whose domain is the same as <code>m</code> but all values have
+<code>f</code> applied to them.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">map_val</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">val1</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">val2</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-en">val1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">val2</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">key</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">val1</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">val2</span><span class="pl-c1">)</span></pre></div>
+<p>restrict s m:
+Restricts the domain of <code>m</code> to (domain m <code>intersect</code> s)</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">restrict</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">key</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">value</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">S.</span><span class="pl-en">set</span> <span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span><span class="pl-c1">)</span></pre></div>
+<p>const_on dom v: A defined notion, for convenience
+A partial constant map on dom</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">const_on</span> <span class="pl-c1">(#</span><span class="pl-en">key</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(#</span><span class="pl-en">value</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">dom</span><span class="pl-c1">:</span><span class="pl-smi">S.</span><span class="pl-en">set</span> <span class="pl-en">key</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">value</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span>
+  <span class="pl-c1">=</span> <span class="pl-en">restrict</span> <span class="pl-en">dom</span> <span class="pl-c1">(</span><span class="pl-en">const</span> <span class="pl-en">v</span><span class="pl-c1">)</span></pre></div>
+<p>disjoint_dom m1 m2:
+Disjoint domains. TODO: its pattern is biased towards <code>m1</code>. Why?</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">disjoint_dom</span> <span class="pl-c1">(#</span><span class="pl-en">key</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(#</span><span class="pl-en">value</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m2</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">contains</span> <span class="pl-en">m1</span> <span class="pl-en">x</span><span class="pl-c1">)</span><span class="pl-c"><span class="pl-c">(*</span> ; (contains m2 x) <span class="pl-c">*)</span></span><span class="pl-c1">}</span> <span class="pl-en">contains</span> <span class="pl-en">m1</span> <span class="pl-en">x</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-en">contains</span> <span class="pl-en">m2</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<p>has_dom m dom: A relational version of the <code>domain m</code> function</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">has_dom</span> <span class="pl-c1">(#</span><span class="pl-en">key</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(#</span><span class="pl-en">value</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">dom</span><span class="pl-c1">:</span><span class="pl-smi">S.</span><span class="pl-en">set</span> <span class="pl-en">key</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">contains</span> <span class="pl-en">m</span> <span class="pl-en">x</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-smi">S.</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">dom</span></pre></div>
+<p>Properties about map functions</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_SelUpd1</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">key</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">value</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">k</span><span class="pl-c1">:</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">value</span> <span class="pl-c1">-&gt;</span>
+                   <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">m</span> <span class="pl-en">k</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-en">k</span> <span class="pl-c1">==</span> <span class="pl-en">v</span><span class="pl-c1">))</span>
+                   <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">m</span> <span class="pl-en">k</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-en">k</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_SelUpd2</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">key</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">value</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">k1</span><span class="pl-c1">:</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">k2</span><span class="pl-c1">:</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">value</span> <span class="pl-c1">-&gt;</span>
+                   <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">k2</span><span class="pl-c1">=</span>!<span class="pl-c1">=</span><span class="pl-en">k1</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">m</span> <span class="pl-en">k2</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-en">k1</span> <span class="pl-c1">==</span> <span class="pl-en">sel</span> <span class="pl-en">m</span> <span class="pl-en">k1</span><span class="pl-c1">))</span>
+                   <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">m</span> <span class="pl-en">k2</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-en">k1</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_SelConst</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">key</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">value</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">value</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">k</span><span class="pl-c1">:</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span>
+                    <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-en">const</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-en">k</span> <span class="pl-c1">==</span> <span class="pl-en">v</span><span class="pl-c1">))</span>
+                    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-en">const</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-en">k</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_SelRestrict</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">key</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">value</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">ks</span><span class="pl-c1">:</span><span class="pl-smi">S.</span><span class="pl-en">set</span> <span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">k</span><span class="pl-c1">:</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span>
+                       <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">mem</span> <span class="pl-en">k</span> <span class="pl-en">ks</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-en">restrict</span> <span class="pl-en">ks</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-en">k</span> <span class="pl-c1">==</span> <span class="pl-en">sel</span> <span class="pl-en">m</span> <span class="pl-en">k</span><span class="pl-c1">))</span>
+                       <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-en">restrict</span> <span class="pl-en">ks</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-en">k</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_SelConcat1</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">key</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">value</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m2</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">k</span><span class="pl-c1">:</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span>
+                      <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">contains</span> <span class="pl-en">m2</span> <span class="pl-en">k</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-en">concat</span> <span class="pl-en">m1</span> <span class="pl-en">m2</span><span class="pl-c1">)</span> <span class="pl-en">k</span><span class="pl-c1">==</span><span class="pl-en">sel</span> <span class="pl-en">m2</span> <span class="pl-en">k</span><span class="pl-c1">))</span>
+                      <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-en">concat</span> <span class="pl-en">m1</span> <span class="pl-en">m2</span><span class="pl-c1">)</span> <span class="pl-en">k</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_SelConcat2</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">key</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">value</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m2</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">k</span><span class="pl-c1">:</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span>
+                      <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">not</span><span class="pl-c1">(</span><span class="pl-en">contains</span> <span class="pl-en">m2</span> <span class="pl-en">k</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-en">concat</span> <span class="pl-en">m1</span> <span class="pl-en">m2</span><span class="pl-c1">)</span> <span class="pl-en">k</span><span class="pl-c1">==</span><span class="pl-en">sel</span> <span class="pl-en">m1</span> <span class="pl-en">k</span><span class="pl-c1">))</span>
+                      <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-en">concat</span> <span class="pl-en">m1</span> <span class="pl-en">m2</span><span class="pl-c1">)</span> <span class="pl-en">k</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_SelMapVal</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">val1</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">val2</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-en">val1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">val2</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">key</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">val1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">k</span><span class="pl-c1">:</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span>
+                     <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-en">map_val</span> <span class="pl-en">f</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-en">k</span> <span class="pl-c1">==</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-en">m</span> <span class="pl-en">k</span><span class="pl-c1">)))</span>
+                     <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-en">map_val</span> <span class="pl-en">f</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-en">k</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_InDomUpd1</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">key</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">value</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">k1</span><span class="pl-c1">:</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">k2</span><span class="pl-c1">:</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">value</span> <span class="pl-c1">-&gt;</span>
+                     <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">contains</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">m</span> <span class="pl-en">k1</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-en">k2</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-en">k1</span><span class="pl-c1">=</span><span class="pl-en">k2</span> <span class="pl-c1">||</span> <span class="pl-en">contains</span> <span class="pl-en">m</span> <span class="pl-en">k2</span><span class="pl-c1">)))</span>
+                     <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">contains</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">m</span> <span class="pl-en">k1</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-en">k2</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_InDomUpd2</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">key</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">value</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">k1</span><span class="pl-c1">:</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">k2</span><span class="pl-c1">:</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">value</span> <span class="pl-c1">-&gt;</span>
+                     <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">k2</span><span class="pl-c1">=</span>!<span class="pl-c1">=</span><span class="pl-en">k1</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">contains</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">m</span> <span class="pl-en">k2</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-en">k1</span> <span class="pl-c1">==</span> <span class="pl-en">contains</span> <span class="pl-en">m</span> <span class="pl-en">k1</span><span class="pl-c1">))</span>
+                     <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">contains</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">m</span> <span class="pl-en">k2</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-en">k1</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_InDomConstMap</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">key</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">value</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">value</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">k</span><span class="pl-c1">:</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span>
+                         <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">contains</span> <span class="pl-c1">(</span><span class="pl-en">const</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-en">k</span><span class="pl-c1">))</span>
+                         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">contains</span> <span class="pl-c1">(</span><span class="pl-en">const</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-en">k</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_InDomConcat</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">key</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">value</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m2</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">k</span><span class="pl-c1">:</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span>
+                 <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">contains</span> <span class="pl-c1">(</span><span class="pl-en">concat</span> <span class="pl-en">m1</span> <span class="pl-en">m2</span><span class="pl-c1">)</span> <span class="pl-en">k</span><span class="pl-c1">==(</span><span class="pl-en">contains</span> <span class="pl-en">m1</span> <span class="pl-en">k</span> <span class="pl-c1">||</span> <span class="pl-en">contains</span> <span class="pl-en">m2</span> <span class="pl-en">k</span><span class="pl-c1">)))</span>
+                 <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">contains</span> <span class="pl-c1">(</span><span class="pl-en">concat</span> <span class="pl-en">m1</span> <span class="pl-en">m2</span><span class="pl-c1">)</span> <span class="pl-en">k</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_InMapVal</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">val1</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">val2</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-en">val1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">val2</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">key</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">val1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">k</span><span class="pl-c1">:</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span>
+                    <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">contains</span> <span class="pl-c1">(</span><span class="pl-en">map_val</span> <span class="pl-en">f</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-en">k</span> <span class="pl-c1">==</span> <span class="pl-en">contains</span> <span class="pl-en">m</span> <span class="pl-en">k</span><span class="pl-c1">))</span>
+                    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">contains</span> <span class="pl-c1">(</span><span class="pl-en">map_val</span> <span class="pl-en">f</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-en">k</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_InDomRestrict</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">key</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">value</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">ks</span><span class="pl-c1">:</span><span class="pl-smi">S.</span><span class="pl-en">set</span> <span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">k</span><span class="pl-c1">:</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span>
+                         <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">contains</span> <span class="pl-c1">(</span><span class="pl-en">restrict</span> <span class="pl-en">ks</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-en">k</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">mem</span> <span class="pl-en">k</span> <span class="pl-en">ks</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">contains</span> <span class="pl-en">m</span> <span class="pl-en">k</span><span class="pl-c1">)))</span>
+                         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">contains</span> <span class="pl-c1">(</span><span class="pl-en">restrict</span> <span class="pl-en">ks</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-en">k</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_ContainsDom</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">key</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">value</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">k</span><span class="pl-c1">:</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">contains</span> <span class="pl-en">m</span> <span class="pl-en">k</span> <span class="pl-c1">=</span> <span class="pl-smi">S.</span><span class="pl-en">mem</span> <span class="pl-en">k</span> <span class="pl-c1">(</span><span class="pl-en">domain</span> <span class="pl-en">m</span><span class="pl-c1">)))</span>
+                      <span class="pl-c1">[</span><span class="pl-k">SMTPatOr</span><span class="pl-c1">[[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">contains</span> <span class="pl-en">m</span> <span class="pl-en">k</span><span class="pl-c1">)];</span> <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">mem</span> <span class="pl-en">k</span> <span class="pl-c1">(</span><span class="pl-en">domain</span> <span class="pl-en">m</span><span class="pl-c1">))]]]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_UpdDomain</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">key</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">value</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">k</span><span class="pl-c1">:</span><span class="pl-en">key</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">value</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-en">domain</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">m</span> <span class="pl-en">k</span> <span class="pl-en">v</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">union</span> <span class="pl-c1">(</span><span class="pl-en">domain</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">singleton</span> <span class="pl-en">k</span><span class="pl-c1">))))</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">domain</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">m</span> <span class="pl-en">k</span> <span class="pl-en">v</span><span class="pl-c1">))]</span></pre></div>
+<h3>
+<a id="user-content-extensional-equality-" class="anchor" href="#extensional-equality-" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Extensional equality **</h3>
+<p>equal m1 m2:
+Maps <code>m1</code> and <code>m2</code> have the same domain and
+and are pointwise equal on that domain.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">equal</span> <span class="pl-c1">(#</span><span class="pl-en">key</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(#</span><span class="pl-en">value</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m2</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">prop</span></pre></div>
+<p>lemma_equal_intro:
+Introducing <code>equal m1 m2</code> by showing maps to be pointwise equal on the same domain</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_equal_intro</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">key</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">value</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m2</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span> <span class="pl-c1">-&gt;</span>
+                       <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">k</span><span class="pl-c1">.</span> <span class="pl-en">sel</span> <span class="pl-en">m1</span> <span class="pl-en">k</span> <span class="pl-c1">==</span> <span class="pl-en">sel</span> <span class="pl-en">m2</span> <span class="pl-en">k</span> <span class="pl-c1">/\</span>
+                                             <span class="pl-en">contains</span> <span class="pl-en">m1</span> <span class="pl-en">k</span> <span class="pl-c1">=</span> <span class="pl-en">contains</span> <span class="pl-en">m2</span> <span class="pl-en">k</span><span class="pl-c1">))</span>
+                             <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">m1</span> <span class="pl-en">m2</span><span class="pl-c1">))</span>
+                             <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">m1</span> <span class="pl-en">m2</span><span class="pl-c1">)]</span></pre></div>
+<p>lemma_equal_elim:
+Eliminating <code>equal m1 m2</code> to provable equality of maps
+Internally, this involves a use of functional extensionality</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_equal_elim</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">key</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">value</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m2</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span> <span class="pl-c1">-&gt;</span>
+                      <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">m1</span> <span class="pl-en">m2</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">m1</span> <span class="pl-c1">==</span> <span class="pl-en">m2</span><span class="pl-c1">))</span>
+                            <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">m1</span> <span class="pl-en">m2</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>use lemma_equal_elim<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">val</span> <span class="pl-en">lemma_equal_refl</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">key</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">value</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m2</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">key</span> <span class="pl-en">value</span> <span class="pl-c1">-&gt;</span>
+                      <span class="pl-c1">Lemma</span>  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">m1</span> <span class="pl-c1">==</span> <span class="pl-en">m2</span><span class="pl-c1">))</span>
+                             <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">m1</span> <span class="pl-en">m2</span><span class="pl-c1">))</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.MarkovsPrinciple.html b/docs/FStar.MarkovsPrinciple.html
index b4d56ad..7c02c4e 100644
--- a/docs/FStar.MarkovsPrinciple.html
+++ b/docs/FStar.MarkovsPrinciple.html
@@ -1,16 +1,21 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.MarkovsPrinciple</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.markovsprinciple">module FStar.MarkovsPrinciple</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarmarkovsprinciple" class="anchor" href="#fstarmarkovsprinciple" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.MarkovsPrinciple</h1>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">markovs_principle</span> <span class="pl-c1">:</span> <span class="pl-en">p</span><span class="pl-c1">:(nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Ghost</span> <span class="pl-c1">nat</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(~(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat).</span> <span class="pl-c1">~(</span><span class="pl-en">p</span> <span class="pl-en">n</span><span class="pl-c1">))))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-en">n</span><span class="pl-c1">))</span></pre></div>
+<p>here is a stronger variant of Markov's principle
+(might be as strong as indefinite description?)</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">stronger_markovs_principle</span> <span class="pl-c1">:</span> <span class="pl-en">p</span><span class="pl-c1">:(nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Ghost</span> <span class="pl-c1">nat</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(~(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat).</span> <span class="pl-c1">~(</span><span class="pl-en">p</span> <span class="pl-en">n</span><span class="pl-c1">))))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-en">n</span><span class="pl-c1">))</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Math.Euclid.html b/docs/FStar.Math.Euclid.html
index 37de926..ade5315 100644
--- a/docs/FStar.Math.Euclid.html
+++ b/docs/FStar.Math.Euclid.html
@@ -1,16 +1,108 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Math.Euclid</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.math.euclid">module FStar.Math.Euclid</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarmatheuclid" class="anchor" href="#fstarmatheuclid" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Math.Euclid</h1>
+<ul>
+<li>Opens module <a href="FStar.Mul.html">FStar.Mul</a>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#set-options</span> "<span class="pl-s">--fuel 0 --ifuel 0 --z3rlimit 40</span>"</pre></div>
+<blockquote>
+<p>Divides relation</p>
+<p>It is reflexive, transitive, and antisymmetric up to sign.
+When a &lt;&gt; 0, a <code>divides</code> b iff a % b = 0 (this is proved below)</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">divides</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-en">prop</span> <span class="pl-c1">=</span> <span class="pl-k">exists</span> <span class="pl-en">q</span><span class="pl-c1">.</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">q</span> * <span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">divides_reflexive</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">`</span><span class="pl-en">divides</span><span class="pl-c1">`</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">`</span><span class="pl-en">divides</span><span class="pl-c1">`</span> <span class="pl-en">a</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">divides_transitive</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">a</span> <span class="pl-c1">`</span><span class="pl-en">divides</span><span class="pl-c1">`</span> <span class="pl-en">b</span> <span class="pl-c1">/\</span> <span class="pl-en">b</span> <span class="pl-c1">`</span><span class="pl-en">divides</span><span class="pl-c1">`</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-en">a</span> <span class="pl-c1">`</span><span class="pl-en">divides</span><span class="pl-c1">`</span> <span class="pl-en">c</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">divide_antisym</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">a</span> <span class="pl-c1">`</span><span class="pl-en">divides</span><span class="pl-c1">`</span> <span class="pl-en">b</span> <span class="pl-c1">/\</span> <span class="pl-en">b</span> <span class="pl-c1">`</span><span class="pl-en">divides</span><span class="pl-c1">`</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">b</span> <span class="pl-c1">\/</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-c1">-</span><span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">divides_0</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">`</span><span class="pl-en">divides</span><span class="pl-c1">`</span> <span class="pl-c1">0</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">divides_1</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">a</span> <span class="pl-c1">`</span><span class="pl-en">divides</span><span class="pl-c1">`</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-c1">1</span> <span class="pl-c1">\/</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-c1">-</span><span class="pl-c1">1</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">divides_minus</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">a</span> <span class="pl-c1">`</span><span class="pl-en">divides</span><span class="pl-c1">`</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-en">a</span> <span class="pl-c1">`</span><span class="pl-en">divides</span><span class="pl-c1">`</span> <span class="pl-c1">(-</span><span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">divides_opp</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">a</span> <span class="pl-c1">`</span><span class="pl-en">divides</span><span class="pl-c1">`</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(-</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">`</span><span class="pl-en">divides</span><span class="pl-c1">`</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">divides_plus</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">d</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">d</span> <span class="pl-c1">`</span><span class="pl-en">divides</span><span class="pl-c1">`</span> <span class="pl-en">a</span> <span class="pl-c1">/\</span> <span class="pl-en">d</span> <span class="pl-c1">`</span><span class="pl-en">divides</span><span class="pl-c1">`</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-en">d</span> <span class="pl-c1">`</span><span class="pl-en">divides</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">divides_sub</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">d</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">d</span> <span class="pl-c1">`</span><span class="pl-en">divides</span><span class="pl-c1">`</span> <span class="pl-en">a</span> <span class="pl-c1">/\</span> <span class="pl-en">d</span> <span class="pl-c1">`</span><span class="pl-en">divides</span><span class="pl-c1">`</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-en">d</span> <span class="pl-c1">`</span><span class="pl-en">divides</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">divides_mult_right</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">d</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">d</span> <span class="pl-c1">`</span><span class="pl-en">divides</span><span class="pl-c1">`</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-en">d</span> <span class="pl-c1">`</span><span class="pl-en">divides</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<blockquote>
+<p>Greatest Common Divisor (GCD) relation</p>
+<p>We deviate from the standard definition in that we allow the divisor to
+be negative. Thus, the GCD of two integers is unique up to sign.</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">is_gcd</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">d</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-en">prop</span> <span class="pl-c1">=</span>
+  <span class="pl-en">d</span> <span class="pl-c1">`</span><span class="pl-en">divides</span><span class="pl-c1">`</span> <span class="pl-en">a</span> <span class="pl-c1">/\</span>
+  <span class="pl-en">d</span> <span class="pl-c1">`</span><span class="pl-en">divides</span><span class="pl-c1">`</span> <span class="pl-en">b</span> <span class="pl-c1">/\</span>
+  <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">divides</span><span class="pl-c1">`</span> <span class="pl-en">a</span> <span class="pl-c1">/\</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">divides</span><span class="pl-c1">`</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">divides</span><span class="pl-c1">`</span> <span class="pl-en">d</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mod_divides</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">nonzero</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">a</span> % <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">b</span> <span class="pl-c1">`</span><span class="pl-en">divides</span><span class="pl-c1">`</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">divides_mod</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">nonzero</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">b</span> <span class="pl-c1">`</span><span class="pl-en">divides</span><span class="pl-c1">`</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">a</span> % <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">is_gcd_unique</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-en">d</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">is_gcd</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">/\</span> <span class="pl-en">is_gcd</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">d</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">d</span> <span class="pl-c1">\/</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-c1">-</span><span class="pl-en">d</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">is_gcd_reflexive</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">is_gcd</span> <span class="pl-en">a</span> <span class="pl-en">a</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">is_gcd_symmetric</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">d</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">is_gcd</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">d</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-en">is_gcd</span> <span class="pl-en">b</span> <span class="pl-en">a</span> <span class="pl-en">d</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">is_gcd_0</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">is_gcd</span> <span class="pl-en">a</span> <span class="pl-c1">0</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">is_gcd_1</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">is_gcd</span> <span class="pl-en">a</span> <span class="pl-c1">1</span> <span class="pl-c1">1</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">is_gcd_minus</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">d</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">is_gcd</span> <span class="pl-en">a</span> <span class="pl-c1">(-</span><span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">d</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-en">is_gcd</span> <span class="pl-en">b</span> <span class="pl-en">a</span> <span class="pl-en">d</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">is_gcd_opp</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">d</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">is_gcd</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">d</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-en">is_gcd</span> <span class="pl-en">b</span> <span class="pl-en">a</span> <span class="pl-c1">(-</span><span class="pl-en">d</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">is_gcd_plus</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">q</span> <span class="pl-en">d</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">is_gcd</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">d</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-en">is_gcd</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">+</span> <span class="pl-en">q</span> * <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">d</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<p>Extended Euclidean algorithm</p>
+<p>Computes the GCD of two integers (a, b) together with Bézout coefficients
+(r, s) satisfying r a + s b = gcd(a, b)</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">euclid_gcd</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(int</span> <span class="pl-c1">&amp;</span> <span class="pl-c1">int</span> <span class="pl-c1">&amp;</span> <span class="pl-c1">int)</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">,</span> <span class="pl-en">s</span><span class="pl-c1">,</span> <span class="pl-en">d</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span> * <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">s</span> * <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">d</span> <span class="pl-c1">/\</span> <span class="pl-en">is_gcd</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">d</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<p>A definition of primality based on the divides relation</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">is_prime</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:int)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">1</span> &lt; <span class="pl-en">p</span> <span class="pl-c1">/\</span>
+  <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">d</span><span class="pl-c1">:int).{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">d</span> <span class="pl-c1">`</span><span class="pl-en">divides</span><span class="pl-c1">`</span> <span class="pl-en">p</span><span class="pl-c1">)}</span>
+     <span class="pl-c1">(</span><span class="pl-en">d</span> <span class="pl-c1">`</span><span class="pl-en">divides</span><span class="pl-c1">`</span> <span class="pl-en">p</span> <span class="pl-c1">==&gt;</span> <span class="pl-c1">(</span><span class="pl-en">d</span> <span class="pl-c1">=</span> <span class="pl-c1">1</span> <span class="pl-c1">\/</span> <span class="pl-en">d</span> <span class="pl-c1">=</span> <span class="pl-c1">-</span><span class="pl-c1">1</span> <span class="pl-c1">\/</span> <span class="pl-en">d</span> <span class="pl-c1">=</span> <span class="pl-en">p</span> <span class="pl-c1">\/</span> <span class="pl-en">d</span> <span class="pl-c1">=</span> <span class="pl-c1">-</span><span class="pl-en">p</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">bezout_prime</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:pos{</span><span class="pl-en">a</span> &lt; <span class="pl-en">p</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(int</span> <span class="pl-c1">&amp;</span> <span class="pl-c1">int)</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">is_prime</span> <span class="pl-en">p</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">,</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span> * <span class="pl-en">p</span> <span class="pl-c1">+</span> <span class="pl-en">s</span> * <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-c1">1</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<p>Euclid's lemma and its generalization to arbitrary integers</p>
+<ul>
+<li>If a prime p divides a*b, then it must divide at least one of a or b</li>
+<li>If n divides a*b and a,n are coprime then n divides b</li>
+</ul>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">euclid</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">r</span> <span class="pl-en">s</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-c1">/\</span> <span class="pl-en">r</span> * <span class="pl-en">n</span> <span class="pl-c1">+</span> <span class="pl-en">s</span> * <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-c1">1</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-en">b</span> % <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">euclid_prime</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:int{</span><span class="pl-en">is_prime</span> <span class="pl-en">p</span><span class="pl-c1">})</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-en">a</span> % <span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-c1">\/</span> <span class="pl-en">b</span> % <span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">)</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Math.Fermat.html b/docs/FStar.Math.Fermat.html
index 2d74dca..d1b4268 100644
--- a/docs/FStar.Math.Fermat.html
+++ b/docs/FStar.Math.Fermat.html
@@ -1,16 +1,40 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Math.Fermat</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.math.fermat">module FStar.Math.Fermat</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarmathfermat" class="anchor" href="#fstarmathfermat" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Math.Fermat</h1>
+<ul>
+<li>Opens module <a href="FStar.Mul.html">FStar.Mul</a>
+</li>
+<li>Opens module <a href="FStar.Math.Euclid.html">FStar.Math.Euclid</a>
+</li>
+</ul>
+<blockquote>
+<p>Fermat's Little Theorem (and Binomial Theorem)</p>
+<p>Proven by induction from the Freshman's dream identity</p>
+<p>pow (a + b) p % p = (pow a p + pow b p) % p</p>
+<p>which follows from the Binomial Theorem</p>
+<p>pow (a + b) n = sum_{i=0}^n (binomial n k * pow a (n - i) * pow b i)</p>
+<p>which in turn can be proved by induction from Pascal's identity</p>
+<p>binomial n k + binomial n (k - 1) = binomial (n + 1) k</p>
+<p>See
+<a href="https://github.com/coqtail/coqtail/blob/master/src/Hierarchy/Commutative_ring_binomial.v">https://github.com/coqtail/coqtail/blob/master/src/Hierarchy/Commutative_ring_binomial.v</a>
+<a href="https://github.com/coq-contribs/rsa/blob/master/Binomials.v">https://github.com/coq-contribs/rsa/blob/master/Binomials.v</a></p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#set-options</span> "<span class="pl-s">--fuel 0 --ifuel 0</span>"</pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">pow</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:nat)</span> <span class="pl-c1">:</span> <span class="pl-c1">int</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">k</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-c1">1</span>
+  <span class="pl-k">else</span> <span class="pl-en">a</span> * <span class="pl-en">pow</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">k</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">fermat</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:int{</span><span class="pl-en">is_prime</span> <span class="pl-en">p</span><span class="pl-c1">})</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">pow</span> <span class="pl-en">a</span> <span class="pl-en">p</span> % <span class="pl-en">p</span> <span class="pl-c1">==</span> <span class="pl-en">a</span> % <span class="pl-en">p</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mod_mult_congr</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:int{</span><span class="pl-en">is_prime</span> <span class="pl-en">p</span><span class="pl-c1">})</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">c</span><span class="pl-c1">)</span> % <span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">)</span> % <span class="pl-en">p</span> <span class="pl-c1">/\</span> <span class="pl-en">c</span> % <span class="pl-en">p</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-en">a</span> % <span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-en">b</span> % <span class="pl-en">p</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">fermat_alt</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:int{</span><span class="pl-en">is_prime</span> <span class="pl-en">p</span><span class="pl-c1">})</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int{</span><span class="pl-en">a</span> % <span class="pl-en">p</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">pow</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> % <span class="pl-en">p</span> <span class="pl-c1">==</span> <span class="pl-c1">1</span><span class="pl-c1">)</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Math.Lemmas.html b/docs/FStar.Math.Lemmas.html
index 93d7bec..4a38701 100644
--- a/docs/FStar.Math.Lemmas.html
+++ b/docs/FStar.Math.Lemmas.html
@@ -1,57 +1,815 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Math.Lemmas</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.math.lemmas">module FStar.Math.Lemmas</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> modulo_lemma:Unidentified product: [a:nat] Unidentified product: [b:pos] (Lemma ((requires (&lt;(a, b)))) ((ensures (=(%(a, b), a)))))</code></pre></div>
+<h1>
+<a id="user-content-fstarmathlemmas" class="anchor" href="#fstarmathlemmas" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Math.Lemmas</h1>
+<ul>
+<li>Opens module <a href="FStar.Mul.html">FStar.Mul</a>
+</li>
+<li>Opens module <a href="FStar.Math.Lib.html">FStar.Math.Lib</a>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">#</span><span class="pl-en">push</span><span class="pl-c1">-</span><span class="pl-en">options</span> <span class="pl-s"><span class="pl-pds">"</span>--fuel 0 --ifuel 0<span class="pl-pds">"</span></span></pre></div>
+<p>Lemma: definition of Euclidean division</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">euclidean_div_axiom</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">b</span><span class="pl-c1">)</span> &gt;<span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-c1">/\</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">b</span><span class="pl-c1">)</span> &lt; <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">euclidean_div_axiom</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_eucl_div_bound</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">q</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">a</span> &lt; <span class="pl-en">q</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">q</span> * <span class="pl-en">b</span> &lt; <span class="pl-en">q</span> * <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">+</span><span class="pl-c1">1</span><span class="pl-c1">)))</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_eucl_div_bound</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">q</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_mult_le_left</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">b</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">c</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">a</span> * <span class="pl-en">c</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_mult_le_left</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_mult_le_right</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">b</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">c</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">a</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">c</span> * <span class="pl-en">a</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_mult_le_right</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_mult_lt_left</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">b</span> &lt; <span class="pl-en">c</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span> &lt; <span class="pl-en">a</span> * <span class="pl-en">c</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_mult_lt_left</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_mult_lt_right</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">b</span> &lt; <span class="pl-en">c</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">a</span> &lt; <span class="pl-en">c</span> * <span class="pl-en">a</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_mult_lt_right</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lemma_mult_lt_sqr</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:nat{</span><span class="pl-en">n</span> &lt; <span class="pl-en">k</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">m</span> &lt; <span class="pl-en">k</span><span class="pl-c1">})</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">n</span> * <span class="pl-en">m</span> &lt; <span class="pl-en">k</span> * <span class="pl-en">k</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">calc</span> <span class="pl-c1">(</span>&lt;<span class="pl-c1">=)</span> <span class="pl-c1">{</span>
+    <span class="pl-en">n</span> * <span class="pl-en">m</span><span class="pl-c1">;</span>
+  &lt;<span class="pl-c1">=</span> <span class="pl-c1">{</span> <span class="pl-en">lemma_mult_le_left</span> <span class="pl-en">n</span> <span class="pl-en">m</span> <span class="pl-c1">(</span><span class="pl-en">k</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+    <span class="pl-en">n</span> * <span class="pl-c1">(</span><span class="pl-en">k</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">);</span>
+  &lt;<span class="pl-c1">=</span> <span class="pl-c1">{</span> <span class="pl-en">lemma_mult_le_right</span> <span class="pl-c1">(</span><span class="pl-en">k</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">k</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">k</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> * <span class="pl-c1">(</span><span class="pl-en">k</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">);</span>
+  &lt;<span class="pl-c1">=</span> <span class="pl-c1">{}</span>
+    <span class="pl-en">k</span>*<span class="pl-en">k</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">;</span>
+  <span class="pl-c1">}</span></pre></div>
+<p>Lemma: multiplication on integers is commutative</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">swap_mul</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">b</span> * <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">swap_mul</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_cancel_mul</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-en">b</span> * <span class="pl-en">n</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_cancel_mul</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<p>Lemma: multiplication is right distributive over addition</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">distributivity_add_left</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">((</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span><span class="pl-c1">)</span> * <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> * <span class="pl-en">c</span> <span class="pl-c1">+</span> <span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">distributivity_add_left</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<p>Lemma: multiplication is left distributive over addition</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">distributivity_add_right</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">+</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> * <span class="pl-en">b</span> <span class="pl-c1">+</span> <span class="pl-en">a</span> * <span class="pl-en">c</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">distributivity_add_right</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">=</span>
+  <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+    <span class="pl-en">a</span> * <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">+</span> <span class="pl-en">c</span><span class="pl-c1">);</span>
+  <span class="pl-c1">==</span> <span class="pl-c1">{}</span>
+    <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">+</span> <span class="pl-en">c</span><span class="pl-c1">)</span> * <span class="pl-en">a</span><span class="pl-c1">;</span>
+  <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">distributivity_add_left</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-en">a</span> <span class="pl-c1">}</span>
+    <span class="pl-en">b</span> * <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">c</span> * <span class="pl-en">a</span><span class="pl-c1">;</span>
+  <span class="pl-c1">==</span> <span class="pl-c1">{}</span>
+    <span class="pl-en">a</span> * <span class="pl-en">b</span> <span class="pl-c1">+</span> <span class="pl-en">a</span> * <span class="pl-en">c</span><span class="pl-c1">;</span>
+  <span class="pl-c1">}</span></pre></div>
+<p>Lemma: multiplication is associative, hence parenthesizing is meaningless</p>
+<p>GM: This is really just an identity since the LHS is associated to the left</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">paren_mul_left</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span> * <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">)</span> * <span class="pl-en">c</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">paren_mul_left</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<p>Lemma: multiplication is associative, hence parenthesizing is meaningless</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">paren_mul_right</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span> * <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> * <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">paren_mul_right</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<p>Lemma: addition is associative, hence parenthesizing is meaningless</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">paren_add_left</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span> <span class="pl-c1">+</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">paren_add_left</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<p>Lemma: addition is associative, hence parenthesizing is meaningless</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">paren_add_right</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span> <span class="pl-c1">+</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">+</span> <span class="pl-en">c</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">paren_add_right</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">addition_is_associative</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span> <span class="pl-c1">+</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-en">c</span> <span class="pl-c1">/\</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span> <span class="pl-c1">+</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">+</span> <span class="pl-en">c</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">addition_is_associative</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">subtraction_is_distributive</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span> <span class="pl-c1">+</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-en">c</span> <span class="pl-c1">/\</span>
+   <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span> <span class="pl-c1">-</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">+</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+   <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span> <span class="pl-c1">-</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">-</span> <span class="pl-en">c</span> <span class="pl-c1">/\</span>
+   <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-c1">(-</span><span class="pl-en">b</span> <span class="pl-c1">-</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span> <span class="pl-c1">-</span> <span class="pl-en">c</span> <span class="pl-c1">/\</span>
+   <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">-</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span> <span class="pl-c1">+</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">subtraction_is_distributive</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">swap_add_plus_minus</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span> <span class="pl-c1">-</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">swap_add_plus_minus</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<p>Lemma: minus applies to the whole term</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">neg_mul_left</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(-(</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">(-</span><span class="pl-en">a</span><span class="pl-c1">)</span> * <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">neg_mul_left</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<p>Lemma: minus applies to the whole term</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">neg_mul_right</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(-(</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> * <span class="pl-c1">(-</span><span class="pl-en">b</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">neg_mul_right</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">swap_neg_mul</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((-</span><span class="pl-en">a</span><span class="pl-c1">)</span> * <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> * <span class="pl-c1">(-</span><span class="pl-en">b</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">swap_neg_mul</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span>
+  <span class="pl-en">neg_mul_left</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">;</span>
+  <span class="pl-en">neg_mul_right</span> <span class="pl-en">a</span> <span class="pl-en">b</span></pre></div>
+<p>Lemma: multiplication is left distributive over substraction</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">distributivity_sub_left</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span><span class="pl-c1">)</span> * <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> * <span class="pl-en">c</span> <span class="pl-c1">-</span> <span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">distributivity_sub_left</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">=</span>
+  <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span><span class="pl-c1">)</span> * <span class="pl-en">c</span><span class="pl-c1">;</span>
+  <span class="pl-c1">==</span> <span class="pl-c1">{}</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-c1">(-</span><span class="pl-en">b</span><span class="pl-c1">))</span> * <span class="pl-en">c</span><span class="pl-c1">;</span>
+  <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">distributivity_add_left</span> <span class="pl-en">a</span> <span class="pl-c1">(-</span><span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">c</span> <span class="pl-c1">}</span>
+    <span class="pl-en">a</span> * <span class="pl-en">c</span> <span class="pl-c1">+</span> <span class="pl-c1">(-</span><span class="pl-en">b</span><span class="pl-c1">)</span> * <span class="pl-en">c</span><span class="pl-c1">;</span>
+  <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">neg_mul_left</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">}</span>
+    <span class="pl-en">a</span> * <span class="pl-en">c</span> <span class="pl-c1">-</span> <span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">;</span>
+  <span class="pl-c1">}</span></pre></div>
+<p>Lemma: multiplication is right distributive over substraction</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">distributivity_sub_right</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">a</span> * <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">-</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> * <span class="pl-en">b</span> <span class="pl-c1">-</span> <span class="pl-en">a</span> * <span class="pl-en">c</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">distributivity_sub_right</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">=</span>
+  <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+    <span class="pl-en">a</span> * <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">-</span> <span class="pl-en">c</span><span class="pl-c1">);</span>
+  <span class="pl-c1">==</span> <span class="pl-c1">{}</span>
+    <span class="pl-en">a</span> * <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">+</span> <span class="pl-c1">(-</span><span class="pl-en">c</span><span class="pl-c1">));</span>
+  <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">distributivity_add_right</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">(-</span><span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+    <span class="pl-en">a</span> * <span class="pl-en">b</span> <span class="pl-c1">+</span> <span class="pl-en">a</span> * <span class="pl-c1">(-</span><span class="pl-en">c</span><span class="pl-c1">);</span>
+  <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">neg_mul_right</span> <span class="pl-en">a</span> <span class="pl-en">c</span> <span class="pl-c1">}</span>
+    <span class="pl-en">a</span> * <span class="pl-en">b</span> <span class="pl-c1">-</span> <span class="pl-en">a</span> * <span class="pl-en">c</span><span class="pl-c1">;</span>
+  <span class="pl-c1">}</span></pre></div>
+<p>Lemma: multiplication precedence on addition</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mul_binds_tighter</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">mul_binds_tighter</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_abs_mul</span> <span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">abs</span> <span class="pl-en">a</span> * <span class="pl-en">abs</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">abs</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_abs_mul</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_abs_bound</span> <span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">abs</span> <span class="pl-en">a</span> &lt; <span class="pl-en">b</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">-</span><span class="pl-en">b</span> &lt; <span class="pl-en">a</span> <span class="pl-c1">/\</span> <span class="pl-en">a</span> &lt; <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_abs_bound</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<p>Lemma: multiplication keeps symetric bounds :
+b &gt; 0 &amp;&amp; d &gt; 0 &amp;&amp; -b &lt; a &lt; b &amp;&amp; -d &lt; c &lt; d ==&gt; - b * d &lt; a * c &lt; b * d</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mul_ineq1</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">d</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(-</span><span class="pl-en">b</span> &lt; <span class="pl-en">a</span> <span class="pl-c1">/\</span> <span class="pl-en">a</span> &lt; <span class="pl-en">b</span> <span class="pl-c1">/\</span>
+               <span class="pl-c1">-</span><span class="pl-en">d</span> &lt; <span class="pl-en">c</span> <span class="pl-c1">/\</span> <span class="pl-en">c</span> &lt; <span class="pl-en">d</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(-(</span><span class="pl-en">b</span> * <span class="pl-en">d</span><span class="pl-c1">)</span> &lt; <span class="pl-en">a</span> * <span class="pl-en">c</span> <span class="pl-c1">/\</span> <span class="pl-en">a</span> * <span class="pl-en">c</span> &lt; <span class="pl-en">b</span> * <span class="pl-en">d</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">mul_ineq1</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-en">d</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-c1">||</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-c1">()</span>
+  <span class="pl-k">else</span> <span class="pl-k">begin</span>
+    <span class="pl-en">lemma_abs_bound</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">;</span>
+    <span class="pl-en">lemma_abs_bound</span> <span class="pl-en">c</span> <span class="pl-en">d</span><span class="pl-c1">;</span>
+    <span class="pl-en">lemma_abs_mul</span> <span class="pl-en">a</span> <span class="pl-en">c</span><span class="pl-c1">;</span>
+    <span class="pl-en">lemma_mult_lt_left</span> <span class="pl-c1">(</span><span class="pl-en">abs</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">abs</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-en">d</span><span class="pl-c1">;</span>
+    <span class="pl-en">lemma_mult_lt_right</span> <span class="pl-en">d</span> <span class="pl-c1">(</span><span class="pl-en">abs</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">b</span><span class="pl-c1">;</span>
+    <span class="pl-en">lemma_abs_bound</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">d</span><span class="pl-c1">);</span>
+    <span class="pl-c1">()</span>
+  <span class="pl-k">end</span></pre></div>
+<p>Zero is neutral for addition</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">add_zero_left_is_same</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span><span class="pl-c1">(</span><span class="pl-c1">0</span> <span class="pl-c1">+</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span>
+<span class="pl-k">let</span> <span class="pl-en">add_zero_right_is_same</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span><span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">+</span> <span class="pl-c1">0</span> <span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<p>One is neutral for multiplication</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mul_one_left_is_same</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span><span class="pl-c1">(</span><span class="pl-c1">1</span> * <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span>
+<span class="pl-k">let</span> <span class="pl-en">mul_one_right_is_same</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span><span class="pl-c1">(</span><span class="pl-en">n</span> * <span class="pl-c1">1</span> <span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<p>Multiplying by zero gives zero</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mul_zero_left_is_zero</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span><span class="pl-c1">(</span><span class="pl-c1">0</span> * <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span>
+<span class="pl-k">let</span> <span class="pl-en">mul_zero_right_is_zero</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span><span class="pl-c1">(</span><span class="pl-en">n</span> * <span class="pl-c1">0</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">nat_times_nat_is_nat</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span> &gt;<span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">nat_times_nat_is_nat</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">pos_times_pos_is_pos</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span> &gt; <span class="pl-c1">0</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">pos_times_pos_is_pos</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">nat_over_pos_is_nat</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">b</span> &gt;<span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">nat_over_pos_is_nat</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">nat_plus_nat_equal_zero_lemma</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:nat{</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span><span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-c1">/\</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">nat_plus_nat_equal_zero_lemma</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int_times_int_equal_zero_lemma</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:int{</span><span class="pl-en">a</span> * <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span><span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-c1">\/</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">int_times_int_equal_zero_lemma</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">#</span><span class="pl-en">push</span><span class="pl-c1">-</span><span class="pl-en">options</span> <span class="pl-s"><span class="pl-pds">"</span>--fuel 1<span class="pl-pds">"</span></span>
+<span class="pl-k">val</span> <span class="pl-en">pow2_double_sum</span><span class="pl-c1">:</span> <span class="pl-en">n</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">n</span> <span class="pl-c1">+</span> <span class="pl-en">pow2</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">pow2_double_sum</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">pow2_double_mult</span><span class="pl-c1">:</span> <span class="pl-en">n</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-c1">2</span> * <span class="pl-en">pow2</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">pow2_double_mult</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-en">pow2_double_sum</span> <span class="pl-en">n</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">pow2_lt_compat</span><span class="pl-c1">:</span> <span class="pl-en">n</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">m</span> &lt; <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">m</span> &lt; <span class="pl-en">pow2</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">m</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">pow2_lt_compat</span> <span class="pl-en">n</span> <span class="pl-en">m</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">m</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">pow2_lt_compat</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">-</span><span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">-</span><span class="pl-c1">1</span><span class="pl-c1">)</span>
+<span class="pl-c1">#</span><span class="pl-en">pop</span><span class="pl-c1">-</span><span class="pl-en">options</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">pow2_le_compat</span><span class="pl-c1">:</span> <span class="pl-en">n</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">m</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">m</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">pow2</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">pow2_le_compat</span> <span class="pl-en">n</span> <span class="pl-en">m</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">m</span> &lt; <span class="pl-en">n</span> <span class="pl-k">then</span> <span class="pl-en">pow2_lt_compat</span> <span class="pl-en">n</span> <span class="pl-en">m</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">#</span><span class="pl-en">push</span><span class="pl-c1">-</span><span class="pl-en">options</span> <span class="pl-s"><span class="pl-pds">"</span>--fuel 1<span class="pl-pds">"</span></span>
+<span class="pl-k">val</span> <span class="pl-en">pow2_plus</span><span class="pl-c1">:</span> <span class="pl-en">n</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">n</span> * <span class="pl-en">pow2</span> <span class="pl-en">m</span> <span class="pl-c1">=</span> <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">+</span> <span class="pl-en">m</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">pow2_plus</span> <span class="pl-en">n</span> <span class="pl-en">m</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">n</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">pow2_plus</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">m</span>
+<span class="pl-c1">#</span><span class="pl-en">pop</span><span class="pl-c1">-</span><span class="pl-en">options</span></pre></div>
+<p>Lemma : definition of the exponential property of pow2</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">pow2_minus</span><span class="pl-c1">:</span> <span class="pl-en">n</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span><span class="pl-c1">:nat{</span> <span class="pl-en">n</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">m</span> <span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">((</span><span class="pl-en">pow2</span> <span class="pl-en">n</span><span class="pl-c1">)</span> / <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">m</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">pow2_minus</span> <span class="pl-en">n</span> <span class="pl-en">m</span> <span class="pl-c1">=</span>
+  <span class="pl-en">pow2_plus</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-en">m</span><span class="pl-c1">;</span>
+  <span class="pl-en">slash_star_axiom</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">m</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<p>Lemma: loss of precision in euclidean division</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">multiply_fractions</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span><span class="pl-en">nonzero</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">n</span> * <span class="pl-c1">(</span> <span class="pl-en">a</span> / <span class="pl-en">n</span> <span class="pl-c1">)</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">multiply_fractions</span> <span class="pl-en">a</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<h4>
+<a id="user-content-modulo_lemma" class="anchor" href="#modulo_lemma" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>modulo_lemma</h4>
 <p>Same as <code>small_mod</code></p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> lemma_div_mod:Unidentified product: [a:<span class="dt">int</span>] Unidentified product: [p:nonzero] (Lemma (=(a, +<span class="co">(*(p, (/(a, p))), %(a, p)))))</span></code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modulo_lemma</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">a</span> &lt; <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">a</span> % <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">modulo_lemma</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<h4>
+<a id="user-content-lemma_div_mod" class="anchor" href="#lemma_div_mod" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lemma_div_mod</h4>
 <p>Same as <code>lemma_div_def</code> in Math.Lib</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_div_mod</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">nonzero</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">p</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-en">a</span> % <span class="pl-en">p</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_div_mod</span> <span class="pl-en">a</span> <span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_mod_lt</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">a</span> % <span class="pl-en">p</span> <span class="pl-c1">/\</span> <span class="pl-en">a</span> % <span class="pl-en">p</span> &lt; <span class="pl-en">p</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-en">a</span> &gt;<span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">a</span> % <span class="pl-en">p</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_mod_lt</span> <span class="pl-en">a</span> <span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_div_lt_nat</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">n</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span><span class="pl-c1">:nat{</span><span class="pl-en">m</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">a</span> &lt; <span class="pl-en">pow2</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">pow2</span> <span class="pl-en">m</span> &lt; <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">-</span><span class="pl-en">m</span><span class="pl-c1">)))</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_div_lt_nat</span> <span class="pl-en">a</span> <span class="pl-en">n</span> <span class="pl-en">m</span> <span class="pl-c1">=</span>
+  <span class="pl-en">lemma_div_mod</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">m</span><span class="pl-c1">);</span>
+  <span class="pl-k">assert</span><span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">pow2</span> <span class="pl-en">m</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">pow2</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-en">m</span><span class="pl-c1">);</span>
+  <span class="pl-en">pow2_plus</span> <span class="pl-en">m</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">-</span><span class="pl-en">m</span><span class="pl-c1">);</span>
+  <span class="pl-k">assert</span><span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-en">pow2</span> <span class="pl-en">m</span> * <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">m</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_div_lt</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:nat)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">m</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">n</span> <span class="pl-c1">/\</span> <span class="pl-en">a</span> &lt; <span class="pl-en">pow2</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">a</span> / <span class="pl-en">pow2</span> <span class="pl-en">m</span> &lt; <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">-</span><span class="pl-en">m</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_div_lt</span> <span class="pl-en">a</span> <span class="pl-en">n</span> <span class="pl-en">m</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">a</span> &gt;<span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-en">lemma_div_lt_nat</span> <span class="pl-en">a</span> <span class="pl-en">n</span> <span class="pl-en">m</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">bounded_multiple_is_zero</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">-</span><span class="pl-en">n</span> &lt; <span class="pl-en">x</span> * <span class="pl-en">n</span> <span class="pl-c1">/\</span> <span class="pl-en">x</span> * <span class="pl-en">n</span> &lt; <span class="pl-en">n</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-c1">0</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">bounded_multiple_is_zero</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">small_div</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">a</span> &lt; <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">a</span> / <span class="pl-en">n</span> <span class="pl-c1">==</span> <span class="pl-c1">0</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">small_div</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">a</span> &lt; <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">a</span> / <span class="pl-en">n</span> <span class="pl-c1">==</span> <span class="pl-c1">0</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">small_mod</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">a</span> &lt; <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">a</span> % <span class="pl-en">n</span> <span class="pl-c1">==</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">small_mod</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">a</span> &lt; <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">a</span> % <span class="pl-en">n</span> <span class="pl-c1">==</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lt_multiple_is_equal</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span><span class="pl-en">nonzero</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">a</span> &lt; <span class="pl-en">n</span> <span class="pl-c1">/\</span> <span class="pl-en">b</span> &lt; <span class="pl-en">n</span> <span class="pl-c1">/\</span> <span class="pl-en">a</span> <span class="pl-c1">==</span> <span class="pl-en">b</span> <span class="pl-c1">+</span> <span class="pl-en">x</span> * <span class="pl-en">n</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">a</span> <span class="pl-c1">==</span> <span class="pl-en">b</span> <span class="pl-c1">/\</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-c1">0</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lt_multiple_is_equal</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">x</span> <span class="pl-en">n</span> <span class="pl-c1">=</span>
+  <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-c1">0</span> * <span class="pl-en">n</span> <span class="pl-c1">==</span> <span class="pl-c1">0</span><span class="pl-c1">);</span>
+  <span class="pl-en">bounded_multiple_is_zero</span> <span class="pl-en">x</span> <span class="pl-en">n</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_mod_plus</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">k</span> * <span class="pl-en">n</span><span class="pl-c1">)</span> % <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> % <span class="pl-en">n</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_mod_plus</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">+</span><span class="pl-en">k</span>*<span class="pl-en">n</span><span class="pl-c1">)</span>%<span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">a</span>%<span class="pl-en">n</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">lemma_div_mod</span> <span class="pl-en">a</span> <span class="pl-en">n</span><span class="pl-c1">;</span> <span class="pl-en">lemma_div_mod</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">+</span><span class="pl-en">k</span>*<span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-en">n</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">((</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">k</span>*<span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-</span> <span class="pl-en">n</span>*<span class="pl-c1">((</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">k</span>*<span class="pl-en">n</span><span class="pl-c1">)</span>/<span class="pl-en">n</span><span class="pl-c1">))</span> <span class="pl-c1">-</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">n</span>*<span class="pl-c1">(</span><span class="pl-en">a</span>/<span class="pl-en">n</span><span class="pl-c1">));</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{}</span>
+    <span class="pl-en">n</span>*<span class="pl-en">k</span> <span class="pl-c1">+</span> <span class="pl-en">n</span>*<span class="pl-c1">(</span><span class="pl-en">a</span>/<span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-</span> <span class="pl-en">n</span>*<span class="pl-c1">((</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">k</span>*<span class="pl-en">n</span><span class="pl-c1">)</span>/<span class="pl-en">n</span><span class="pl-c1">);</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">distributivity_add_right</span> <span class="pl-en">n</span> <span class="pl-en">k</span> <span class="pl-c1">(</span><span class="pl-en">a</span>/<span class="pl-en">n</span><span class="pl-c1">);</span>
+         <span class="pl-en">distributivity_sub_right</span> <span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">k</span> <span class="pl-c1">+</span> <span class="pl-en">a</span>/<span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">((</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">k</span>*<span class="pl-en">n</span><span class="pl-c1">)</span>/<span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+    <span class="pl-en">n</span> * <span class="pl-c1">(</span><span class="pl-en">k</span> <span class="pl-c1">+</span> <span class="pl-en">a</span>/<span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">+</span><span class="pl-en">k</span>*<span class="pl-en">n</span><span class="pl-c1">)</span>/<span class="pl-en">n</span><span class="pl-c1">);</span>
+  <span class="pl-c1">};</span>
+  <span class="pl-en">lt_multiple_is_equal</span> <span class="pl-c1">((</span><span class="pl-en">a</span><span class="pl-c1">+</span><span class="pl-en">k</span>*<span class="pl-en">n</span><span class="pl-c1">)</span>%<span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">a</span>%<span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">k</span> <span class="pl-c1">+</span> <span class="pl-en">a</span>/<span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">+</span><span class="pl-en">k</span>*<span class="pl-en">n</span><span class="pl-c1">)</span>/<span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">;</span>
+  <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_div_plus</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">k</span> * <span class="pl-en">n</span><span class="pl-c1">)</span> / <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> / <span class="pl-en">n</span> <span class="pl-c1">+</span> <span class="pl-en">k</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_div_plus</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+    <span class="pl-en">n</span> * <span class="pl-c1">((</span><span class="pl-en">a</span><span class="pl-c1">+</span><span class="pl-en">k</span>*<span class="pl-en">n</span><span class="pl-c1">)</span>/<span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">a</span>/<span class="pl-en">n</span><span class="pl-c1">);</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">distributivity_sub_right</span> <span class="pl-en">n</span> <span class="pl-c1">((</span><span class="pl-en">a</span><span class="pl-c1">+</span><span class="pl-en">k</span>*<span class="pl-en">n</span><span class="pl-c1">)</span>/<span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">a</span>/<span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+    <span class="pl-en">n</span> * <span class="pl-c1">((</span><span class="pl-en">a</span><span class="pl-c1">+</span><span class="pl-en">k</span>*<span class="pl-en">n</span><span class="pl-c1">)</span>/<span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-</span> <span class="pl-en">n</span>*<span class="pl-c1">(</span><span class="pl-en">a</span>/<span class="pl-en">n</span><span class="pl-c1">);</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">lemma_div_mod</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">+</span><span class="pl-en">k</span>*<span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">;</span> <span class="pl-en">lemma_div_mod</span> <span class="pl-en">a</span> <span class="pl-en">n</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">k</span>*<span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">+</span><span class="pl-en">k</span>*<span class="pl-en">n</span><span class="pl-c1">)</span>%<span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">a</span>%<span class="pl-en">n</span><span class="pl-c1">);</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{}</span>
+    <span class="pl-en">k</span>*<span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">+</span><span class="pl-en">k</span>*<span class="pl-en">n</span><span class="pl-c1">)</span>%<span class="pl-en">n</span> <span class="pl-c1">+</span> <span class="pl-en">a</span>%<span class="pl-en">n</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">lemma_mod_plus</span> <span class="pl-en">a</span> <span class="pl-en">k</span> <span class="pl-en">n</span> <span class="pl-c1">}</span>
+    <span class="pl-en">k</span>*<span class="pl-en">n</span><span class="pl-c1">;</span>
+  <span class="pl-c1">};</span>
+  <span class="pl-en">lemma_cancel_mul</span> <span class="pl-c1">((</span><span class="pl-en">a</span><span class="pl-c1">+</span><span class="pl-en">k</span>*<span class="pl-en">n</span><span class="pl-c1">)</span>/<span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">a</span>/<span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-en">k</span> <span class="pl-en">n</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lemma_div_mod_plus</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">k</span> * <span class="pl-en">n</span><span class="pl-c1">)</span> / <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> / <span class="pl-en">n</span> <span class="pl-c1">+</span> <span class="pl-en">k</span> <span class="pl-c1">/\</span>
+                                                        <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">k</span> * <span class="pl-en">n</span><span class="pl-c1">)</span> % <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> % <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-en">lemma_div_plus</span> <span class="pl-en">a</span> <span class="pl-en">k</span> <span class="pl-en">n</span><span class="pl-c1">;</span>
+    <span class="pl-en">lemma_mod_plus</span> <span class="pl-en">a</span> <span class="pl-en">k</span> <span class="pl-en">n</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">add_div_mod_1</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">n</span><span class="pl-c1">)</span> % <span class="pl-en">n</span> <span class="pl-c1">==</span> <span class="pl-en">a</span> % <span class="pl-en">n</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">n</span><span class="pl-c1">)</span> / <span class="pl-en">n</span> <span class="pl-c1">==</span> <span class="pl-en">a</span> / <span class="pl-en">n</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">add_div_mod_1</span> <span class="pl-en">a</span> <span class="pl-en">n</span> <span class="pl-c1">=</span>
+    <span class="pl-en">lemma_mod_plus</span> <span class="pl-en">a</span> <span class="pl-c1">1</span> <span class="pl-en">n</span><span class="pl-c1">;</span>
+    <span class="pl-en">lemma_div_plus</span> <span class="pl-en">a</span> <span class="pl-c1">1</span> <span class="pl-en">n</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sub_div_mod_1</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">n</span><span class="pl-c1">)</span> % <span class="pl-en">n</span> <span class="pl-c1">==</span> <span class="pl-en">a</span> % <span class="pl-en">n</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">n</span><span class="pl-c1">)</span> / <span class="pl-en">n</span> <span class="pl-c1">==</span> <span class="pl-en">a</span> / <span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">sub_div_mod_1</span> <span class="pl-en">a</span> <span class="pl-en">n</span> <span class="pl-c1">=</span>
+    <span class="pl-en">lemma_mod_plus</span> <span class="pl-en">a</span> <span class="pl-c1">(-</span><span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">;</span>
+    <span class="pl-en">lemma_div_plus</span> <span class="pl-en">a</span> <span class="pl-c1">(-</span><span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">n</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">#</span><span class="pl-en">push</span><span class="pl-c1">-</span><span class="pl-en">options</span> <span class="pl-s"><span class="pl-pds">"</span>--smtencoding.elim_box true --smtencoding.nl_arith_repr native<span class="pl-pds">"</span></span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">cancel_mul_div</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span><span class="pl-en">nonzero</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">a</span> * <span class="pl-en">n</span><span class="pl-c1">)</span> / <span class="pl-en">n</span> <span class="pl-c1">==</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">cancel_mul_div</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span><span class="pl-en">nonzero</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">#</span><span class="pl-en">pop</span><span class="pl-c1">-</span><span class="pl-en">options</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">cancel_mul_mod</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">a</span> * <span class="pl-en">n</span><span class="pl-c1">)</span> % <span class="pl-en">n</span> <span class="pl-c1">==</span> <span class="pl-c1">0</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">cancel_mul_mod</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">small_mod</span> <span class="pl-c1">0</span> <span class="pl-en">n</span><span class="pl-c1">;</span>
+  <span class="pl-en">lemma_mod_plus</span> <span class="pl-c1">0</span> <span class="pl-en">a</span> <span class="pl-en">n</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_mod_add_distr</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span> % <span class="pl-en">n</span><span class="pl-c1">)</span> % <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-en">n</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_mod_add_distr</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span>%<span class="pl-en">n</span><span class="pl-c1">)</span> % <span class="pl-en">n</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">lemma_mod_plus</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-c1">(</span><span class="pl-en">b</span> % <span class="pl-en">n</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">b</span> / <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-en">n</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span>%<span class="pl-en">n</span> <span class="pl-c1">+</span> <span class="pl-en">n</span> * <span class="pl-c1">(</span><span class="pl-en">b</span>/<span class="pl-en">n</span><span class="pl-c1">))</span> % <span class="pl-en">n</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">lemma_div_mod</span> <span class="pl-en">b</span> <span class="pl-en">n</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-en">n</span><span class="pl-c1">;</span>
+  <span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_mod_sub_distr</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span> % <span class="pl-en">n</span><span class="pl-c1">)</span> % <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-en">n</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_mod_sub_distr</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span>%<span class="pl-en">n</span><span class="pl-c1">)</span> % <span class="pl-en">n</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">lemma_mod_plus</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-c1">(</span><span class="pl-en">b</span> % <span class="pl-en">n</span><span class="pl-c1">))</span> <span class="pl-c1">(-(</span><span class="pl-en">b</span> / <span class="pl-en">n</span><span class="pl-c1">))</span> <span class="pl-en">n</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span>%<span class="pl-en">n</span> <span class="pl-c1">+</span> <span class="pl-en">n</span> * <span class="pl-c1">(-(</span><span class="pl-en">b</span>/<span class="pl-en">n</span><span class="pl-c1">)))</span> % <span class="pl-en">n</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">neg_mul_right</span> <span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">b</span>/<span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span>%<span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">n</span> * <span class="pl-c1">(</span><span class="pl-en">b</span>/<span class="pl-en">n</span><span class="pl-c1">))</span> % <span class="pl-en">n</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">lemma_div_mod</span> <span class="pl-en">b</span> <span class="pl-en">n</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-en">n</span><span class="pl-c1">;</span>
+  <span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_mod_sub_0</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((-</span><span class="pl-c1">1</span><span class="pl-c1">)</span> % <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_mod_sub_0</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_mod_sub_1</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:pos{</span><span class="pl-en">a</span> &lt; <span class="pl-en">b</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((-</span><span class="pl-en">a</span><span class="pl-c1">)</span> % <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">b</span> <span class="pl-c1">-</span> <span class="pl-c1">(</span><span class="pl-en">a</span>%<span class="pl-en">b</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_mod_sub_1</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span>
+  <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+    <span class="pl-c1">(-</span><span class="pl-en">a</span><span class="pl-c1">)</span> % <span class="pl-en">b</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">lemma_mod_plus</span> <span class="pl-c1">(-</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">1</span> <span class="pl-en">b</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">((-</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span>*<span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-en">b</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{}</span>
+    <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">-</span> <span class="pl-en">a</span><span class="pl-c1">)</span> % <span class="pl-en">b</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">small_mod</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">-</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">b</span> <span class="pl-c1">}</span>
+    <span class="pl-en">b</span> <span class="pl-c1">-</span> <span class="pl-en">a</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">small_mod</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">}</span>
+    <span class="pl-en">b</span> <span class="pl-c1">-</span> <span class="pl-en">a</span>%<span class="pl-en">b</span><span class="pl-c1">;</span>
+  <span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_mod_mul_distr_l</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">((</span><span class="pl-en">a</span> % <span class="pl-en">n</span><span class="pl-c1">)</span> * <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lemma_mod_mul_distr_l</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">n</span> <span class="pl-c1">=</span>
+  <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">)</span>  % <span class="pl-en">n</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">lemma_div_mod</span> <span class="pl-en">a</span> <span class="pl-en">n</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">((</span><span class="pl-en">n</span> * <span class="pl-c1">(</span><span class="pl-en">a</span>/<span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-en">a</span>%<span class="pl-en">n</span><span class="pl-c1">)</span> * <span class="pl-en">b</span><span class="pl-c1">)</span>  % <span class="pl-en">n</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">distributivity_add_left</span> <span class="pl-c1">(</span><span class="pl-en">n</span> * <span class="pl-c1">(</span><span class="pl-en">a</span>/<span class="pl-en">n</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">a</span>%<span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-en">b</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">n</span> * <span class="pl-c1">(</span><span class="pl-en">a</span>/<span class="pl-en">n</span><span class="pl-c1">)</span> * <span class="pl-en">b</span> <span class="pl-c1">+</span> <span class="pl-c1">(</span><span class="pl-en">a</span>%<span class="pl-en">n</span><span class="pl-c1">)</span> * <span class="pl-en">b</span><span class="pl-c1">)</span>  % <span class="pl-en">n</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">paren_mul_right</span> <span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">a</span>/<span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-en">b</span><span class="pl-c1">;</span> <span class="pl-en">swap_mul</span> <span class="pl-c1">((</span><span class="pl-en">a</span>/<span class="pl-en">n</span><span class="pl-c1">)</span> * <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">((</span><span class="pl-en">a</span>%<span class="pl-en">n</span><span class="pl-c1">)</span> * <span class="pl-en">b</span> <span class="pl-c1">+</span> <span class="pl-c1">((</span><span class="pl-en">a</span>/<span class="pl-en">n</span><span class="pl-c1">)</span> * <span class="pl-en">b</span><span class="pl-c1">)</span> * <span class="pl-en">n</span><span class="pl-c1">)</span>  % <span class="pl-en">n</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">lemma_mod_plus</span> <span class="pl-c1">((</span><span class="pl-en">a</span>%<span class="pl-en">n</span><span class="pl-c1">)</span> * <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">((</span><span class="pl-en">a</span>/<span class="pl-en">n</span><span class="pl-c1">)</span> * <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">((</span><span class="pl-en">a</span>%<span class="pl-en">n</span><span class="pl-c1">)</span> * <span class="pl-en">b</span><span class="pl-c1">)</span>  % <span class="pl-en">n</span><span class="pl-c1">;</span>
+  <span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_mod_mul_distr_r</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-c1">(</span><span class="pl-en">b</span> % <span class="pl-en">n</span><span class="pl-c1">))</span> % <span class="pl-en">n</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_mod_mul_distr_r</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-en">n</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">swap_mul</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">a</span><span class="pl-c1">)</span> % <span class="pl-en">n</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">lemma_mod_mul_distr_l</span> <span class="pl-en">b</span> <span class="pl-en">a</span> <span class="pl-en">n</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">b</span>%<span class="pl-en">n</span> * <span class="pl-en">a</span><span class="pl-c1">)</span> % <span class="pl-en">n</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">swap_mul</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">b</span>%<span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-c1">(</span><span class="pl-en">b</span>%<span class="pl-en">n</span><span class="pl-c1">))</span> % <span class="pl-en">n</span><span class="pl-c1">;</span>
+  <span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_mod_injective</span><span class="pl-c1">:</span> <span class="pl-en">p</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">a</span> &lt; <span class="pl-en">p</span> <span class="pl-c1">/\</span> <span class="pl-en">b</span> &lt; <span class="pl-en">p</span> <span class="pl-c1">/\</span> <span class="pl-en">a</span> % <span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-en">b</span> % <span class="pl-en">p</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_mod_injective</span> <span class="pl-en">p</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_mul_sub_distr</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span> <span class="pl-c1">-</span> <span class="pl-en">a</span> * <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> * <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">-</span> <span class="pl-en">c</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_mul_sub_distr</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">=</span>
+  <span class="pl-en">distributivity_sub_right</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_div_exact</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">a</span> % <span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">p</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">p</span><span class="pl-c1">)))</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_div_exact</span> <span class="pl-en">a</span> <span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">div_exact_r</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">a</span> % <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">n</span><span class="pl-c1">)</span> * <span class="pl-en">n</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">div_exact_r</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">=</span> <span class="pl-en">lemma_div_exact</span> <span class="pl-en">a</span> <span class="pl-en">n</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_mod_spec</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-c1">(</span><span class="pl-en">a</span> % <span class="pl-en">p</span><span class="pl-c1">))</span> / <span class="pl-en">p</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lemma_mod_spec</span> <span class="pl-en">a</span> <span class="pl-en">p</span> <span class="pl-c1">=</span>
+  <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">a</span>%<span class="pl-en">p</span><span class="pl-c1">)</span>/<span class="pl-en">p</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">lemma_div_mod</span> <span class="pl-en">a</span> <span class="pl-en">p</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">p</span>*<span class="pl-c1">(</span><span class="pl-en">a</span>/<span class="pl-en">p</span><span class="pl-c1">))</span>/<span class="pl-en">p</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">cancel_mul_div</span> <span class="pl-c1">(</span><span class="pl-en">a</span>/<span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-en">p</span> <span class="pl-c1">}</span>
+    <span class="pl-en">a</span>/<span class="pl-en">p</span><span class="pl-c1">;</span>
+  <span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_mod_spec2</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-en">q</span><span class="pl-c1">:int</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-c1">(</span><span class="pl-en">a</span> % <span class="pl-en">p</span><span class="pl-c1">))</span> / <span class="pl-en">p</span> <span class="pl-k">in</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">a</span> % <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-en">q</span> * <span class="pl-en">p</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_mod_spec2</span> <span class="pl-en">a</span> <span class="pl-en">p</span> <span class="pl-c1">=</span>
+  <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> % <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-c1">((</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-c1">(</span><span class="pl-en">a</span> % <span class="pl-en">p</span><span class="pl-c1">))</span> / <span class="pl-en">p</span><span class="pl-c1">)</span> * <span class="pl-en">p</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">lemma_mod_spec</span> <span class="pl-en">a</span> <span class="pl-en">p</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> % <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">p</span><span class="pl-c1">)</span> * <span class="pl-en">p</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">lemma_div_mod</span> <span class="pl-en">a</span> <span class="pl-en">p</span> <span class="pl-c1">}</span>
+    <span class="pl-en">a</span><span class="pl-c1">;</span>
+  <span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_mod_plus_distr_l</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">((</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-c1">((</span><span class="pl-en">a</span> % <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-en">p</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_mod_plus_distr_l</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">p</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">q</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-c1">(</span><span class="pl-en">a</span> % <span class="pl-en">p</span><span class="pl-c1">))</span> / <span class="pl-en">p</span> <span class="pl-k">in</span>
+  <span class="pl-en">lemma_mod_spec2</span> <span class="pl-en">a</span> <span class="pl-en">p</span><span class="pl-c1">;</span>
+  <span class="pl-en">lemma_mod_plus</span> <span class="pl-c1">(</span><span class="pl-en">a</span> % <span class="pl-en">p</span> <span class="pl-c1">+</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">q</span> <span class="pl-en">p</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_mod_plus_distr_r</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">((</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-c1">(</span><span class="pl-en">b</span> % <span class="pl-en">p</span><span class="pl-c1">))</span> % <span class="pl-en">p</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_mod_plus_distr_r</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">p</span> <span class="pl-c1">=</span>
+  <span class="pl-en">lemma_mod_plus_distr_l</span> <span class="pl-en">b</span> <span class="pl-en">a</span> <span class="pl-en">p</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_mod_mod</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">b</span> % <span class="pl-en">p</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">a</span> % <span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-en">b</span> % <span class="pl-en">p</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_mod_mod</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">p</span> <span class="pl-c1">=</span>
+  <span class="pl-en">lemma_mod_lt</span> <span class="pl-en">b</span> <span class="pl-en">p</span><span class="pl-c1">;</span>
+  <span class="pl-en">modulo_lemma</span> <span class="pl-c1">(</span><span class="pl-en">b</span> % <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-en">p</span></pre></div>
+<ul>
+<li>
+<p>Lemmas about multiplication, division and modulo. *</p>
+</li>
+<li>
+<p>This part focuses on the situation where          *</p>
+</li>
+<li>
+<p>dividend: nat    divisor: pos                     *</p>
+</li>
+<li>
+<p>TODO: add triggers for certain lemmas.            *</p>
+</li>
+</ul>
+<p>Lemma: Definition of euclidean division</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">euclidean_division_definition</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">nonzero</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">b</span><span class="pl-c1">)</span> * <span class="pl-en">b</span> <span class="pl-c1">+</span> <span class="pl-en">a</span> % <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">euclidean_division_definition</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<p>Lemma: Propriety about modulo</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modulo_range_lemma</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span> % <span class="pl-en">b</span> &gt;<span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">a</span> % <span class="pl-en">b</span> &lt; <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">modulo_range_lemma</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">small_modulo_lemma_1</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">nonzero</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">a</span> &lt; <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">a</span> % <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">small_modulo_lemma_1</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">small_modulo_lemma_2</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">a</span> % <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">a</span> &lt; <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">small_modulo_lemma_2</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">small_division_lemma_1</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">nonzero</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">a</span> &lt; <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">a</span> / <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">small_division_lemma_1</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">small_division_lemma_2</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">a</span> / <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">a</span> <span class="pl-c1">/\</span> <span class="pl-en">a</span> &lt; <span class="pl-en">n</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">small_division_lemma_2</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">=</span> <span class="pl-en">lemma_div_mod</span> <span class="pl-en">a</span> <span class="pl-en">n</span></pre></div>
+<p>Lemma: Multiplication by a positive integer preserves order</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">multiplication_order_lemma</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">b</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">a</span> * <span class="pl-en">p</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">b</span> * <span class="pl-en">p</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">multiplication_order_lemma</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<p>Lemma: Propriety about multiplication after division</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">division_propriety</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span> &lt; <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">b</span><span class="pl-c1">)</span> * <span class="pl-en">b</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">b</span><span class="pl-c1">)</span> * <span class="pl-en">b</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">division_propriety</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<p>Internal lemmas for proving the definition of division</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">division_definition_lemma_1</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span><span class="pl-c1">:int{</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span> &lt; <span class="pl-en">m</span> * <span class="pl-en">b</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">m</span> &gt; <span class="pl-en">a</span> / <span class="pl-en">b</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">division_definition_lemma_1</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">m</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">a</span> / <span class="pl-en">b</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span> &lt; <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-c1">()</span> <span class="pl-k">else</span> <span class="pl-k">begin</span>
+    <span class="pl-en">division_propriety</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">;</span>
+    <span class="pl-en">multiplication_order_lemma</span> <span class="pl-en">m</span> <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">b</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">b</span>
+  <span class="pl-k">end</span>
+<span class="pl-k">val</span> <span class="pl-en">division_definition_lemma_2</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span><span class="pl-c1">:int{</span><span class="pl-en">m</span> * <span class="pl-en">b</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">m</span> &lt; <span class="pl-en">a</span> / <span class="pl-en">b</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">division_definition_lemma_2</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">m</span> <span class="pl-c1">=</span>
+  <span class="pl-en">division_propriety</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">;</span>
+  <span class="pl-en">multiplication_order_lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">b</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">m</span> <span class="pl-en">b</span></pre></div>
+<p>Lemma: Definition of division</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">division_definition</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span><span class="pl-c1">:int{</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span> &lt; <span class="pl-en">m</span> * <span class="pl-en">b</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">m</span> * <span class="pl-en">b</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">m</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> / <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">division_definition</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">m</span> <span class="pl-c1">=</span>
+  <span class="pl-en">division_definition_lemma_1</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">m</span><span class="pl-c1">;</span>
+  <span class="pl-en">division_definition_lemma_2</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">m</span></pre></div>
+<p>Lemma: (a * b) / b = a; identical to <code>cancel_mul_div</code> above</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">multiple_division_lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span><span class="pl-en">nonzero</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">a</span> * <span class="pl-en">n</span><span class="pl-c1">)</span> / <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">multiple_division_lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span><span class="pl-en">nonzero</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">cancel_mul_div</span> <span class="pl-en">a</span> <span class="pl-en">n</span></pre></div>
+<p>Lemma: (a * b) % b = 0</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">multiple_modulo_lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">a</span> * <span class="pl-en">n</span><span class="pl-c1">)</span> % <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">multiple_modulo_lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">=</span> <span class="pl-en">cancel_mul_mod</span> <span class="pl-en">a</span> <span class="pl-en">n</span></pre></div>
+<p>Lemma: Division distributivity under special condition</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">division_addition_lemma</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">n</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">n</span> * <span class="pl-en">b</span><span class="pl-c1">)</span> / <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> / <span class="pl-en">b</span> <span class="pl-c1">+</span> <span class="pl-en">n</span> <span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">division_addition_lemma</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-en">division_definition</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">n</span> * <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">b</span> <span class="pl-c1">+</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lemma_div_le_</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">d</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">a</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">b</span> <span class="pl-c1">/\</span> <span class="pl-en">a</span> / <span class="pl-en">d</span> &gt; <span class="pl-en">b</span> / <span class="pl-en">d</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-c1">False</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-en">lemma_div_mod</span> <span class="pl-en">a</span> <span class="pl-en">d</span><span class="pl-c1">;</span>
+    <span class="pl-en">lemma_div_mod</span> <span class="pl-en">b</span> <span class="pl-en">d</span><span class="pl-c1">;</span>
+    <span class="pl-en">cut</span> <span class="pl-c1">(</span><span class="pl-en">d</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">d</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-en">a</span> % <span class="pl-en">d</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">d</span> * <span class="pl-c1">(</span><span class="pl-en">b</span> / <span class="pl-en">d</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-en">b</span> % <span class="pl-en">d</span><span class="pl-c1">);</span>
+    <span class="pl-en">cut</span> <span class="pl-c1">(</span><span class="pl-en">d</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">d</span><span class="pl-c1">)</span> <span class="pl-c1">-</span> <span class="pl-en">d</span> * <span class="pl-c1">(</span><span class="pl-en">b</span> / <span class="pl-en">d</span><span class="pl-c1">)</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">b</span> % <span class="pl-en">d</span> <span class="pl-c1">-</span> <span class="pl-en">a</span> % <span class="pl-en">d</span><span class="pl-c1">);</span>
+    <span class="pl-en">distributivity_sub_right</span> <span class="pl-en">d</span> <span class="pl-c1">(</span><span class="pl-en">a</span>/<span class="pl-en">d</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span>/<span class="pl-en">d</span><span class="pl-c1">);</span>
+    <span class="pl-en">cut</span> <span class="pl-c1">(</span><span class="pl-en">b</span> % <span class="pl-en">d</span> &lt; <span class="pl-en">d</span> <span class="pl-c1">/\</span> <span class="pl-en">a</span> % <span class="pl-en">d</span> &lt; <span class="pl-en">d</span><span class="pl-c1">);</span>
+    <span class="pl-en">cut</span> <span class="pl-c1">(</span><span class="pl-en">d</span> * <span class="pl-c1">(</span><span class="pl-en">a</span>/<span class="pl-en">d</span> <span class="pl-c1">-</span> <span class="pl-en">b</span>/<span class="pl-en">d</span><span class="pl-c1">)</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">d</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_div_le</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">d</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">a</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">d</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">b</span> / <span class="pl-en">d</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_div_le</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">d</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">a</span> / <span class="pl-en">d</span> &gt; <span class="pl-en">b</span> / <span class="pl-en">d</span> <span class="pl-k">then</span> <span class="pl-en">lemma_div_le_</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">d</span></pre></div>
+<p>Lemma: Division distributivity under special condition</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">division_sub_lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:nat)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span> * <span class="pl-en">n</span><span class="pl-c1">)</span> / <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> / <span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">division_sub_lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:nat)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">neg_mul_left</span> <span class="pl-en">b</span> <span class="pl-en">n</span><span class="pl-c1">;</span>
+  <span class="pl-en">lemma_div_plus</span> <span class="pl-en">a</span> <span class="pl-c1">(-</span><span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span></pre></div>
+<p>Lemma: Modulo distributivity</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modulo_distributivity</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-en">c</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-en">a</span> % <span class="pl-en">c</span> <span class="pl-c1">+</span> <span class="pl-en">b</span> % <span class="pl-en">c</span><span class="pl-c1">)</span> % <span class="pl-en">c</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">modulo_distributivity</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">=</span>
+  <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-en">c</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">lemma_mod_plus_distr_l</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">((</span><span class="pl-en">a</span> % <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-en">c</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">lemma_mod_plus_distr_r</span> <span class="pl-c1">(</span><span class="pl-en">a</span> % <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">((</span><span class="pl-en">a</span> % <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-c1">(</span><span class="pl-en">b</span> % <span class="pl-en">c</span><span class="pl-c1">))</span> % <span class="pl-en">c</span><span class="pl-c1">;</span>
+  <span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_mod_plus_mul_distr</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(((</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span><span class="pl-c1">)</span> * <span class="pl-en">c</span><span class="pl-c1">)</span> % <span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-c1">((((</span><span class="pl-en">a</span> % <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-c1">(</span><span class="pl-en">b</span> % <span class="pl-en">p</span><span class="pl-c1">))</span> % <span class="pl-en">p</span><span class="pl-c1">)</span> * <span class="pl-c1">(</span><span class="pl-en">c</span> % <span class="pl-en">p</span><span class="pl-c1">))</span> % <span class="pl-en">p</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_mod_plus_mul_distr</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-en">p</span> <span class="pl-c1">=</span>
+  <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+    <span class="pl-c1">((</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span><span class="pl-c1">)</span> * <span class="pl-en">c</span><span class="pl-c1">)</span> % <span class="pl-en">p</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">lemma_mod_mul_distr_l</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">c</span> <span class="pl-en">p</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(((</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-en">p</span><span class="pl-c1">)</span> * <span class="pl-en">c</span><span class="pl-c1">)</span> % <span class="pl-en">p</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">lemma_mod_mul_distr_r</span> <span class="pl-c1">((</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-en">c</span> <span class="pl-en">p</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(((</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-en">p</span><span class="pl-c1">)</span> * <span class="pl-c1">(</span><span class="pl-en">c</span> % <span class="pl-en">p</span><span class="pl-c1">))</span> % <span class="pl-en">p</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">modulo_distributivity</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">p</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">((((</span><span class="pl-en">a</span> % <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-c1">(</span><span class="pl-en">b</span> % <span class="pl-en">p</span><span class="pl-c1">))</span> % <span class="pl-en">p</span><span class="pl-c1">)</span> * <span class="pl-c1">(</span><span class="pl-en">c</span> % <span class="pl-en">p</span><span class="pl-c1">))</span> % <span class="pl-en">p</span><span class="pl-c1">;</span>
+  <span class="pl-c1">}</span></pre></div>
+<p>Lemma: Modulo distributivity under special condition</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modulo_addition_lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span> * <span class="pl-en">n</span><span class="pl-c1">)</span> % <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> % <span class="pl-en">n</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">modulo_addition_lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:int)</span> <span class="pl-c1">=</span> <span class="pl-en">lemma_mod_plus</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">n</span></pre></div>
+<p>Lemma: Modulo distributivity under special condition</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_mod_sub</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span> * <span class="pl-en">n</span><span class="pl-c1">)</span> % <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> % <span class="pl-en">n</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_mod_sub</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:int)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">neg_mul_left</span> <span class="pl-en">b</span> <span class="pl-en">n</span><span class="pl-c1">;</span>
+  <span class="pl-en">lemma_mod_plus</span> <span class="pl-en">a</span> <span class="pl-c1">(-</span><span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mod_mult_exact</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">q</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">a</span> % <span class="pl-c1">(</span><span class="pl-en">n</span> * <span class="pl-en">q</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">0</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">a</span> % <span class="pl-en">n</span> <span class="pl-c1">==</span> <span class="pl-c1">0</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mod_mult_exact</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">q</span><span class="pl-c1">:pos)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+    <span class="pl-en">a</span> % <span class="pl-en">n</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">lemma_div_mod</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">n</span> * <span class="pl-en">q</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">((</span><span class="pl-en">n</span> * <span class="pl-en">q</span><span class="pl-c1">)</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">n</span> * <span class="pl-en">q</span><span class="pl-c1">))</span> <span class="pl-c1">+</span> <span class="pl-en">a</span> % <span class="pl-c1">(</span><span class="pl-en">n</span> * <span class="pl-en">q</span><span class="pl-c1">))</span>  % <span class="pl-en">n</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c"><span class="pl-c">(*</span> hyp <span class="pl-c">*)</span></span> <span class="pl-c1">}</span>
+    <span class="pl-c1">((</span><span class="pl-en">n</span> * <span class="pl-en">q</span><span class="pl-c1">)</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">n</span> * <span class="pl-en">q</span><span class="pl-c1">)))</span>  % <span class="pl-en">n</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">paren_mul_right</span> <span class="pl-en">n</span> <span class="pl-en">q</span> <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">n</span> * <span class="pl-en">q</span><span class="pl-c1">));</span>
+         <span class="pl-en">swap_mul</span> <span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">q</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">n</span> * <span class="pl-en">q</span><span class="pl-c1">)))</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">((</span><span class="pl-en">q</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">n</span> * <span class="pl-en">q</span><span class="pl-c1">)))</span> * <span class="pl-en">n</span><span class="pl-c1">)</span> % <span class="pl-en">n</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">multiple_modulo_lemma</span> <span class="pl-c1">(</span><span class="pl-en">q</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">n</span>*<span class="pl-en">q</span><span class="pl-c1">)))</span> <span class="pl-en">n</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">0</span><span class="pl-c1">;</span>
+  <span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mod_mul_div_exact</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">a</span> % <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">0</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-en">n</span> <span class="pl-c1">==</span> <span class="pl-c1">0</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">mod_mul_div_exact</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-en">n</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">lemma_div_mod</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c"><span class="pl-c">(*</span> + hyp <span class="pl-c">*)</span></span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(((</span><span class="pl-en">b</span>*<span class="pl-en">n</span><span class="pl-c1">)</span>*<span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span>*<span class="pl-en">n</span><span class="pl-c1">)))</span> / <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-en">n</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">paren_mul_right</span> <span class="pl-en">b</span> <span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span>*<span class="pl-en">n</span><span class="pl-c1">))</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">((</span><span class="pl-en">b</span>*<span class="pl-c1">(</span><span class="pl-en">n</span>*<span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span>*<span class="pl-en">n</span><span class="pl-c1">))))</span> / <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-en">n</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">cancel_mul_div</span> <span class="pl-c1">(</span><span class="pl-en">n</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">n</span><span class="pl-c1">)))</span> <span class="pl-en">b</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">n</span>*<span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span>*<span class="pl-en">n</span><span class="pl-c1">)))</span> % <span class="pl-en">n</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">cancel_mul_mod</span> <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span>*<span class="pl-en">n</span><span class="pl-c1">))</span> <span class="pl-en">n</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">0</span><span class="pl-c1">;</span>
+  <span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">#</span><span class="pl-en">push</span><span class="pl-c1">-</span><span class="pl-en">options</span> <span class="pl-s"><span class="pl-pds">"</span>--fuel 1<span class="pl-pds">"</span></span>
+<span class="pl-k">val</span> <span class="pl-en">mod_pow2_div2</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-en">m</span> <span class="pl-c1">==</span> <span class="pl-c1">0</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">2</span><span class="pl-c1">)</span> % <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">m</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">0</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">mod_pow2_div2</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-en">m</span> <span class="pl-c1">==</span> <span class="pl-c1">0</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">2</span><span class="pl-c1">)</span> % <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">m</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">0</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span>
+  <span class="pl-en">mod_mul_div_exact</span> <span class="pl-en">a</span> <span class="pl-c1">2</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">m</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">))</span>
+<span class="pl-c1">#</span><span class="pl-en">pop</span><span class="pl-c1">-</span><span class="pl-en">options</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">lemma_div_lt_cancel</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">a</span> &lt; <span class="pl-en">b</span> * <span class="pl-en">n</span><span class="pl-c1">))</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">b</span> &lt; <span class="pl-en">n</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">lemma_div_lt_cancel</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">n</span> <span class="pl-c1">=</span></pre></div>
+<p>by contradiction</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">if</span> <span class="pl-en">a</span> / <span class="pl-en">b</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">n</span> <span class="pl-k">then</span> <span class="pl-k">begin</span>
+  <span class="pl-en">calc</span> <span class="pl-c1">(</span>&gt;<span class="pl-c1">=)</span> <span class="pl-c1">{</span>
+    <span class="pl-en">a</span><span class="pl-c1">;</span>
+    &gt;<span class="pl-c1">=</span> <span class="pl-c1">{</span> <span class="pl-en">slash_decr_axiom</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">b</span><span class="pl-c1">)</span> * <span class="pl-en">b</span><span class="pl-c1">;</span>
+    &gt;<span class="pl-c1">=</span> <span class="pl-c1">{}</span>
+    <span class="pl-en">n</span> * <span class="pl-en">b</span><span class="pl-c1">;</span>
+  <span class="pl-c1">};</span>
+  <span class="pl-k">assert</span> <span class="pl-c1">False</span>
+<span class="pl-k">end</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">lemma_mod_mult_zero</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">(</span><span class="pl-en">c</span> <span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">a</span> % <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">))</span> / <span class="pl-en">b</span> / <span class="pl-en">c</span> <span class="pl-c1">==</span> <span class="pl-c1">0</span><span class="pl-c1">)</span>
+<span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">lemma_mod_mult_zero</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">=</span></pre></div>
+<p>&lt; 1</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">lemma_mod_lt</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">);</span>
+<span class="pl-en">lemma_div_lt_cancel</span> <span class="pl-c1">(</span><span class="pl-en">a</span> % <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">))</span> <span class="pl-en">b</span> <span class="pl-en">c</span><span class="pl-c1">;</span>
+<span class="pl-en">lemma_div_lt_cancel</span> <span class="pl-c1">((</span><span class="pl-en">a</span> % <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">))</span> / <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">c</span> <span class="pl-c1">1</span><span class="pl-c1">;</span></pre></div>
+<blockquote>
+<p>= 0</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">nat_over_pos_is_nat</span> <span class="pl-c1">(</span><span class="pl-en">a</span> % <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">))</span> <span class="pl-en">b</span><span class="pl-c1">;</span>
+<span class="pl-en">nat_over_pos_is_nat</span> <span class="pl-c1">((</span><span class="pl-en">a</span> % <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">))</span> / <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">c</span><span class="pl-c1">;</span>
+<span class="pl-c1">()</span></pre></div>
+<p>Lemma: Divided by a product is equivalent to being divided one by one</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">division_multiplication_lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">b</span><span class="pl-c1">)</span> / <span class="pl-en">c</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">division_multiplication_lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:pos)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+    <span class="pl-en">a</span> / <span class="pl-en">b</span> / <span class="pl-en">c</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">lemma_div_mod</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">((</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">)</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">))</span> <span class="pl-c1">+</span> <span class="pl-en">a</span> % <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">))</span> / <span class="pl-en">b</span> / <span class="pl-en">c</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">paren_mul_right</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">))</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-c1">(</span><span class="pl-en">c</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">)))</span> <span class="pl-c1">+</span> <span class="pl-en">a</span> % <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">))</span> / <span class="pl-en">b</span> / <span class="pl-en">c</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">lemma_div_plus</span> <span class="pl-c1">(</span><span class="pl-en">a</span> % <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">c</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">)))</span> <span class="pl-en">b</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">c</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">))</span> <span class="pl-c1">+</span> <span class="pl-c1">((</span><span class="pl-en">a</span> % <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">))</span> / <span class="pl-en">b</span><span class="pl-c1">))</span> / <span class="pl-en">c</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">lemma_div_plus</span> <span class="pl-c1">((</span><span class="pl-en">a</span> % <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">))</span> / <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">))</span> <span class="pl-en">c</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">))</span> <span class="pl-c1">+</span> <span class="pl-c1">(</span><span class="pl-en">a</span> % <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">))</span> / <span class="pl-en">b</span> / <span class="pl-en">c</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">lemma_mod_mult_zero</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">}</span>
+    <span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">);</span>
+  <span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">cancel_fraction</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">a</span> * <span class="pl-en">c</span><span class="pl-c1">)</span> / <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">a</span> / <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">cancel_fraction</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">=</span>
+  <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">c</span><span class="pl-c1">)</span> / <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">);</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">swap_mul</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">c</span><span class="pl-c1">)</span> / <span class="pl-c1">(</span><span class="pl-en">c</span> * <span class="pl-en">b</span><span class="pl-c1">);</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">division_multiplication_lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-en">c</span> <span class="pl-en">b</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">((</span><span class="pl-en">a</span> * <span class="pl-en">c</span><span class="pl-c1">)</span> / <span class="pl-en">c</span><span class="pl-c1">)</span> / <span class="pl-en">b</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">cancel_mul_div</span> <span class="pl-en">a</span> <span class="pl-en">c</span> <span class="pl-c1">}</span>
+    <span class="pl-en">a</span> / <span class="pl-en">b</span><span class="pl-c1">;</span>
+  <span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modulo_scale_lemma</span> <span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-en">a</span> % <span class="pl-en">c</span><span class="pl-c1">)</span> * <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">modulo_scale_lemma</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">=</span>
+  <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">);</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">lemma_div_mod</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+    <span class="pl-en">a</span> * <span class="pl-en">b</span> <span class="pl-c1">-</span> <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">)</span> * <span class="pl-c1">((</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">)</span> / <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">));</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">cancel_fraction</span> <span class="pl-en">a</span> <span class="pl-en">c</span> <span class="pl-en">b</span> <span class="pl-c1">}</span>
+    <span class="pl-en">a</span> * <span class="pl-en">b</span> <span class="pl-c1">-</span> <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">)</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">c</span><span class="pl-c1">);</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">paren_mul_right</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+    <span class="pl-en">a</span> * <span class="pl-en">b</span> <span class="pl-c1">-</span> <span class="pl-en">b</span> * <span class="pl-c1">(</span><span class="pl-en">c</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">c</span><span class="pl-c1">));</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">swap_mul</span> <span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">c</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">c</span><span class="pl-c1">));</span> <span class="pl-en">distributivity_sub_left</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">c</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">c</span><span class="pl-c1">))</span> <span class="pl-en">b</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">c</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">c</span><span class="pl-c1">))</span> * <span class="pl-en">b</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">lemma_div_mod</span> <span class="pl-en">a</span> <span class="pl-en">c</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> % <span class="pl-en">c</span><span class="pl-c1">)</span> * <span class="pl-en">b</span><span class="pl-c1">;</span>
+  <span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lemma_mul_pos_pos_is_pos</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">x</span>*<span class="pl-en">y</span> &gt; <span class="pl-c1">0</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_mul_nat_pos_is_nat</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">x</span>*<span class="pl-en">y</span> &gt;<span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">modulo_division_lemma_0</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span>*<span class="pl-en">c</span><span class="pl-c1">)</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">a</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">))</span> * <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">))</span> / <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> / <span class="pl-en">b</span> <span class="pl-c1">-</span> <span class="pl-c1">((</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">))</span> * <span class="pl-en">c</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-en">slash_decr_axiom</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">b</span>*<span class="pl-en">c</span><span class="pl-c1">);</span>
+    <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+      <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span>*<span class="pl-en">c</span><span class="pl-c1">))</span> * <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">);</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">swap_mul</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">}</span>
+      <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span>*<span class="pl-en">c</span><span class="pl-c1">))</span> * <span class="pl-c1">(</span><span class="pl-en">c</span> * <span class="pl-en">b</span><span class="pl-c1">);</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">paren_mul_right</span> <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span>*<span class="pl-en">c</span><span class="pl-c1">))</span> <span class="pl-en">c</span> <span class="pl-en">b</span> <span class="pl-c1">}</span>
+      <span class="pl-c1">((</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span>*<span class="pl-en">c</span><span class="pl-c1">))</span> * <span class="pl-en">c</span><span class="pl-c1">)</span> * <span class="pl-en">b</span><span class="pl-c1">;</span>
+    <span class="pl-c1">};</span>
+    <span class="pl-en">cut</span> <span class="pl-c1">((</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span>*<span class="pl-en">c</span><span class="pl-c1">))</span> * <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">((</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">))</span> * <span class="pl-en">c</span><span class="pl-c1">)</span> * <span class="pl-en">b</span><span class="pl-c1">);</span>
+    <span class="pl-en">lemma_div_mod</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">b</span>*<span class="pl-en">c</span><span class="pl-c1">);</span>
+    <span class="pl-en">division_sub_lemma</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">((</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span>*<span class="pl-en">c</span><span class="pl-c1">))</span> * <span class="pl-en">c</span><span class="pl-c1">);</span>
+    <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modulo_division_lemma</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">a</span> % <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">))</span> / <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-en">c</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">modulo_division_lemma</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">=</span>
+  <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> % <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">))</span> / <span class="pl-en">b</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">lemma_div_mod</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">)</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">)))</span> / <span class="pl-en">b</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">paren_mul_right</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">((</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">)));</span> <span class="pl-en">neg_mul_right</span> <span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">c</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">)))</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span> * <span class="pl-c1">(-(</span><span class="pl-en">c</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">)))))</span> / <span class="pl-en">b</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">lemma_div_plus</span> <span class="pl-en">a</span> <span class="pl-c1">(-(</span><span class="pl-en">c</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">))))</span> <span class="pl-en">b</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">-</span> <span class="pl-en">c</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">));</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">division_multiplication_lemma</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">-</span> <span class="pl-en">c</span> * <span class="pl-c1">((</span><span class="pl-en">a</span> / <span class="pl-en">b</span><span class="pl-c1">)</span> / <span class="pl-en">c</span><span class="pl-c1">);</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">lemma_div_mod</span> <span class="pl-c1">(</span><span class="pl-en">a</span>/<span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">c</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-en">c</span><span class="pl-c1">;</span>
+  <span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modulo_modulo_lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">((</span><span class="pl-en">a</span> % <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">))</span> % <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> % <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">modulo_modulo_lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:pos)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">pos_times_pos_is_pos</span> <span class="pl-en">b</span> <span class="pl-en">c</span><span class="pl-c1">;</span>
+  <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> % <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">))</span> % <span class="pl-en">b</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+             <span class="pl-en">a</span> % <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">);</span>
+             <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">lemma_div_mod</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+             <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">)</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">));</span>
+             <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">paren_mul_right</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">))</span> <span class="pl-c1">}</span>
+             <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span> * <span class="pl-c1">(</span><span class="pl-en">c</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">)));</span>
+         <span class="pl-c1">}}</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span> * <span class="pl-c1">(</span><span class="pl-en">c</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">))))</span> % <span class="pl-en">b</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">()</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-c1">(-</span> <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-c1">(</span><span class="pl-en">c</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">))))))</span> % <span class="pl-en">b</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">neg_mul_right</span> <span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">c</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">)))</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-c1">(-</span><span class="pl-en">c</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">)))))</span> % <span class="pl-en">b</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">()</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-c1">(-</span><span class="pl-en">c</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">)))</span> * <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-en">b</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">lemma_mod_plus</span> <span class="pl-en">a</span> <span class="pl-c1">(-</span><span class="pl-en">c</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-en">c</span><span class="pl-c1">)))</span> <span class="pl-en">b</span><span class="pl-c1">}</span>
+    <span class="pl-en">a</span> % <span class="pl-en">b</span><span class="pl-c1">;</span>
+  <span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">pow2_multiplication_division_lemma_1</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:nat{</span><span class="pl-en">c</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">pow2</span> <span class="pl-en">c</span><span class="pl-c1">)</span> / <span class="pl-en">pow2</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> * <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">c</span> <span class="pl-c1">-</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">pow2_multiplication_division_lemma_1</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">=</span>
+  <span class="pl-en">pow2_plus</span> <span class="pl-c1">(</span><span class="pl-en">c</span> <span class="pl-c1">-</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">b</span><span class="pl-c1">;</span>
+  <span class="pl-en">paren_mul_right</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">c</span> <span class="pl-c1">-</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">b</span><span class="pl-c1">);</span>
+  <span class="pl-en">paren_mul_left</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">c</span> <span class="pl-c1">-</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">b</span><span class="pl-c1">);</span>
+  <span class="pl-en">multiple_division_lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">c</span> <span class="pl-c1">-</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">pow2_multiplication_division_lemma_2</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:nat{</span><span class="pl-en">c</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">pow2</span> <span class="pl-en">c</span><span class="pl-c1">)</span> / <span class="pl-en">pow2</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> / <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">-</span> <span class="pl-en">c</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">pow2_multiplication_division_lemma_2</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">=</span>
+  <span class="pl-en">pow2_plus</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">-</span> <span class="pl-en">c</span><span class="pl-c1">);</span>
+  <span class="pl-en">division_multiplication_lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">pow2</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">-</span> <span class="pl-en">c</span><span class="pl-c1">));</span>
+  <span class="pl-en">multiple_division_lemma</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">c</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">pow2_multiplication_modulo_lemma_1</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:nat{</span><span class="pl-en">c</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">pow2</span> <span class="pl-en">c</span><span class="pl-c1">)</span> % <span class="pl-en">pow2</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">pow2_multiplication_modulo_lemma_1</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">=</span>
+  <span class="pl-en">pow2_plus</span> <span class="pl-c1">(</span><span class="pl-en">c</span> <span class="pl-c1">-</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">b</span><span class="pl-c1">;</span>
+  <span class="pl-en">paren_mul_right</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">c</span> <span class="pl-c1">-</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">b</span><span class="pl-c1">);</span>
+  <span class="pl-en">paren_mul_left</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">c</span> <span class="pl-c1">-</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">b</span><span class="pl-c1">);</span>
+  <span class="pl-en">multiple_modulo_lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">c</span> <span class="pl-c1">-</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">pow2_multiplication_modulo_lemma_2</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:nat{</span><span class="pl-en">c</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">pow2</span> <span class="pl-en">c</span><span class="pl-c1">)</span> % <span class="pl-en">pow2</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">-</span> <span class="pl-en">c</span><span class="pl-c1">))</span> * <span class="pl-en">pow2</span> <span class="pl-en">c</span> <span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">pow2_multiplication_modulo_lemma_2</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">=</span>
+  <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">pow2</span> <span class="pl-en">c</span><span class="pl-c1">)</span> % <span class="pl-en">pow2</span> <span class="pl-en">b</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{}</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">pow2</span> <span class="pl-en">c</span><span class="pl-c1">)</span> % <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">c</span> <span class="pl-c1">+</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">-</span><span class="pl-en">c</span><span class="pl-c1">));</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">pow2_plus</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">-</span><span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">pow2</span> <span class="pl-en">c</span><span class="pl-c1">)</span> % <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">c</span> * <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">-</span><span class="pl-en">c</span><span class="pl-c1">));</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">modulo_scale_lemma</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">-</span><span class="pl-en">c</span><span class="pl-c1">))</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">-</span> <span class="pl-en">c</span><span class="pl-c1">))</span> * <span class="pl-en">pow2</span> <span class="pl-en">c</span><span class="pl-c1">;</span>
+  <span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">pow2_modulo_division_lemma_1</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:nat{</span><span class="pl-en">c</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span> <span class="pl-c1">(</span><span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-en">c</span><span class="pl-c1">)</span> / <span class="pl-en">pow2</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">pow2</span> <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">c</span> <span class="pl-c1">-</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">pow2_modulo_division_lemma_1</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">=</span>
+  <span class="pl-en">pow2_plus</span> <span class="pl-c1">(</span><span class="pl-en">c</span> <span class="pl-c1">-</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">b</span><span class="pl-c1">;</span>
+  <span class="pl-en">modulo_division_lemma</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">c</span> <span class="pl-c1">-</span> <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">pow2_modulo_division_lemma_2</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:nat{</span><span class="pl-en">c</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span> <span class="pl-c1">(</span><span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-en">c</span><span class="pl-c1">)</span> / <span class="pl-en">pow2</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">pow2_modulo_division_lemma_2</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">=</span>
+  <span class="pl-en">pow2_le_compat</span> <span class="pl-en">b</span> <span class="pl-en">c</span><span class="pl-c1">;</span>
+  <span class="pl-en">small_division_lemma_1</span> <span class="pl-c1">(</span><span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">pow2_modulo_modulo_lemma_1</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:nat{</span><span class="pl-en">c</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span> <span class="pl-c1">(</span><span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-en">c</span><span class="pl-c1">)</span> % <span class="pl-en">pow2</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-en">b</span> <span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">pow2_modulo_modulo_lemma_1</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">=</span>
+  <span class="pl-en">pow2_plus</span> <span class="pl-c1">(</span><span class="pl-en">c</span> <span class="pl-c1">-</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">b</span><span class="pl-c1">;</span>
+  <span class="pl-en">modulo_modulo_lemma</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">c</span> <span class="pl-c1">-</span> <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">pow2_modulo_modulo_lemma_2</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:nat{</span><span class="pl-en">c</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span> <span class="pl-c1">(</span><span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-en">c</span><span class="pl-c1">)</span> % <span class="pl-en">pow2</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-en">c</span> <span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">pow2_modulo_modulo_lemma_2</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">=</span>
+  <span class="pl-en">pow2_le_compat</span> <span class="pl-en">b</span> <span class="pl-en">c</span><span class="pl-c1">;</span>
+  <span class="pl-en">small_modulo_lemma_1</span> <span class="pl-c1">(</span><span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modulo_add</span> <span class="pl-c1">:</span> <span class="pl-en">p</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">b</span> % <span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-en">c</span> % <span class="pl-en">p</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">((</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">c</span><span class="pl-c1">)</span> % <span class="pl-en">p</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">modulo_add</span> <span class="pl-en">p</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">=</span>
+  <span class="pl-en">modulo_distributivity</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">p</span><span class="pl-c1">;</span>
+  <span class="pl-en">modulo_distributivity</span> <span class="pl-en">a</span> <span class="pl-en">c</span> <span class="pl-en">p</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_mod_twice</span> <span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">a</span> % <span class="pl-en">p</span><span class="pl-c1">)</span> % <span class="pl-en">p</span> <span class="pl-c1">==</span> <span class="pl-en">a</span> % <span class="pl-en">p</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_mod_twice</span> <span class="pl-en">a</span> <span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-en">lemma_mod_mod</span> <span class="pl-c1">(</span><span class="pl-en">a</span> % <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-en">a</span> <span class="pl-en">p</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modulo_sub</span> <span class="pl-c1">:</span> <span class="pl-en">p</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">((</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">c</span><span class="pl-c1">)</span> % <span class="pl-en">p</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">b</span> % <span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-en">c</span> % <span class="pl-en">p</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">modulo_sub</span> <span class="pl-en">p</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">=</span>
+  <span class="pl-en">modulo_add</span> <span class="pl-en">p</span> <span class="pl-c1">(-</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">c</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mod_add_both</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">a</span> % <span class="pl-en">n</span> <span class="pl-c1">==</span> <span class="pl-en">b</span> % <span class="pl-en">n</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">x</span><span class="pl-c1">)</span> % <span class="pl-en">n</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">+</span> <span class="pl-en">x</span><span class="pl-c1">)</span> % <span class="pl-en">n</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">mod_add_both</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">x</span><span class="pl-c1">)</span> % <span class="pl-en">n</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">modulo_distributivity</span> <span class="pl-en">a</span> <span class="pl-en">x</span> <span class="pl-en">n</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">((</span><span class="pl-en">a</span> % <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-c1">(</span><span class="pl-en">x</span> % <span class="pl-en">n</span><span class="pl-c1">))</span> % <span class="pl-en">n</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c"><span class="pl-c">(*</span> hyp <span class="pl-c">*)</span></span> <span class="pl-c1">}</span>
+    <span class="pl-c1">((</span><span class="pl-en">b</span> % <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-c1">(</span><span class="pl-en">x</span> % <span class="pl-en">n</span><span class="pl-c1">))</span> % <span class="pl-en">n</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">modulo_distributivity</span> <span class="pl-en">b</span> <span class="pl-en">x</span> <span class="pl-en">n</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">+</span> <span class="pl-en">x</span><span class="pl-c1">)</span> % <span class="pl-en">n</span><span class="pl-c1">;</span>
+  <span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_mod_plus_injective</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:nat)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">b</span> &lt; <span class="pl-en">n</span> <span class="pl-c1">/\</span> <span class="pl-en">c</span> &lt; <span class="pl-en">n</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">c</span><span class="pl-c1">)</span> % <span class="pl-en">n</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_mod_plus_injective</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:nat)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">small_mod</span> <span class="pl-en">b</span> <span class="pl-en">n</span><span class="pl-c1">;</span>
+  <span class="pl-en">small_mod</span> <span class="pl-en">c</span> <span class="pl-en">n</span><span class="pl-c1">;</span>
+  <span class="pl-en">mod_add_both</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">(-</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">n</span></pre></div>
+<p>Another characterization of the modulo</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modulo_sub_lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">c</span> <span class="pl-c1">:</span> <span class="pl-c1">pos)</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">b</span> &lt; <span class="pl-en">c</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> % <span class="pl-en">c</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">modulo_sub_lemma</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">=</span>
+  <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+    <span class="pl-en">b</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">modulo_lemma</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">}</span>
+    <span class="pl-en">b</span> % <span class="pl-en">c</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">lemma_mod_twice</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">b</span>%<span class="pl-en">c</span><span class="pl-c1">)</span> % <span class="pl-en">c</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c"><span class="pl-c">(*</span> hyp <span class="pl-c">*)</span></span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">b</span>%<span class="pl-en">c</span>  <span class="pl-c1">+</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">-</span><span class="pl-en">b</span><span class="pl-c1">)</span>%<span class="pl-en">c</span><span class="pl-c1">)</span> % <span class="pl-en">c</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">modulo_distributivity</span> <span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">-</span><span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">c</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">+(</span><span class="pl-en">a</span><span class="pl-c1">-</span><span class="pl-en">b</span><span class="pl-c1">))</span> % <span class="pl-en">c</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{}</span>
+    <span class="pl-en">a</span> % <span class="pl-en">c</span><span class="pl-c1">;</span>
+  <span class="pl-c1">}</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Math.Lib.html b/docs/FStar.Math.Lib.html
index ccb5bbd..2125ec5 100644
--- a/docs/FStar.Math.Lib.html
+++ b/docs/FStar.Math.Lib.html
@@ -1,54 +1,120 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Math.Lib</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.math.lib">module FStar.Math.Lib</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> Useful lemmas <span class="kw">for</span> future proofs *</code></pre></div>
+<h1>
+<a id="user-content-fstarmathlib" class="anchor" href="#fstarmathlib" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Math.Lib</h1>
+<ul>
+<li>Opens module <a href="FStar.Mul.html">FStar.Mul</a>
+</li>
+</ul>
+<p>Definition of the diviion operator</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_div_def</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">b</span> * <span class="pl-c1">(</span><span class="pl-en">a</span>/<span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-en">a</span> % <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_div_def</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">mul_lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:nat)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">a</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+                                           <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">c</span> * <span class="pl-en">a</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">c</span> * <span class="pl-en">b</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">mul_lemma'</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">c</span> * <span class="pl-en">a</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">c</span> * <span class="pl-en">b</span><span class="pl-c1">))</span>
+                                           <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">a</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">mul_div_lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">b</span> * <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">b</span><span class="pl-c1">)</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">slash_decr_axiom</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">b</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">slash_decr_axiom</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span>
+    <span class="pl-en">mul_lemma</span> <span class="pl-c1">1</span> <span class="pl-en">b</span> <span class="pl-en">a</span><span class="pl-c1">;</span>
+    <span class="pl-en">mul_div_lemma</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">;</span>
+    <span class="pl-en">mul_lemma'</span> <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">a</span> <span class="pl-en">b</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">lemma_mul_minus_distr_l</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">-</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> * <span class="pl-en">b</span> <span class="pl-c1">-</span> <span class="pl-en">a</span> * <span class="pl-en">c</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<p>Axiom: definition of the "b divides c" relation</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#reset-options</span> "<span class="pl-s">--z3rlimit 30</span>"
+<span class="pl-k">val</span> <span class="pl-en">slash_star_axiom</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">c</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">c</span> / <span class="pl-en">b</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">slash_star_axiom</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">=</span>
+  <span class="pl-en">lemma_div_def</span> <span class="pl-en">c</span> <span class="pl-en">b</span><span class="pl-c1">;</span>
+  <span class="pl-en">lemma_mul_minus_distr_l</span> <span class="pl-en">b</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">c</span>/<span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">#</span><span class="pl-en">reset</span><span class="pl-c1">-</span><span class="pl-en">options</span>
+<span class="pl-k">val</span> <span class="pl-en">log_2</span><span class="pl-c1">:</span> <span class="pl-en">x</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">nat</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">log_2</span> <span class="pl-en">x</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">x</span> &gt;<span class="pl-c1">=</span> <span class="pl-c1">2</span> <span class="pl-k">then</span> <span class="pl-c1">1</span> <span class="pl-c1">+</span> <span class="pl-en">log_2</span> <span class="pl-c1">(</span><span class="pl-en">x</span> / <span class="pl-c1">2</span><span class="pl-c1">)</span> <span class="pl-k">else</span> <span class="pl-c1">0</span></pre></div>
+<p>Function: power of x</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">powx</span> <span class="pl-c1">:</span> <span class="pl-en">x</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">n</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">int</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">powx</span> <span class="pl-en">x</span> <span class="pl-en">n</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">n</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">1</span>
+  <span class="pl-c1">|</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span> * <span class="pl-en">powx</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span></pre></div>
+<p>Function: absolute value</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">abs</span><span class="pl-c1">:</span> <span class="pl-en">x</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:int{</span> <span class="pl-c1">(</span><span class="pl-en">x</span> &gt;<span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-en">x</span> &lt; <span class="pl-c1">0</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-c1">-</span><span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">abs</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-k">if</span> <span class="pl-en">x</span> &gt;<span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-en">x</span> <span class="pl-k">else</span> <span class="pl-c1">-</span><span class="pl-en">x</span></pre></div>
+<p>Function: maximum value</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">max</span><span class="pl-c1">:</span> <span class="pl-en">x</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">z</span><span class="pl-c1">:int{</span> <span class="pl-c1">(</span><span class="pl-en">x</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">y</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">z</span> <span class="pl-c1">=</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-en">x</span> &lt; <span class="pl-en">y</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">z</span> <span class="pl-c1">=</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">max</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-k">if</span> <span class="pl-en">x</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">y</span> <span class="pl-k">then</span> <span class="pl-en">x</span> <span class="pl-k">else</span> <span class="pl-en">y</span></pre></div>
+<p>Function: minimum value</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">min</span><span class="pl-c1">:</span> <span class="pl-en">x</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">z</span><span class="pl-c1">:int{</span> <span class="pl-c1">(</span><span class="pl-en">x</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">y</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">z</span> <span class="pl-c1">=</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-en">x</span> &lt; <span class="pl-en">y</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">z</span> <span class="pl-c1">=</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">min</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-k">if</span> <span class="pl-en">x</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">y</span> <span class="pl-k">then</span> <span class="pl-en">y</span> <span class="pl-k">else</span> <span class="pl-en">x</span></pre></div>
+<p>Function: standard euclidean division, the rest is always positive</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">div</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:int{(</span><span class="pl-en">a</span> &lt; <span class="pl-c1">0</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">c</span> &lt; <span class="pl-c1">0</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-en">a</span> &gt;<span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">c</span> &gt;<span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">)})</span>
+<span class="pl-k">let</span> <span class="pl-en">div</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">a</span> &lt; <span class="pl-c1">0</span> <span class="pl-k">then</span>
+    <span class="pl-k">begin</span>
+    <span class="pl-en">slash_decr_axiom</span> <span class="pl-c1">(-</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">b</span><span class="pl-c1">;</span>
+    <span class="pl-k">if</span> <span class="pl-en">a</span> % <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-c1">-</span> <span class="pl-c1">(-</span><span class="pl-en">a</span> / <span class="pl-en">b</span><span class="pl-c1">)</span>
+    <span class="pl-k">else</span> <span class="pl-c1">-</span> <span class="pl-c1">(-</span><span class="pl-en">a</span> / <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span>
+    <span class="pl-k">end</span>
+  <span class="pl-k">else</span> <span class="pl-en">a</span> / <span class="pl-en">b</span></pre></div>
+<p>Function: equivalent of the '/' operator in C, hence the rest can be negative</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">div_non_eucl</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">q</span><span class="pl-c1">:int{</span> <span class="pl-c1">(</span> <span class="pl-en">a</span> &gt;<span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">q</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> / <span class="pl-en">b</span> <span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span> <span class="pl-en">a</span> &lt; <span class="pl-c1">0</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">q</span> <span class="pl-c1">=</span> <span class="pl-c1">-((-</span><span class="pl-en">a</span><span class="pl-c1">)</span>/<span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">)</span> <span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">div_non_eucl</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">a</span> &lt; <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-c1">0</span> <span class="pl-c1">-</span> <span class="pl-c1">((</span><span class="pl-c1">0</span> <span class="pl-c1">-</span> <span class="pl-en">a</span><span class="pl-c1">)</span> / <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-k">else</span> <span class="pl-en">a</span> / <span class="pl-en">b</span></pre></div>
+<p>The equivalent of the &lt;&lt; C operator</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_left</span><span class="pl-c1">:</span> <span class="pl-en">v</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">res</span><span class="pl-c1">:int{</span><span class="pl-en">res</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> * <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">i</span><span class="pl-c1">)})</span>
+<span class="pl-k">let</span> <span class="pl-en">shift_left</span> <span class="pl-en">v</span> <span class="pl-en">i</span> <span class="pl-c1">=</span>
+  <span class="pl-en">v</span> * <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">i</span><span class="pl-c1">)</span></pre></div>
+<p>asr OCaml operator</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">arithmetic_shift_right</span><span class="pl-c1">:</span> <span class="pl-en">v</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">res</span><span class="pl-c1">:int{</span> <span class="pl-en">res</span> <span class="pl-c1">=</span> <span class="pl-en">div</span> <span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">arithmetic_shift_right</span> <span class="pl-en">v</span> <span class="pl-en">i</span> <span class="pl-c1">=</span>
+  <span class="pl-en">div</span> <span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">i</span><span class="pl-c1">)</span></pre></div>
+<p>Case of C cast functions ?</p>
+<p>Implemented by "mod" in OCaml</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">signed_modulo</span><span class="pl-c1">:</span> <span class="pl-en">v</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">res</span><span class="pl-c1">:int{</span> <span class="pl-en">res</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-c1">-</span> <span class="pl-c1">((</span><span class="pl-en">div_non_eucl</span> <span class="pl-en">v</span> <span class="pl-en">p</span><span class="pl-c1">)</span> * <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">signed_modulo</span> <span class="pl-en">v</span> <span class="pl-en">p</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">v</span> &gt;<span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-en">v</span> % <span class="pl-en">p</span>
+  <span class="pl-k">else</span> <span class="pl-c1">0</span> <span class="pl-c1">-</span> <span class="pl-c1">(</span> <span class="pl-c1">(</span><span class="pl-c1">0</span><span class="pl-c1">-</span><span class="pl-en">v</span><span class="pl-c1">)</span> % <span class="pl-en">p</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">op_Plus_Percent</span> <span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">res</span><span class="pl-c1">:int{</span> <span class="pl-c1">(</span><span class="pl-en">a</span> &gt;<span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">res</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> % <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-en">a</span> &lt; <span class="pl-c1">0</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">res</span> <span class="pl-c1">=</span> <span class="pl-c1">-((-</span><span class="pl-en">a</span><span class="pl-c1">)</span> % <span class="pl-en">p</span><span class="pl-c1">))</span> <span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">op_Plus_Percent</span> <span class="pl-en">a</span> <span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-en">signed_modulo</span> <span class="pl-en">a</span> <span class="pl-en">p</span></pre></div>
+<p>Useful lemmas for future proofs *</p>
+<p>Lemmas of x^n</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">powx_lemma1</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">powx</span> <span class="pl-en">a</span> <span class="pl-c1">1</span> <span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">powx_lemma1</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">powx_lemma2</span><span class="pl-c1">:</span> <span class="pl-en">x</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">n</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">powx</span> <span class="pl-en">x</span> <span class="pl-en">n</span> * <span class="pl-en">powx</span> <span class="pl-en">x</span> <span class="pl-en">m</span> <span class="pl-c1">=</span> <span class="pl-en">powx</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">+</span> <span class="pl-en">m</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">powx_lemma2</span> <span class="pl-en">x</span> <span class="pl-en">n</span> <span class="pl-en">m</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">ass</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-en">z</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">x</span>*<span class="pl-en">y</span><span class="pl-c1">)</span>*<span class="pl-en">z</span> <span class="pl-c1">==</span> <span class="pl-en">x</span>*<span class="pl-c1">(</span><span class="pl-en">y</span>*<span class="pl-en">z</span><span class="pl-c1">))</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+  <span class="pl-k">match</span> <span class="pl-en">n</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">powx_lemma2</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">-</span><span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">m</span><span class="pl-c1">;</span> <span class="pl-en">ass</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">powx</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">-</span><span class="pl-c1">1</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">powx</span> <span class="pl-en">x</span> <span class="pl-en">m</span><span class="pl-c1">)</span></pre></div>
+<p>Lemma: absolute value of product is the product of the absolute values</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">abs_mul_lemma</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">abs</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">abs</span> <span class="pl-en">a</span> * <span class="pl-en">abs</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">abs_mul_lemma</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<p>Lemma: absolute value of a signed_module b is bounded by b</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">signed_modulo_property</span><span class="pl-c1">:</span> <span class="pl-en">v</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">abs</span> <span class="pl-c1">(</span><span class="pl-en">signed_modulo</span> <span class="pl-en">v</span> <span class="pl-en">p</span> <span class="pl-c1">)</span> &lt; <span class="pl-en">p</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">signed_modulo_property</span> <span class="pl-en">v</span> <span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<p>Lemma: non-Euclidean division has a smaller output compared to its input</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">div_non_eucl_decr_lemma</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">abs</span> <span class="pl-c1">(</span><span class="pl-en">div_non_eucl</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">abs</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">div_non_eucl_decr_lemma</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span>
+  <span class="pl-en">slash_decr_axiom</span> <span class="pl-c1">(</span><span class="pl-en">abs</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">b</span></pre></div>
+<p>Lemma: dividing by a bigger value leads to 0 in non-Euclidean division</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">div_non_eucl_bigger_denom_lemma</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">b</span> &gt; <span class="pl-en">abs</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">div_non_eucl</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">div_non_eucl_bigger_denom_lemma</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Modifies.html b/docs/FStar.Modifies.html
index 9329f45..f5894c8 100644
--- a/docs/FStar.Modifies.html
+++ b/docs/FStar.Modifies.html
@@ -1,59 +1,764 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Modifies</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.modifies">module FStar.Modifies</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">* The modifies clause </code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> loc_union_idem:s:loc -&gt; (Lemma (==(loc_union s s, s)) (Prims<span class="kw">.</span>Cons (SMTPat (loc_union s s)) (Prims<span class="kw">.</span>Nil )))</code></pre></div>
-<p>The following is useful to make Z3 cut matching loops with modifies_trans and modifies_refl</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> The modifies clause proper </code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> BEGIN TODO: move <span class="kw">to</span> FStar<span class="kw">.</span>Monotonic<span class="kw">.</span>HyperStack </code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> END TODO </code></pre></div>
+<h1>
+<a id="user-content-fstarmodifies" class="anchor" href="#fstarmodifies" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Modifies</h1>
+<ul>
+<li>Aliases module <a href="FStar.HyperStack.html"> FStar.HyperStack</a> as <code>HS </code>
+</li>
+<li>Aliases module <a href="FStar.HyperStack.ST.html"> FStar.HyperStack.ST</a> as <code>HST </code>
+</li>
+<li>Aliases module <a href="FStar.Buffer.html"> FStar.Buffer</a> as <code>B </code>
+</li>
+</ul>
+<h3>
+<a id="user-content-the-modifies-clause" class="anchor" href="#the-modifies-clause" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>The modifies clause</h3>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc</span> <span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-c1">1</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_none</span><span class="pl-c1">:</span> <span class="pl-en">loc</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_union</span>
+  <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-en">loc</span></pre></div>
+<h4>
+<a id="user-content-loc_union_idem" class="anchor" href="#loc_union_idem" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>loc_union_idem</h4>
+<p>The following is useful to make Z3 cut matching loops with
+modifies_trans and modifies_refl</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_union_idem</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">s</span> <span class="pl-en">s</span> <span class="pl-c1">==</span> <span class="pl-en">s</span><span class="pl-c1">)</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">s</span> <span class="pl-en">s</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_union_comm</span>
+  <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span> <span class="pl-c1">==</span> <span class="pl-en">loc_union</span> <span class="pl-en">s2</span> <span class="pl-en">s1</span><span class="pl-c1">)</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_union_assoc</span>
+  <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span> <span class="pl-en">s3</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">s1</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">s2</span> <span class="pl-en">s3</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">loc_union</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-en">s3</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_union_loc_none_l</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">loc_none</span> <span class="pl-en">s</span> <span class="pl-c1">==</span> <span class="pl-en">s</span><span class="pl-c1">)</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">loc_none</span> <span class="pl-en">s</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_union_loc_none_r</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">s</span> <span class="pl-en">loc_none</span> <span class="pl-c1">==</span> <span class="pl-en">s</span><span class="pl-c1">)</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">s</span> <span class="pl-en">loc_none</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_buffer</span>
+  <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-smi">B.</span><span class="pl-en">buffer</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-en">loc</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_addresses</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-en">loc</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_regions</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-en">loc</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">loc_mreference</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">p</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-en">loc</span>
+<span class="pl-c1">=</span> <span class="pl-en">loc_addresses</span> <span class="pl-c1">true</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">singleton</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">as_addr</span> <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">loc_freed_mreference</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">p</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-en">loc</span>
+<span class="pl-c1">=</span> <span class="pl-en">loc_addresses</span> <span class="pl-c1">false</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">singleton</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">as_addr</span> <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">loc_region_only</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-en">loc</span>
+<span class="pl-c1">=</span> <span class="pl-en">loc_regions</span> <span class="pl-en">preserve_liveness</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">singleton</span> <span class="pl-en">r</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">loc_all_regions_from</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-en">loc</span>
+<span class="pl-c1">=</span> <span class="pl-en">loc_regions</span> <span class="pl-en">preserve_liveness</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">mod_set</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">singleton</span> <span class="pl-en">r</span><span class="pl-c1">))</span></pre></div>
+<p>Inclusion of memory locations</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes</span>
+  <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes_refl</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-en">s</span> <span class="pl-en">s</span><span class="pl-c1">)</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-en">s</span> <span class="pl-en">s</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes_trans</span>
+  <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span> <span class="pl-en">s3</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span> <span class="pl-c1">/\</span> <span class="pl-en">loc_includes</span> <span class="pl-en">s2</span> <span class="pl-en">s3</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-en">s1</span> <span class="pl-en">s3</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes_union_r</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-en">s</span> <span class="pl-en">s1</span> <span class="pl-c1">/\</span> <span class="pl-en">loc_includes</span> <span class="pl-en">s</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes_union_l</span>
+  <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span> <span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-en">s1</span> <span class="pl-en">s</span> <span class="pl-c1">\/</span> <span class="pl-en">loc_includes</span> <span class="pl-en">s2</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-en">s</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes_none</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-en">s</span> <span class="pl-en">loc_none</span><span class="pl-c1">)</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-en">s</span> <span class="pl-en">loc_none</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes_buffer</span>
+  <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b1</span> <span class="pl-en">b2</span><span class="pl-c1">:</span> <span class="pl-smi">B.</span><span class="pl-en">buffer</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">b1</span> <span class="pl-c1">`</span><span class="pl-smi">B.</span><span class="pl-en">includes</span><span class="pl-c1">`</span> <span class="pl-en">b2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-en">b1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-en">b2</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPatOr</span> <span class="pl-c1">[</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">includes</span> <span class="pl-en">b1</span> <span class="pl-en">b2</span><span class="pl-c1">)];</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span><span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-en">b1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-en">b2</span><span class="pl-c1">))]</span>
+  <span class="pl-c1">]]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes_gsub_buffer_r</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-smi">B.</span><span class="pl-en">buffer</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">len</span><span class="pl-c1">:</span> <span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">i</span> <span class="pl-c1">+</span> <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">len</span> &lt;<span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">length</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">loc_includes</span> <span class="pl-en">l</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-en">b</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">i</span> <span class="pl-c1">+</span> <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">len</span> &lt;<span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">length</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">loc_includes</span> <span class="pl-en">l</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">sub</span> <span class="pl-en">b</span> <span class="pl-en">i</span> <span class="pl-en">len</span><span class="pl-c1">))))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-en">l</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">sub</span> <span class="pl-en">b</span> <span class="pl-en">i</span> <span class="pl-en">len</span><span class="pl-c1">)))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes_gsub_buffer_l</span>
+  <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-smi">B.</span><span class="pl-en">buffer</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">i1</span><span class="pl-c1">:</span> <span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">len1</span><span class="pl-c1">:</span> <span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">i2</span><span class="pl-c1">:</span> <span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">len2</span><span class="pl-c1">:</span> <span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">i1</span> <span class="pl-c1">+</span> <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">len1</span> &lt;<span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">length</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">i1</span> &lt;<span class="pl-c1">=</span> <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">i2</span> <span class="pl-c1">/\</span> <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">i2</span> <span class="pl-c1">+</span> <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">len2</span> &lt;<span class="pl-c1">=</span> <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">i1</span> <span class="pl-c1">+</span> <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">len1</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">i1</span> <span class="pl-c1">+</span> <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">len1</span> &lt;<span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">length</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">i1</span> &lt;<span class="pl-c1">=</span> <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">i2</span> <span class="pl-c1">/\</span> <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">i2</span> <span class="pl-c1">+</span> <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">len2</span> &lt;<span class="pl-c1">=</span> <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">i1</span> <span class="pl-c1">+</span> <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">len1</span> <span class="pl-c1">/\</span> <span class="pl-en">loc_includes</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">sub</span> <span class="pl-en">b</span> <span class="pl-en">i1</span> <span class="pl-en">len1</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">sub</span> <span class="pl-en">b</span> <span class="pl-en">i2</span> <span class="pl-en">len2</span><span class="pl-c1">))))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">sub</span> <span class="pl-en">b</span> <span class="pl-en">i1</span> <span class="pl-en">len1</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">sub</span> <span class="pl-en">b</span> <span class="pl-en">i2</span> <span class="pl-en">len2</span><span class="pl-c1">)))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes_addresses_buffer</span>
+  <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span>
+  <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-smi">B.</span><span class="pl-en">buffer</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">frameOf</span> <span class="pl-en">p</span> <span class="pl-c1">==</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span> <span class="pl-smi">Set.</span><span class="pl-en">mem</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">as_addr</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">r</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-en">p</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">r</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-en">p</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes_region_buffer</span>
+  <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-smi">B.</span><span class="pl-en">buffer</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">mem</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">frameOf</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-en">b</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-en">b</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes_region_addresses</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness1</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness2</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">mem</span> <span class="pl-en">r</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-en">preserve_liveness1</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-en">preserve_liveness2</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-en">preserve_liveness1</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-en">preserve_liveness2</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes_region_region</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness1</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness2</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">((</span><span class="pl-en">preserve_liveness1</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">preserve_liveness2</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-smi">Set.</span><span class="pl-en">subset</span> <span class="pl-en">s2</span> <span class="pl-en">s1</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-en">preserve_liveness1</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-en">preserve_liveness2</span> <span class="pl-en">s2</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-en">preserve_liveness1</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-en">preserve_liveness2</span> <span class="pl-en">s2</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes_region_union_l</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-en">l</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-en">preserve_liveness</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">intersect</span> <span class="pl-en">s2</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">complement</span> <span class="pl-en">s1</span><span class="pl-c1">)))))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">s2</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">s2</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes_addresses_addresses</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness1</span> <span class="pl-en">preserve_liveness2</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">((</span><span class="pl-en">preserve_liveness1</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">preserve_liveness2</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-smi">Set.</span><span class="pl-en">subset</span> <span class="pl-en">s2</span> <span class="pl-en">s1</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-en">preserve_liveness1</span> <span class="pl-en">r</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-en">preserve_liveness2</span> <span class="pl-en">r</span> <span class="pl-en">s2</span><span class="pl-c1">)))</span></pre></div>
+<p>Disjointness of two memory locations</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_disjoint</span>
+  <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_disjoint_sym</span>
+  <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-en">s2</span> <span class="pl-en">s1</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">loc_disjoint_sym'</span>
+  <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">loc_disjoint</span> <span class="pl-en">s2</span> <span class="pl-en">s1</span><span class="pl-c1">)</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)]</span>
+<span class="pl-c1">=</span> <span class="pl-smi">Classical.</span><span class="pl-en">move_requires</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint_sym</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-en">s2</span><span class="pl-c1">;</span>
+  <span class="pl-smi">Classical.</span><span class="pl-en">move_requires</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint_sym</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-en">s1</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_disjoint_none_r</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-en">s</span> <span class="pl-en">loc_none</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-en">s</span> <span class="pl-en">loc_none</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_disjoint_union_r</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-en">s</span> <span class="pl-en">s1</span> <span class="pl-c1">/\</span> <span class="pl-en">loc_disjoint</span> <span class="pl-en">s</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_disjoint_includes</span>
+  <span class="pl-c1">(</span><span class="pl-en">p1</span> <span class="pl-en">p2</span> <span class="pl-en">p1'</span> <span class="pl-en">p2'</span> <span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-en">p1</span> <span class="pl-en">p1'</span> <span class="pl-c1">/\</span> <span class="pl-en">loc_includes</span> <span class="pl-en">p2</span> <span class="pl-en">p2'</span> <span class="pl-c1">/\</span> <span class="pl-en">loc_disjoint</span> <span class="pl-en">p1</span> <span class="pl-en">p2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-en">p1'</span> <span class="pl-en">p2'</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPatOr</span> <span class="pl-c1">[</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-en">p1</span> <span class="pl-en">p2</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-en">p1'</span> <span class="pl-en">p2'</span><span class="pl-c1">)];</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-en">p1</span> <span class="pl-en">p1'</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-en">p2</span> <span class="pl-en">p2'</span><span class="pl-c1">)];</span>
+  <span class="pl-c1">]]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_disjoint_buffer</span>
+  <span class="pl-c1">(#</span><span class="pl-en">t1</span> <span class="pl-c1">#</span><span class="pl-en">t2</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b1</span><span class="pl-c1">:</span> <span class="pl-smi">B.</span><span class="pl-en">buffer</span> <span class="pl-en">t1</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b2</span><span class="pl-c1">:</span> <span class="pl-smi">B.</span><span class="pl-en">buffer</span> <span class="pl-en">t2</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">disjoint</span> <span class="pl-en">b1</span> <span class="pl-en">b2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-en">b1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-en">b2</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPatOr</span> <span class="pl-c1">[</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">disjoint</span> <span class="pl-en">b1</span> <span class="pl-en">b2</span><span class="pl-c1">)];</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-en">b1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-en">b2</span><span class="pl-c1">))];</span>
+  <span class="pl-c1">]]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_disjoint_gsub_buffer</span>
+  <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-smi">B.</span><span class="pl-en">buffer</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">i1</span><span class="pl-c1">:</span> <span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">len1</span><span class="pl-c1">:</span> <span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">i2</span><span class="pl-c1">:</span> <span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">len2</span><span class="pl-c1">:</span> <span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span>
+    <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">i1</span> <span class="pl-c1">+</span> <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">len1</span> &lt;<span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">length</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+    <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">i2</span> <span class="pl-c1">+</span> <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">len2</span> &lt;<span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">length</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span>
+    <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">i1</span> <span class="pl-c1">+</span> <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">len1</span> &lt;<span class="pl-c1">=</span> <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">i2</span> <span class="pl-c1">\/</span>
+    <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">i2</span> <span class="pl-c1">+</span> <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">len2</span> &lt;<span class="pl-c1">=</span> <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">i1</span>
+  <span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span>
+    <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">i1</span> <span class="pl-c1">+</span> <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">len1</span> &lt;<span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">length</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+    <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">i2</span> <span class="pl-c1">+</span> <span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">len2</span> &lt;<span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">length</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">loc_disjoint</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">sub</span> <span class="pl-en">b</span> <span class="pl-en">i1</span> <span class="pl-en">len1</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">sub</span> <span class="pl-en">b</span> <span class="pl-en">i2</span> <span class="pl-en">len2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">sub</span> <span class="pl-en">b</span> <span class="pl-en">i1</span> <span class="pl-en">len1</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">sub</span> <span class="pl-en">b</span> <span class="pl-en">i2</span> <span class="pl-en">len2</span><span class="pl-c1">)))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_disjoint_addresses</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness1</span> <span class="pl-en">preserve_liveness2</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r1</span> <span class="pl-en">r2</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">n1</span> <span class="pl-en">n2</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">r1</span> &lt;&gt; <span class="pl-en">r2</span> <span class="pl-c1">\/</span> <span class="pl-smi">Set.</span><span class="pl-en">subset</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">intersect</span> <span class="pl-en">n1</span> <span class="pl-en">n2</span><span class="pl-c1">)</span> <span class="pl-smi">Set.</span><span class="pl-en">empty</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-en">preserve_liveness1</span> <span class="pl-en">r1</span> <span class="pl-en">n1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-en">preserve_liveness2</span> <span class="pl-en">r2</span> <span class="pl-en">n2</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-en">preserve_liveness1</span> <span class="pl-en">r1</span> <span class="pl-en">n1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-en">preserve_liveness2</span> <span class="pl-en">r2</span> <span class="pl-en">n2</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_disjoint_buffer_addresses</span>
+  <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-smi">B.</span><span class="pl-en">buffer</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">r</span> &lt;&gt; <span class="pl-smi">B.</span><span class="pl-en">frameOf</span> <span class="pl-en">p</span> <span class="pl-c1">\/</span> <span class="pl-c1">(~</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">mem</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">as_addr</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">r</span> <span class="pl-en">n</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">r</span> <span class="pl-en">n</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_disjoint_regions</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness1</span> <span class="pl-en">preserve_liveness2</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">rs1</span> <span class="pl-en">rs2</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">subset</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">intersect</span> <span class="pl-en">rs1</span> <span class="pl-en">rs2</span><span class="pl-c1">)</span> <span class="pl-smi">Set.</span><span class="pl-en">empty</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-en">preserve_liveness1</span> <span class="pl-en">rs1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-en">preserve_liveness2</span> <span class="pl-en">rs2</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-en">preserve_liveness1</span> <span class="pl-en">rs1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-en">preserve_liveness2</span> <span class="pl-en">rs2</span><span class="pl-c1">))]</span></pre></div>
+<p>The modifies clause proper</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_mreference_elim</span>
+  <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">pre</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">t</span> <span class="pl-en">pre</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span>
+    <span class="pl-en">loc_disjoint</span> <span class="pl-c1">(</span><span class="pl-en">loc_mreference</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">p</span> <span class="pl-c1">/\</span>
+    <span class="pl-smi">HS.</span><span class="pl-en">contains</span> <span class="pl-en">h</span> <span class="pl-en">b</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">modifies</span> <span class="pl-en">p</span> <span class="pl-en">h</span> <span class="pl-en">h'</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span>
+    <span class="pl-smi">HS.</span><span class="pl-en">contains</span> <span class="pl-en">h'</span> <span class="pl-en">b</span> <span class="pl-c1">/\</span>
+    <span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">b</span> <span class="pl-c1">==</span> <span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h'</span> <span class="pl-en">b</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPatOr</span> <span class="pl-c1">[</span>
+    <span class="pl-c1">[</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">p</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">]</span> <span class="pl-c1">;</span>
+    <span class="pl-c1">[</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">p</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span> <span class="pl-en">h</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">];</span>
+    <span class="pl-c1">[</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">p</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h'</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">]</span> <span class="pl-c1">;</span>
+    <span class="pl-c1">[</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">p</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span> <span class="pl-en">h'</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">]</span>
+  <span class="pl-c1">]</span> <span class="pl-c1">]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_buffer_elim</span>
+  <span class="pl-c1">(#</span><span class="pl-en">t1</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-smi">B.</span><span class="pl-en">buffer</span> <span class="pl-en">t1</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span>
+    <span class="pl-en">loc_disjoint</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">p</span> <span class="pl-c1">/\</span>
+    <span class="pl-smi">B.</span><span class="pl-en">live</span> <span class="pl-en">h</span> <span class="pl-en">b</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">modifies</span> <span class="pl-en">p</span> <span class="pl-en">h</span> <span class="pl-en">h'</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span>
+    <span class="pl-smi">B.</span><span class="pl-en">live</span> <span class="pl-en">h'</span> <span class="pl-en">b</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span>
+    <span class="pl-smi">B.</span><span class="pl-en">as_seq</span> <span class="pl-en">h</span> <span class="pl-en">b</span> <span class="pl-c1">==</span> <span class="pl-smi">B.</span><span class="pl-en">as_seq</span> <span class="pl-en">h'</span> <span class="pl-en">b</span>
+  <span class="pl-c1">)))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPatOr</span> <span class="pl-c1">[</span>
+    <span class="pl-c1">[</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">p</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">as_seq</span> <span class="pl-en">h</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">]</span> <span class="pl-c1">;</span>
+    <span class="pl-c1">[</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">p</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">live</span> <span class="pl-en">h</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">];</span>
+    <span class="pl-c1">[</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">p</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">as_seq</span> <span class="pl-en">h'</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">]</span> <span class="pl-c1">;</span>
+    <span class="pl-c1">[</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">p</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">live</span> <span class="pl-en">h'</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">]</span>
+  <span class="pl-c1">]</span> <span class="pl-c1">]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_refl</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">s</span> <span class="pl-en">h</span> <span class="pl-en">h</span><span class="pl-c1">)</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">s</span> <span class="pl-en">h</span> <span class="pl-en">h</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_loc_includes</span>
+  <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">s2</span> <span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">/\</span> <span class="pl-en">loc_includes</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">s1</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPatOr</span> <span class="pl-c1">[</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">s1</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">s2</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">)];</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">s1</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)];</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">s2</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)];</span>
+  <span class="pl-c1">]]</span></pre></div>
+<blockquote>
+<p>Some memory locations are tagged as liveness-insensitive: the
+liveness preservation of a memory location only depends on its
+disjointness from the liveness-sensitive memory locations of a
+modifies clause.</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">address_liveness_insensitive_locs</span><span class="pl-c1">:</span> <span class="pl-en">loc</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">region_liveness_insensitive_locs</span><span class="pl-c1">:</span> <span class="pl-en">loc</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">address_liveness_insensitive_buffer</span> <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-smi">B.</span><span class="pl-en">buffer</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">address_liveness_insensitive_locs</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">address_liveness_insensitive_locs</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-en">b</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">address_liveness_insensitive_addresses</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">address_liveness_insensitive_locs</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-c1">true</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">address_liveness_insensitive_locs</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-c1">true</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">region_liveness_insensitive_buffer</span> <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-smi">B.</span><span class="pl-en">buffer</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">region_liveness_insensitive_locs</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">region_liveness_insensitive_locs</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-en">b</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">region_liveness_insensitive_addresses</span> <span class="pl-c1">(</span><span class="pl-en">preserve_liveness</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">region_liveness_insensitive_locs</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">region_liveness_insensitive_locs</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">region_liveness_insensitive_regions</span> <span class="pl-c1">(</span><span class="pl-en">rs</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">region_liveness_insensitive_locs</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-c1">true</span> <span class="pl-en">rs</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">region_liveness_insensitive_locs</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-c1">true</span> <span class="pl-en">rs</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">region_liveness_insensitive_address_liveness_insensitive</span><span class="pl-c1">:</span>
+  <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">region_liveness_insensitive_locs</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-en">address_liveness_insensitive_locs</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_liveness_insensitive_mreference</span>
+  <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">pre</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">t</span> <span class="pl-en">pre</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">/\</span> <span class="pl-en">loc_disjoint</span> <span class="pl-en">l1</span> <span class="pl-c1">(</span><span class="pl-en">loc_mreference</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">address_liveness_insensitive_locs</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-en">l2</span> <span class="pl-c1">/\</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">h'</span> <span class="pl-c1">`</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<p>TODO: pattern</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_liveness_insensitive_buffer</span>
+  <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-smi">B.</span><span class="pl-en">buffer</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">/\</span> <span class="pl-en">loc_disjoint</span> <span class="pl-en">l1</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">address_liveness_insensitive_locs</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-en">l2</span> <span class="pl-c1">/\</span> <span class="pl-smi">B.</span><span class="pl-en">live</span> <span class="pl-en">h</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">live</span> <span class="pl-en">h'</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<p>TODO: pattern</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">modifies_liveness_insensitive_mreference_weak</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span> <span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">pre</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">t</span> <span class="pl-en">pre</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">l</span> <span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">/\</span> <span class="pl-en">address_liveness_insensitive_locs</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-en">l</span> <span class="pl-c1">/\</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">h'</span> <span class="pl-c1">`</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPatOr</span> <span class="pl-c1">[</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">x</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">l</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">);];</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">h'</span> <span class="pl-c1">`</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">x</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">l</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">);];</span>
+  <span class="pl-c1">]]</span>
+<span class="pl-c1">=</span> <span class="pl-en">modifies_liveness_insensitive_mreference</span> <span class="pl-en">loc_none</span> <span class="pl-en">l</span> <span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-en">x</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">modifies_liveness_insensitive_buffer_weak</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span> <span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-smi">B.</span><span class="pl-en">buffer</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">l</span> <span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">/\</span> <span class="pl-en">address_liveness_insensitive_locs</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-en">l</span> <span class="pl-c1">/\</span> <span class="pl-smi">B.</span><span class="pl-en">live</span> <span class="pl-en">h</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">live</span> <span class="pl-en">h'</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPatOr</span> <span class="pl-c1">[</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">live</span> <span class="pl-en">h</span> <span class="pl-en">x</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">l</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">);];</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">live</span> <span class="pl-en">h'</span> <span class="pl-en">x</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">l</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">);];</span>
+  <span class="pl-c1">]]</span>
+<span class="pl-c1">=</span> <span class="pl-en">modifies_liveness_insensitive_buffer</span> <span class="pl-en">loc_none</span> <span class="pl-en">l</span> <span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-en">x</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_liveness_insensitive_region</span>
+  <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">/\</span> <span class="pl-en">loc_disjoint</span> <span class="pl-en">l1</span> <span class="pl-c1">(</span><span class="pl-en">loc_region_only</span> <span class="pl-c1">false</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">region_liveness_insensitive_locs</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-en">l2</span> <span class="pl-c1">/\</span> <span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h'</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<p>TODO: pattern</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_liveness_insensitive_region_mreference</span>
+  <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">pre</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">t</span> <span class="pl-en">pre</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">/\</span> <span class="pl-en">loc_disjoint</span> <span class="pl-en">l1</span> <span class="pl-c1">(</span><span class="pl-en">loc_mreference</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">region_liveness_insensitive_locs</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-en">l2</span> <span class="pl-c1">/\</span> <span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">x</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h'</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">x</span><span class="pl-c1">)))</span></pre></div>
+<p>TODO: pattern</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_liveness_insensitive_region_buffer</span>
+  <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-smi">B.</span><span class="pl-en">buffer</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">/\</span> <span class="pl-en">loc_disjoint</span> <span class="pl-en">l1</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">region_liveness_insensitive_locs</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-en">l2</span> <span class="pl-c1">/\</span> <span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">frameOf</span> <span class="pl-en">x</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h'</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">frameOf</span> <span class="pl-en">x</span><span class="pl-c1">)))</span></pre></div>
+<p>TODO: pattern</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">modifies_liveness_insensitive_region_weak</span>
+  <span class="pl-c1">(</span><span class="pl-en">l2</span> <span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">l2</span> <span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">/\</span> <span class="pl-en">region_liveness_insensitive_locs</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-en">l2</span> <span class="pl-c1">/\</span> <span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h'</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPatOr</span> <span class="pl-c1">[</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">l2</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h</span> <span class="pl-en">x</span><span class="pl-c1">)];</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">l2</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h'</span> <span class="pl-en">x</span><span class="pl-c1">)];</span>
+  <span class="pl-c1">]]</span>
+<span class="pl-c1">=</span> <span class="pl-en">modifies_liveness_insensitive_region</span> <span class="pl-en">loc_none</span> <span class="pl-en">l2</span> <span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-en">x</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">modifies_liveness_insensitive_region_mreference_weak</span>
+  <span class="pl-c1">(</span><span class="pl-en">l2</span> <span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">pre</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">t</span> <span class="pl-en">pre</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">l2</span> <span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">/\</span> <span class="pl-en">region_liveness_insensitive_locs</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-en">l2</span> <span class="pl-c1">/\</span> <span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">x</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h'</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">x</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPatOr</span> <span class="pl-c1">[</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">l2</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">x</span><span class="pl-c1">))];</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">l2</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h'</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">x</span><span class="pl-c1">))];</span>
+  <span class="pl-c1">]]</span>
+<span class="pl-c1">=</span> <span class="pl-en">modifies_liveness_insensitive_region_mreference</span> <span class="pl-en">loc_none</span> <span class="pl-en">l2</span> <span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-en">x</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">modifies_liveness_insensitive_region_buffer_weak</span>
+  <span class="pl-c1">(</span><span class="pl-en">l2</span> <span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-smi">B.</span><span class="pl-en">buffer</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">l2</span> <span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">/\</span> <span class="pl-en">region_liveness_insensitive_locs</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-en">l2</span> <span class="pl-c1">/\</span> <span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">frameOf</span> <span class="pl-en">x</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h'</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">frameOf</span> <span class="pl-en">x</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPatOr</span> <span class="pl-c1">[</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">l2</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">frameOf</span> <span class="pl-en">x</span><span class="pl-c1">))];</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">l2</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h'</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">frameOf</span> <span class="pl-en">x</span><span class="pl-c1">))];</span>
+  <span class="pl-c1">]]</span>
+<span class="pl-c1">=</span> <span class="pl-en">modifies_liveness_insensitive_region_buffer</span> <span class="pl-en">loc_none</span> <span class="pl-en">l2</span> <span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-en">x</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_trans</span>
+  <span class="pl-c1">(</span><span class="pl-en">s12</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s23</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h3</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">s12</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span> <span class="pl-c1">/\</span> <span class="pl-en">modifies</span> <span class="pl-en">s23</span> <span class="pl-en">h2</span> <span class="pl-en">h3</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">s12</span> <span class="pl-en">s23</span><span class="pl-c1">)</span> <span class="pl-en">h1</span> <span class="pl-en">h3</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">s12</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">s23</span> <span class="pl-en">h2</span> <span class="pl-en">h3</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_only_live_regions</span>
+  <span class="pl-c1">(</span><span class="pl-en">rs</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span>
+    <span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-c1">false</span> <span class="pl-en">rs</span><span class="pl-c1">)</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">/\</span>
+    <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">r</span> <span class="pl-c1">.</span> <span class="pl-smi">Set.</span><span class="pl-en">mem</span> <span class="pl-en">r</span> <span class="pl-en">rs</span> <span class="pl-c1">==&gt;</span> <span class="pl-c1">(~</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h</span> <span class="pl-en">r</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">l</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">no_upd_fresh_region</span><span class="pl-c1">:</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-smi">HS.</span><span class="pl-en">rid</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">loc</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">h0</span><span class="pl-c1">:</span><span class="pl-smi">HS.</span><span class="pl-en">mem</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">h1</span><span class="pl-c1">:</span><span class="pl-smi">HS.</span><span class="pl-en">mem</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">fresh_region</span> <span class="pl-en">r</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span> <span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-c1">(</span><span class="pl-en">loc_all_regions_from</span> <span class="pl-c1">false</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">l</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">fresh_region</span> <span class="pl-en">r</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">l</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_fresh_frame_popped</span>
+  <span class="pl-c1">(</span><span class="pl-en">h0</span> <span class="pl-en">h1</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h2</span> <span class="pl-en">h3</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span>
+    <span class="pl-smi">HS.</span><span class="pl-en">fresh_frame</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-c1">(</span><span class="pl-en">loc_all_regions_from</span> <span class="pl-c1">false</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">get_tip</span> <span class="pl-en">h1</span><span class="pl-c1">))</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span> <span class="pl-c1">/\</span>
+    <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">get_tip</span> <span class="pl-en">h2</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">get_tip</span> <span class="pl-en">h1</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+    <span class="pl-smi">HS.</span><span class="pl-en">popped</span> <span class="pl-en">h2</span> <span class="pl-en">h3</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span>
+    <span class="pl-en">modifies</span> <span class="pl-en">s</span> <span class="pl-en">h0</span> <span class="pl-en">h3</span> <span class="pl-c1">/\</span>
+    <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">get_tip</span> <span class="pl-en">h3</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-smi">HS.</span><span class="pl-en">get_tip</span> <span class="pl-en">h0</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">fresh_frame</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">popped</span> <span class="pl-en">h2</span> <span class="pl-en">h3</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">s</span> <span class="pl-en">h0</span> <span class="pl-en">h3</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_loc_regions_intro</span>
+  <span class="pl-c1">(</span><span class="pl-en">rs</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">modifies</span> <span class="pl-en">rs</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-c1">true</span> <span class="pl-en">rs</span><span class="pl-c1">)</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_loc_addresses_intro</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span>
+    <span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h2</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-c1">(</span><span class="pl-en">loc_region_only</span> <span class="pl-c1">false</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span> <span class="pl-c1">/\</span>
+    <span class="pl-smi">HS.</span><span class="pl-en">modifies_ref</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-c1">true</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_ralloc_post</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">init</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span> <span class="pl-c1">{</span> <span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">is_eternal_region</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">}</span> <span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h'</span> <span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">ralloc_post</span> <span class="pl-en">i</span> <span class="pl-en">init</span> <span class="pl-en">h</span> <span class="pl-en">x</span> <span class="pl-en">h'</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">loc_none</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_salloc_post</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">init</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span> <span class="pl-c1">{</span> <span class="pl-smi">HS.</span><span class="pl-en">is_stack_region</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">}</span> <span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h'</span> <span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">salloc_post</span> <span class="pl-en">init</span> <span class="pl-en">h</span> <span class="pl-en">x</span> <span class="pl-en">h'</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">loc_none</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_free</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span> <span class="pl-c1">{</span> <span class="pl-smi">HS.</span><span class="pl-en">is_mm</span> <span class="pl-en">r</span> <span class="pl-c1">}</span> <span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span> <span class="pl-c1">{</span> <span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span> <span class="pl-c1">}</span> <span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_freed_mreference</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">m</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">free</span> <span class="pl-en">r</span> <span class="pl-en">m</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_none_modifies</span>
+  <span class="pl-c1">(</span><span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">modifies_none</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">loc_none</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_buffer_none_modifies</span>
+  <span class="pl-c1">(</span><span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">modifies_none</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">loc_none</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_0_modifies</span>
+  <span class="pl-c1">(</span><span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">modifies_0</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">loc_none</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">modifies_0</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_1_modifies</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-smi">B.</span><span class="pl-en">buffer</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">modifies_1</span> <span class="pl-en">b</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">modifies_1</span> <span class="pl-en">b</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_2_modifies</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a1</span> <span class="pl-c1">#</span><span class="pl-en">a2</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b1</span><span class="pl-c1">:</span> <span class="pl-smi">B.</span><span class="pl-en">buffer</span> <span class="pl-en">a1</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b2</span><span class="pl-c1">:</span> <span class="pl-smi">B.</span><span class="pl-en">buffer</span> <span class="pl-en">a2</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">modifies_2</span> <span class="pl-en">b1</span> <span class="pl-en">b2</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-en">b1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-en">b2</span><span class="pl-c1">))</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">modifies_2</span> <span class="pl-en">b1</span> <span class="pl-en">b2</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_3_modifies</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a1</span> <span class="pl-c1">#</span><span class="pl-en">a2</span> <span class="pl-c1">#</span><span class="pl-en">a3</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b1</span><span class="pl-c1">:</span> <span class="pl-smi">B.</span><span class="pl-en">buffer</span> <span class="pl-en">a1</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b2</span><span class="pl-c1">:</span> <span class="pl-smi">B.</span><span class="pl-en">buffer</span> <span class="pl-en">a2</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b3</span><span class="pl-c1">:</span> <span class="pl-smi">B.</span><span class="pl-en">buffer</span> <span class="pl-en">a3</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">modifies_3</span> <span class="pl-en">b1</span> <span class="pl-en">b2</span> <span class="pl-en">b3</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-en">b1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-en">b2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-en">b3</span><span class="pl-c1">)))</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_buffer_rcreate_post_common</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">init</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">len</span><span class="pl-c1">:</span> <span class="pl-smi">FStar.UInt32.</span><span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-smi">B.</span><span class="pl-en">buffer</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h0</span> <span class="pl-en">h1</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">rcreate_post_common</span> <span class="pl-en">r</span> <span class="pl-en">init</span> <span class="pl-en">len</span> <span class="pl-en">b</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">loc_none</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mreference_live_buffer_unused_in_disjoint</span>
+  <span class="pl-c1">(#</span><span class="pl-en">t1</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">pre</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">t1</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">t2</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b1</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">t1</span> <span class="pl-en">pre</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b2</span><span class="pl-c1">:</span> <span class="pl-smi">B.</span><span class="pl-en">buffer</span> <span class="pl-en">t2</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span> <span class="pl-en">h</span> <span class="pl-en">b1</span> <span class="pl-c1">/\</span> <span class="pl-smi">B.</span><span class="pl-en">unused_in</span> <span class="pl-en">b2</span> <span class="pl-en">h</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-c1">(</span><span class="pl-en">loc_freed_mreference</span> <span class="pl-en">b1</span><span class="pl-c1">)</span>  <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-en">b2</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span> <span class="pl-en">h</span> <span class="pl-en">b1</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">unused_in</span> <span class="pl-en">b2</span> <span class="pl-en">h</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">buffer_live_mreference_unused_in_disjoint</span>
+  <span class="pl-c1">(#</span><span class="pl-en">t1</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">t2</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">pre</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">t2</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b1</span><span class="pl-c1">:</span> <span class="pl-smi">B.</span><span class="pl-en">buffer</span> <span class="pl-en">t1</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b2</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">t2</span> <span class="pl-en">pre</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">live</span> <span class="pl-en">h</span> <span class="pl-en">b1</span> <span class="pl-c1">/\</span> <span class="pl-smi">HS.</span><span class="pl-en">unused_in</span> <span class="pl-en">b2</span> <span class="pl-en">h</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-c1">(</span><span class="pl-en">loc_buffer</span> <span class="pl-en">b1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_freed_mreference</span> <span class="pl-en">b2</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">B.</span><span class="pl-en">live</span> <span class="pl-en">h</span> <span class="pl-en">b1</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">unused_in</span> <span class="pl-en">b2</span> <span class="pl-en">h</span><span class="pl-c1">)]</span></pre></div>
+<p>BEGIN TODO: move to FStar.Monotonic.HyperStack</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">does_not_contain_addr</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ra</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span> * <span class="pl-c1">nat)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">not_live_region_does_not_contain_addr</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ra</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span> * <span class="pl-c1">nat)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(~</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h</span> <span class="pl-c1">(</span><span class="pl-en">fst</span> <span class="pl-en">ra</span><span class="pl-c1">))))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">does_not_contain_addr</span><span class="pl-c1">`</span> <span class="pl-en">ra</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">unused_in_does_not_contain_addr</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-smi">HS.</span><span class="pl-en">unused_in</span><span class="pl-c1">`</span> <span class="pl-en">h</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">does_not_contain_addr</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">r</span><span class="pl-c1">,</span> <span class="pl-smi">HS.</span><span class="pl-en">as_addr</span> <span class="pl-en">r</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">addr_unused_in_does_not_contain_addr</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ra</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span> * <span class="pl-c1">nat)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h</span> <span class="pl-c1">(</span><span class="pl-en">fst</span> <span class="pl-en">ra</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">snd</span> <span class="pl-en">ra</span> <span class="pl-c1">`</span><span class="pl-smi">Heap.</span><span class="pl-en">addr_unused_in</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-smi">Map.</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">get_hmap</span> <span class="pl-en">h</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">fst</span> <span class="pl-en">ra</span><span class="pl-c1">))))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">does_not_contain_addr</span><span class="pl-c1">`</span> <span class="pl-en">ra</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">free_does_not_contain_addr</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type0)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span> * <span class="pl-c1">nat)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span>
+    <span class="pl-smi">HS.</span><span class="pl-en">is_mm</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">fst</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">snd</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-smi">HS.</span><span class="pl-en">as_addr</span> <span class="pl-en">r</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span>
+    <span class="pl-smi">HS.</span><span class="pl-en">free</span> <span class="pl-en">r</span> <span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-en">does_not_contain_addr</span><span class="pl-c1">`</span> <span class="pl-en">x</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">free</span> <span class="pl-en">r</span> <span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-en">does_not_contain_addr</span><span class="pl-c1">`</span> <span class="pl-en">x</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">does_not_contain_addr_elim</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type0)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span> * <span class="pl-c1">nat)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span>
+    <span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-en">does_not_contain_addr</span><span class="pl-c1">`</span> <span class="pl-en">x</span> <span class="pl-c1">/\</span>
+    <span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-en">fst</span> <span class="pl-en">x</span> <span class="pl-c1">/\</span>
+    <span class="pl-smi">HS.</span><span class="pl-en">as_addr</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-en">snd</span> <span class="pl-en">x</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(~</span> <span class="pl-c1">(</span><span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">)))</span></pre></div>
+<p>END TODO</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_only_live_addresses</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span>
+    <span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-c1">false</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">/\</span>
+    <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span> <span class="pl-c1">.</span> <span class="pl-smi">Set.</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">a</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">does_not_contain_addr</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">,</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">l</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">))</span></pre></div>
+<blockquote>
+<p>Type class instantiation for compositionality with other kinds of memory locations than regions, references or buffers (just in case).
+No usage pattern has been found yet.</p>
+</blockquote>
+<ul>
+<li>Aliases module <a href="FStar.ModifiesGen.html"> FStar.ModifiesGen</a> as <code>MG </code>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">cloc_aloc</span> <span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(Type</span> <span class="pl-c1">u#</span><span class="pl-c1">1</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">cloc_cls</span><span class="pl-c1">:</span> <span class="pl-smi">MG.</span><span class="pl-en">cls</span> <span class="pl-en">cloc_aloc</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">cloc_of_loc</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-smi">MG.</span><span class="pl-en">loc</span> <span class="pl-en">cloc_cls</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_of_cloc</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-smi">MG.</span><span class="pl-en">loc</span> <span class="pl-en">cloc_cls</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">loc</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_of_cloc_of_loc</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">loc_of_cloc</span> <span class="pl-c1">(</span><span class="pl-en">cloc_of_loc</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">l</span><span class="pl-c1">)</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">loc_of_cloc</span> <span class="pl-c1">(</span><span class="pl-en">cloc_of_loc</span> <span class="pl-en">l</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">cloc_of_loc_of_cloc</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-smi">MG.</span><span class="pl-en">loc</span> <span class="pl-en">cloc_cls</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">cloc_of_loc</span> <span class="pl-c1">(</span><span class="pl-en">loc_of_cloc</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">l</span><span class="pl-c1">)</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">cloc_of_loc</span> <span class="pl-c1">(</span><span class="pl-en">loc_of_cloc</span> <span class="pl-en">l</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">cloc_of_loc_none</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">cloc_of_loc</span> <span class="pl-en">loc_none</span> <span class="pl-c1">==</span> <span class="pl-smi">MG.</span><span class="pl-en">loc_none</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">cloc_of_loc_union</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">cloc_of_loc</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-smi">MG.</span><span class="pl-en">loc_union</span> <span class="pl-c1">(</span><span class="pl-en">cloc_of_loc</span> <span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">cloc_of_loc</span> <span class="pl-en">l2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">cloc_of_loc_addresses</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">cloc_of_loc</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">r</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-smi">MG.</span><span class="pl-en">loc_addresses</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">r</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">cloc_of_loc_regions</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">cloc_of_loc</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-smi">MG.</span><span class="pl-en">loc_regions</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">r</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes_to_cloc</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-smi">MG.</span><span class="pl-en">loc_includes</span> <span class="pl-c1">(</span><span class="pl-en">cloc_of_loc</span> <span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">cloc_of_loc</span> <span class="pl-en">l2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_disjoint_to_cloc</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-smi">MG.</span><span class="pl-en">loc_disjoint</span> <span class="pl-c1">(</span><span class="pl-en">cloc_of_loc</span> <span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">cloc_of_loc</span> <span class="pl-en">l2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_to_cloc</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">loc</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">l</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-smi">MG.</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">cloc_of_loc</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">)</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.ModifiesGen.html b/docs/FStar.ModifiesGen.html
index 998014e..93fd421 100644
--- a/docs/FStar.ModifiesGen.html
+++ b/docs/FStar.ModifiesGen.html
@@ -1,61 +1,1083 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.ModifiesGen</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.modifiesgen">module FStar.ModifiesGen</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">* The modifies clause </code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> loc_union_idem:#aloc:aloc_t -&gt; #c:cls aloc -&gt; s:loc c -&gt; (Lemma (==(loc_union s s, s)))</code></pre></div>
-<p>The following is useful to make Z3 cut matching loops with modifies_trans and modifies_refl</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> Liveness-insensitive memory locations </code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> The modifies clause proper </code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> BEGIN TODO: move <span class="kw">to</span> FStar<span class="kw">.</span>Monotonic<span class="kw">.</span>HyperStack </code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> END TODO </code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> * Compositionality </code></pre></div>
+<h1>
+<a id="user-content-fstarmodifiesgen" class="anchor" href="#fstarmodifiesgen" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.ModifiesGen</h1>
+<ul>
+<li>Aliases module <a href="FStar.HyperStack.html"> FStar.HyperStack</a> as <code>HS </code>
+</li>
+<li>Aliases module <a href="FStar.HyperStack.ST.html"> FStar.HyperStack.ST</a> as <code>HST </code>
+</li>
+</ul>
+<h3>
+<a id="user-content-the-modifies-clause" class="anchor" href="#the-modifies-clause" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>The modifies clause</h3>
+<p>NOTE: aloc cannot be a member of the class, because of OCaml
+extraction. So it must be a parameter of the class instead.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">aloc_t</span> <span class="pl-c1">=</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">noeq</span>
+<span class="pl-k">type</span> <span class="pl-en">cls</span> <span class="pl-c1">(</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">=</span> <span class="pl-c1">|</span> <span class="pl-c1">Cls</span><span class="pl-c1">:</span>
+  <span class="pl-c1">(</span><span class="pl-en">aloc_includes</span><span class="pl-c1">:</span> <span class="pl-c1">(</span>
+    <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">aloc</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">aloc</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span>
+  <span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">(</span><span class="pl-en">aloc_includes_refl</span><span class="pl-c1">:</span> <span class="pl-c1">(</span>
+    <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">aloc</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">aloc_includes</span> <span class="pl-en">x</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+  <span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">(</span><span class="pl-en">aloc_includes_trans</span><span class="pl-c1">:</span> <span class="pl-c1">(</span>
+    <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">x1</span><span class="pl-c1">:</span> <span class="pl-en">aloc</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">x2</span><span class="pl-c1">:</span> <span class="pl-en">aloc</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">x3</span><span class="pl-c1">:</span> <span class="pl-en">aloc</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">aloc_includes</span> <span class="pl-en">x1</span> <span class="pl-en">x2</span> <span class="pl-c1">/\</span> <span class="pl-en">aloc_includes</span> <span class="pl-en">x2</span> <span class="pl-en">x3</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">aloc_includes</span> <span class="pl-en">x1</span> <span class="pl-en">x3</span><span class="pl-c1">))</span>
+  <span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">(</span><span class="pl-en">aloc_disjoint</span><span class="pl-c1">:</span> <span class="pl-c1">(</span>
+    <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">x1</span><span class="pl-c1">:</span> <span class="pl-en">aloc</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">x2</span><span class="pl-c1">:</span> <span class="pl-en">aloc</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span>
+  <span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">(</span><span class="pl-en">aloc_disjoint_sym</span><span class="pl-c1">:</span> <span class="pl-c1">(</span>
+    <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">x1</span><span class="pl-c1">:</span> <span class="pl-en">aloc</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">x2</span><span class="pl-c1">:</span> <span class="pl-en">aloc</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">aloc_disjoint</span> <span class="pl-en">x1</span> <span class="pl-en">x2</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">aloc_disjoint</span> <span class="pl-en">x2</span> <span class="pl-en">x1</span><span class="pl-c1">)</span>
+  <span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">(</span><span class="pl-en">aloc_disjoint_includes</span><span class="pl-c1">:</span> <span class="pl-c1">(</span>
+    <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">larger1</span><span class="pl-c1">:</span> <span class="pl-en">aloc</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">larger2</span><span class="pl-c1">:</span> <span class="pl-en">aloc</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">smaller1</span><span class="pl-c1">:</span> <span class="pl-en">aloc</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">smaller2</span><span class="pl-c1">:</span> <span class="pl-en">aloc</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">aloc_disjoint</span> <span class="pl-en">larger1</span> <span class="pl-en">larger2</span> <span class="pl-c1">/\</span> <span class="pl-en">larger1</span> <span class="pl-c1">`</span><span class="pl-en">aloc_includes</span><span class="pl-c1">`</span> <span class="pl-en">smaller1</span> <span class="pl-c1">/\</span> <span class="pl-en">larger2</span> <span class="pl-c1">`</span><span class="pl-en">aloc_includes</span><span class="pl-c1">`</span> <span class="pl-en">smaller2</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">aloc_disjoint</span> <span class="pl-en">smaller1</span> <span class="pl-en">smaller2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">(</span><span class="pl-en">aloc_preserved</span><span class="pl-c1">:</span> <span class="pl-c1">(</span>
+    <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">aloc</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-smi">HS.</span><span class="pl-en">mem</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-smi">HS.</span><span class="pl-en">mem</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span>
+  <span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">(</span><span class="pl-en">aloc_preserved_refl</span><span class="pl-c1">:</span> <span class="pl-c1">(</span>
+    <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">aloc</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">aloc_preserved</span> <span class="pl-en">x</span> <span class="pl-en">h</span> <span class="pl-en">h</span><span class="pl-c1">)</span>
+  <span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">(</span><span class="pl-en">aloc_preserved_trans</span><span class="pl-c1">:</span> <span class="pl-c1">(</span>
+    <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">aloc</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">h1</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">h2</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">h3</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">aloc_preserved</span> <span class="pl-en">x</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span> <span class="pl-c1">/\</span> <span class="pl-en">aloc_preserved</span> <span class="pl-en">x</span> <span class="pl-en">h2</span> <span class="pl-en">h3</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">aloc_preserved</span> <span class="pl-en">x</span> <span class="pl-en">h1</span> <span class="pl-en">h3</span><span class="pl-c1">))</span>
+  <span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span></pre></div>
+<p>if any reference at this address is preserved, then any location at this address is preserved</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">(</span><span class="pl-en">same_mreference_aloc_preserved</span><span class="pl-c1">:</span> <span class="pl-c1">(</span>
+  <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">aloc</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">(</span><span class="pl-en">h1</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">(</span><span class="pl-en">h2</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span>
+    <span class="pl-c1">(</span><span class="pl-en">a'</span> <span class="pl-c1">:</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">pre</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">a'</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">r'</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">a'</span> <span class="pl-en">pre</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">h1</span> <span class="pl-c1">`</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r'</span> <span class="pl-c1">/\</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">r'</span> <span class="pl-c1">/\</span> <span class="pl-en">a</span> <span class="pl-c1">==</span> <span class="pl-smi">HS.</span><span class="pl-en">as_addr</span> <span class="pl-en">r'</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">h2</span> <span class="pl-c1">`</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r'</span> <span class="pl-c1">/\</span> <span class="pl-en">h1</span> <span class="pl-c1">`</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span><span class="pl-c1">`</span> <span class="pl-en">r'</span> <span class="pl-c1">==</span> <span class="pl-en">h2</span> <span class="pl-c1">`</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span><span class="pl-c1">`</span> <span class="pl-en">r'</span><span class="pl-c1">))</span>
+  <span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">aloc_preserved</span> <span class="pl-en">b</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">)</span>
+<span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span>
+<span class="pl-en">cls</span> <span class="pl-en">aloc</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc</span> <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span> <span class="pl-c1">u#</span><span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(Type</span> <span class="pl-c1">u#</span><span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_none</span> <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">):</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_union</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-loc_union_idem" class="anchor" href="#loc_union_idem" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>loc_union_idem</h4>
+<p>The following is useful to make Z3 cut matching loops with
+modifies_trans and modifies_refl</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_union_idem</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">s</span> <span class="pl-en">s</span> <span class="pl-c1">==</span> <span class="pl-en">s</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_union_comm</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span> <span class="pl-c1">==</span> <span class="pl-en">loc_union</span> <span class="pl-en">s2</span> <span class="pl-en">s1</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_union_assoc</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span> <span class="pl-en">s3</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">s1</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">s2</span> <span class="pl-en">s3</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">loc_union</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-en">s3</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_union_loc_none_l</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">loc_none</span> <span class="pl-en">s</span> <span class="pl-c1">==</span> <span class="pl-en">s</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_union_loc_none_r</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">s</span> <span class="pl-en">loc_none</span> <span class="pl-c1">==</span> <span class="pl-en">s</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_of_aloc</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">aloc</span> <span class="pl-en">r</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_of_aloc_not_none</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">aloc</span> <span class="pl-en">r</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">loc_of_aloc</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-en">b</span> <span class="pl-c1">==</span> <span class="pl-en">loc_none</span> <span class="pl-c1">==&gt;</span> <span class="pl-c1">False</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_addresses</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_regions</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">loc_mreference</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">p</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+<span class="pl-c1">=</span> <span class="pl-en">loc_addresses</span> <span class="pl-c1">true</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">singleton</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">as_addr</span> <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">loc_freed_mreference</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">p</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+<span class="pl-c1">=</span> <span class="pl-en">loc_addresses</span> <span class="pl-c1">false</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">singleton</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">as_addr</span> <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">loc_region_only</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+<span class="pl-c1">=</span> <span class="pl-en">loc_regions</span> <span class="pl-en">preserve_liveness</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">singleton</span> <span class="pl-en">r</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">loc_all_regions_from</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+<span class="pl-c1">=</span> <span class="pl-en">loc_regions</span> <span class="pl-en">preserve_liveness</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">mod_set</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">singleton</span> <span class="pl-en">r</span><span class="pl-c1">))</span></pre></div>
+<p>Inclusion of memory locations</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes_refl</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-en">s</span> <span class="pl-en">s</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes_trans</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span> <span class="pl-en">s3</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span> <span class="pl-c1">/\</span> <span class="pl-en">loc_includes</span> <span class="pl-en">s2</span> <span class="pl-en">s3</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-en">s1</span> <span class="pl-en">s3</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes_union_r</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-en">s</span> <span class="pl-en">s1</span> <span class="pl-c1">/\</span> <span class="pl-en">loc_includes</span> <span class="pl-en">s</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes_union_l</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span> <span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-en">s1</span> <span class="pl-en">s</span> <span class="pl-c1">\/</span> <span class="pl-en">loc_includes</span> <span class="pl-en">s2</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-en">s</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes_none</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-en">s</span> <span class="pl-en">loc_none</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes_none_elim</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-en">loc_none</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">s</span> <span class="pl-c1">==</span> <span class="pl-en">loc_none</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes_aloc</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b1</span> <span class="pl-en">b2</span><span class="pl-c1">:</span> <span class="pl-en">aloc</span> <span class="pl-en">r</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">.</span><span class="pl-en">aloc_includes</span> <span class="pl-en">b1</span> <span class="pl-en">b2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-c1">(</span><span class="pl-en">loc_of_aloc</span> <span class="pl-en">b1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_of_aloc</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-en">b2</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes_aloc_elim</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">r1</span> <span class="pl-c1">#</span><span class="pl-en">r2</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">n1</span> <span class="pl-c1">#</span><span class="pl-en">n2</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b1</span><span class="pl-c1">:</span> <span class="pl-en">aloc</span> <span class="pl-en">r1</span> <span class="pl-en">n1</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b2</span><span class="pl-c1">:</span> <span class="pl-en">aloc</span> <span class="pl-en">r2</span> <span class="pl-en">n2</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-c1">(</span><span class="pl-en">loc_of_aloc</span> <span class="pl-en">b1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_of_aloc</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-en">b2</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">r1</span> <span class="pl-c1">==</span> <span class="pl-en">r2</span> <span class="pl-c1">/\</span> <span class="pl-en">n1</span> <span class="pl-c1">==</span> <span class="pl-en">n2</span> <span class="pl-c1">/\</span> <span class="pl-en">c</span><span class="pl-c1">.</span><span class="pl-en">aloc_includes</span> <span class="pl-en">b1</span> <span class="pl-en">b2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes_addresses_aloc</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span>
+  <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-en">aloc</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">mem</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">r</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_of_aloc</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-en">p</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes_region_aloc</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">aloc</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">mem</span> <span class="pl-en">r</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_of_aloc</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-en">b</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes_region_addresses</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness1</span> <span class="pl-en">preserve_liveness2</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">mem</span> <span class="pl-en">r</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-en">preserve_liveness1</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-en">preserve_liveness2</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes_region_region</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness1</span> <span class="pl-en">preserve_liveness2</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">((</span><span class="pl-en">preserve_liveness1</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">preserve_liveness2</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-smi">Set.</span><span class="pl-en">subset</span> <span class="pl-en">s2</span> <span class="pl-en">s1</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-en">preserve_liveness1</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-en">preserve_liveness2</span> <span class="pl-en">s2</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes_region_union_l</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-en">l</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-en">preserve_liveness</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">intersect</span> <span class="pl-en">s2</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">complement</span> <span class="pl-en">s1</span><span class="pl-c1">)))))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">s2</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes_addresses_addresses</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness1</span> <span class="pl-en">preserve_liveness2</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">a1</span> <span class="pl-en">a2</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">((</span><span class="pl-en">preserve_liveness1</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">preserve_liveness2</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-smi">Set.</span><span class="pl-en">subset</span> <span class="pl-en">a2</span> <span class="pl-en">a1</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-en">preserve_liveness1</span> <span class="pl-en">r</span> <span class="pl-en">a1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-en">preserve_liveness2</span> <span class="pl-en">r</span> <span class="pl-en">a2</span><span class="pl-c1">)))</span></pre></div>
+<p>Disjointness of two memory locations</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_disjoint</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_disjoint_sym</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-en">s2</span> <span class="pl-en">s1</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_disjoint_none_r</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-en">s</span> <span class="pl-en">loc_none</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_disjoint_union_r</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-en">s</span> <span class="pl-en">s1</span> <span class="pl-c1">/\</span> <span class="pl-en">loc_disjoint</span> <span class="pl-en">s</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_disjoint_includes</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">p1</span> <span class="pl-en">p2</span> <span class="pl-en">p1'</span> <span class="pl-en">p2'</span> <span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-en">p1</span> <span class="pl-en">p1'</span> <span class="pl-c1">/\</span> <span class="pl-en">loc_includes</span> <span class="pl-en">p2</span> <span class="pl-en">p2'</span> <span class="pl-c1">/\</span> <span class="pl-en">loc_disjoint</span> <span class="pl-en">p1</span> <span class="pl-en">p2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-en">p1'</span> <span class="pl-en">p2'</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_disjoint_aloc_intro</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">r1</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a1</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">r2</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a2</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b1</span><span class="pl-c1">:</span> <span class="pl-en">aloc</span> <span class="pl-en">r1</span> <span class="pl-en">a1</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b2</span><span class="pl-c1">:</span> <span class="pl-en">aloc</span> <span class="pl-en">r2</span> <span class="pl-en">a2</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">((</span><span class="pl-en">r1</span> <span class="pl-c1">==</span> <span class="pl-en">r2</span> <span class="pl-c1">/\</span> <span class="pl-en">a1</span> <span class="pl-c1">==</span> <span class="pl-en">a2</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">c</span><span class="pl-c1">.</span><span class="pl-en">aloc_disjoint</span> <span class="pl-en">b1</span> <span class="pl-en">b2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-c1">(</span><span class="pl-en">loc_of_aloc</span> <span class="pl-en">b1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_of_aloc</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-en">b2</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_disjoint_aloc_elim</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">r1</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a1</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">r2</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a2</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b1</span><span class="pl-c1">:</span> <span class="pl-en">aloc</span> <span class="pl-en">r1</span> <span class="pl-en">a1</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b2</span><span class="pl-c1">:</span> <span class="pl-en">aloc</span> <span class="pl-en">r2</span> <span class="pl-en">a2</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-c1">(</span><span class="pl-en">loc_of_aloc</span> <span class="pl-en">b1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_of_aloc</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-en">b2</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">((</span><span class="pl-en">r1</span> <span class="pl-c1">==</span> <span class="pl-en">r2</span> <span class="pl-c1">/\</span> <span class="pl-en">a1</span> <span class="pl-c1">==</span> <span class="pl-en">a2</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">c</span><span class="pl-c1">.</span><span class="pl-en">aloc_disjoint</span> <span class="pl-en">b1</span> <span class="pl-en">b2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_disjoint_addresses_intro</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness1</span> <span class="pl-en">preserve_liveness2</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r1</span> <span class="pl-en">r2</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">n1</span> <span class="pl-en">n2</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">r1</span> &lt;&gt; <span class="pl-en">r2</span> <span class="pl-c1">\/</span> <span class="pl-smi">Set.</span><span class="pl-en">subset</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">intersect</span> <span class="pl-en">n1</span> <span class="pl-en">n2</span><span class="pl-c1">)</span> <span class="pl-smi">Set.</span><span class="pl-en">empty</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-en">preserve_liveness1</span> <span class="pl-en">r1</span> <span class="pl-en">n1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-en">preserve_liveness2</span> <span class="pl-en">r2</span> <span class="pl-en">n2</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">loc_disjoint_addresses</span> <span class="pl-c1">#</span><span class="pl-en">aloc</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">loc_disjoint_addresses_intro</span> <span class="pl-c1">#</span><span class="pl-en">aloc</span> <span class="pl-c1">#</span><span class="pl-en">c</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_disjoint_addresses_elim</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness1</span> <span class="pl-en">preserve_liveness2</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r1</span> <span class="pl-en">r2</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">n1</span> <span class="pl-en">n2</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-en">preserve_liveness1</span> <span class="pl-en">r1</span> <span class="pl-en">n1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-en">preserve_liveness2</span> <span class="pl-en">r2</span> <span class="pl-en">n2</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">r1</span> &lt;&gt; <span class="pl-en">r2</span> <span class="pl-c1">\/</span> <span class="pl-smi">Set.</span><span class="pl-en">subset</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">intersect</span> <span class="pl-en">n1</span> <span class="pl-en">n2</span><span class="pl-c1">)</span> <span class="pl-smi">Set.</span><span class="pl-en">empty</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_disjoint_aloc_addresses_intro</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">r'</span> <span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a'</span> <span class="pl-c1">:</span> <span class="pl-c1">nat)</span>
+  <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-en">aloc</span> <span class="pl-en">r'</span> <span class="pl-en">a'</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-en">r'</span> <span class="pl-c1">==&gt;</span> <span class="pl-c1">(~</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">mem</span> <span class="pl-en">a'</span> <span class="pl-en">n</span><span class="pl-c1">))))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-c1">(</span><span class="pl-en">loc_of_aloc</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">r</span> <span class="pl-en">n</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_disjoint_aloc_addresses_elim</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">r'</span> <span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a'</span> <span class="pl-c1">:</span> <span class="pl-c1">nat)</span>
+  <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-en">aloc</span> <span class="pl-en">r'</span> <span class="pl-en">a'</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-c1">(</span><span class="pl-en">loc_of_aloc</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">r</span> <span class="pl-en">n</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-en">r'</span> <span class="pl-c1">==&gt;</span> <span class="pl-c1">(~</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">mem</span> <span class="pl-en">a'</span> <span class="pl-en">n</span><span class="pl-c1">))))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_disjoint_regions</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness1</span> <span class="pl-en">preserve_liveness2</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">rs1</span> <span class="pl-en">rs2</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">subset</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">intersect</span> <span class="pl-en">rs1</span> <span class="pl-en">rs2</span><span class="pl-c1">)</span> <span class="pl-smi">Set.</span><span class="pl-en">empty</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-en">preserve_liveness1</span> <span class="pl-en">rs1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-en">preserve_liveness2</span> <span class="pl-en">rs2</span><span class="pl-c1">)))</span></pre></div>
+<p>Liveness-insensitive memory locations</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">address_liveness_insensitive_locs</span> <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes_address_liveness_insensitive_locs_aloc</span> <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-en">aloc</span> <span class="pl-en">r</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-c1">(</span><span class="pl-en">address_liveness_insensitive_locs</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_of_aloc</span> <span class="pl-en">a</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes_address_liveness_insensitive_locs_addresses</span> <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-c1">(</span><span class="pl-en">address_liveness_insensitive_locs</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-c1">true</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">region_liveness_insensitive_locs</span> <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes_region_liveness_insensitive_locs_address_liveness_insensitive_locs</span> <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-c1">(</span><span class="pl-en">region_liveness_insensitive_locs</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">address_liveness_insensitive_locs</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes_region_liveness_insensitive_locs_loc_regions</span>
+  <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">region_liveness_insensitive_locs</span> <span class="pl-en">c</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-en">loc_regions</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-c1">true</span> <span class="pl-en">r</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes_region_liveness_insensitive_locs_loc_addresses</span>
+  <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">preserve_liveness</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">region_liveness_insensitive_locs</span> <span class="pl-en">c</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-en">loc_addresses</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_includes_region_liveness_insensitive_locs_loc_of_aloc</span>
+  <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">al</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">region_liveness_insensitive_locs</span> <span class="pl-en">c</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-en">loc_of_aloc</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<p>The modifies clause proper</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_intro</span>
+  <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">regions</span><span class="pl-c1">:</span> <span class="pl-c1">(</span>
+    <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h'</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">mrefs</span><span class="pl-c1">:</span> <span class="pl-c1">(</span>
+    <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">pre</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">t</span> <span class="pl-en">pre</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">((</span><span class="pl-en">loc_disjoint</span> <span class="pl-c1">(</span><span class="pl-en">loc_mreference</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-smi">HS.</span><span class="pl-en">contains</span> <span class="pl-en">h</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span> <span class="pl-en">h'</span> <span class="pl-en">b</span> <span class="pl-c1">/\</span> <span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h'</span> <span class="pl-en">b</span> <span class="pl-c1">==</span> <span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">livenesses</span><span class="pl-c1">:</span> <span class="pl-c1">(</span>
+    <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">pre</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">t</span> <span class="pl-en">pre</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span> <span class="pl-en">h</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span> <span class="pl-en">h'</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">addr_unused_in</span><span class="pl-c1">:</span> <span class="pl-c1">(</span>
+    <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span>
+      <span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span>
+      <span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h'</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span> <span class="pl-en">n</span> <span class="pl-c1">`</span><span class="pl-smi">Heap.</span><span class="pl-en">addr_unused_in</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">get_hmap</span> <span class="pl-en">h'</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">sel</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">)</span>
+    <span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">`</span><span class="pl-smi">Heap.</span><span class="pl-en">addr_unused_in</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">get_hmap</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">sel</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">alocs</span><span class="pl-c1">:</span> <span class="pl-c1">(</span>
+    <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">al</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-c1">(</span><span class="pl-en">loc_of_aloc</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">.</span><span class="pl-en">aloc_preserved</span> <span class="pl-en">x</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">))</span>
+  <span class="pl-c1">))</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">l</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_none_intro</span>
+  <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">regions</span><span class="pl-c1">:</span> <span class="pl-c1">(</span>
+    <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h'</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">mrefs</span><span class="pl-c1">:</span> <span class="pl-c1">(</span>
+    <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">pre</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">t</span> <span class="pl-en">pre</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span> <span class="pl-en">h</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span> <span class="pl-en">h'</span> <span class="pl-en">b</span> <span class="pl-c1">/\</span> <span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h'</span> <span class="pl-en">b</span> <span class="pl-c1">==</span> <span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">addr_unused_in</span><span class="pl-c1">:</span> <span class="pl-c1">(</span>
+    <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span> <span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h'</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span> <span class="pl-en">n</span> <span class="pl-c1">`</span><span class="pl-smi">Heap.</span><span class="pl-en">addr_unused_in</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">get_hmap</span> <span class="pl-en">h'</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">sel</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">`</span><span class="pl-smi">Heap.</span><span class="pl-en">addr_unused_in</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">get_hmap</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">sel</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">))</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_none</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_address_intro</span>
+  <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">regions</span><span class="pl-c1">:</span> <span class="pl-c1">(</span>
+    <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h'</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">mrefs</span><span class="pl-c1">:</span> <span class="pl-c1">(</span>
+    <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">pre</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">t</span> <span class="pl-en">pre</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">((</span><span class="pl-en">r</span> &lt;&gt; <span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">b</span> <span class="pl-c1">\/</span> <span class="pl-en">n</span> &lt;&gt; <span class="pl-smi">HS.</span><span class="pl-en">as_addr</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-smi">HS.</span><span class="pl-en">contains</span> <span class="pl-en">h</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span> <span class="pl-en">h'</span> <span class="pl-en">b</span> <span class="pl-c1">/\</span> <span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h'</span> <span class="pl-en">b</span> <span class="pl-c1">==</span> <span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">addr_unused_in</span><span class="pl-c1">:</span> <span class="pl-c1">(</span>
+    <span class="pl-c1">(</span><span class="pl-en">r'</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">n'</span> <span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">((</span><span class="pl-en">r'</span> &lt;&gt; <span class="pl-en">r</span> <span class="pl-c1">\/</span> <span class="pl-en">n'</span> &lt;&gt; <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h</span> <span class="pl-en">r'</span> <span class="pl-c1">/\</span> <span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h'</span> <span class="pl-en">r'</span> <span class="pl-c1">/\</span> <span class="pl-en">n'</span> <span class="pl-c1">`</span><span class="pl-smi">Heap.</span><span class="pl-en">addr_unused_in</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">get_hmap</span> <span class="pl-en">h'</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">sel</span><span class="pl-c1">`</span> <span class="pl-en">r'</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">n'</span> <span class="pl-c1">`</span><span class="pl-smi">Heap.</span><span class="pl-en">addr_unused_in</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">get_hmap</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">sel</span><span class="pl-c1">`</span> <span class="pl-en">r'</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">))</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-c1">false</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">singleton</span> <span class="pl-en">n</span><span class="pl-c1">))</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_aloc_intro</span>
+  <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">al</span> <span class="pl-en">r</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">regions</span><span class="pl-c1">:</span> <span class="pl-c1">(</span>
+    <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h'</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">mrefs</span><span class="pl-c1">:</span> <span class="pl-c1">(</span>
+    <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">pre</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">t</span> <span class="pl-en">pre</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">((</span><span class="pl-en">r</span> &lt;&gt; <span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">b</span> <span class="pl-c1">\/</span> <span class="pl-en">n</span> &lt;&gt; <span class="pl-smi">HS.</span><span class="pl-en">as_addr</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-smi">HS.</span><span class="pl-en">contains</span> <span class="pl-en">h</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span> <span class="pl-en">h'</span> <span class="pl-en">b</span> <span class="pl-c1">/\</span> <span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h'</span> <span class="pl-en">b</span> <span class="pl-c1">==</span> <span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">livenesses</span><span class="pl-c1">:</span> <span class="pl-c1">(</span>
+    <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">pre</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">t</span> <span class="pl-en">pre</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span> <span class="pl-en">h</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span> <span class="pl-en">h'</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">addr_unused_in</span><span class="pl-c1">:</span> <span class="pl-c1">(</span>
+    <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span> <span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h'</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span> <span class="pl-en">n</span> <span class="pl-c1">`</span><span class="pl-smi">Heap.</span><span class="pl-en">addr_unused_in</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">get_hmap</span> <span class="pl-en">h'</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">sel</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">`</span><span class="pl-smi">Heap.</span><span class="pl-en">addr_unused_in</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">get_hmap</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">sel</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">alocs</span><span class="pl-c1">:</span> <span class="pl-c1">(</span>
+    <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">al</span> <span class="pl-en">r</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">.</span><span class="pl-en">aloc_disjoint</span> <span class="pl-en">x</span> <span class="pl-en">z</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">.</span><span class="pl-en">aloc_preserved</span> <span class="pl-en">x</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">))</span>
+  <span class="pl-c1">))</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_of_aloc</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-en">z</span><span class="pl-c1">)</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_live_region</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">s</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span> <span class="pl-c1">/\</span> <span class="pl-en">loc_disjoint</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-en">loc_region_only</span> <span class="pl-c1">false</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h1</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h2</span> <span class="pl-en">r</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_mreference_elim</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">pre</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">t</span> <span class="pl-en">pre</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span>
+    <span class="pl-en">loc_disjoint</span> <span class="pl-c1">(</span><span class="pl-en">loc_mreference</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">p</span> <span class="pl-c1">/\</span>
+    <span class="pl-smi">HS.</span><span class="pl-en">contains</span> <span class="pl-en">h</span> <span class="pl-en">b</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">modifies</span> <span class="pl-en">p</span> <span class="pl-en">h</span> <span class="pl-en">h'</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span>
+    <span class="pl-smi">HS.</span><span class="pl-en">contains</span> <span class="pl-en">h'</span> <span class="pl-en">b</span> <span class="pl-c1">/\</span>
+    <span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">b</span> <span class="pl-c1">==</span> <span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h'</span> <span class="pl-en">b</span>
+  <span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_aloc_elim</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span>
+  <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">aloc</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span>
+    <span class="pl-en">loc_disjoint</span> <span class="pl-c1">(</span><span class="pl-en">loc_of_aloc</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">p</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">modifies</span> <span class="pl-en">p</span> <span class="pl-en">h</span> <span class="pl-en">h'</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span>
+    <span class="pl-en">c</span><span class="pl-c1">.</span><span class="pl-en">aloc_preserved</span> <span class="pl-en">b</span> <span class="pl-en">h</span> <span class="pl-en">h'</span>
+  <span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_refl</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">s</span> <span class="pl-en">h</span> <span class="pl-en">h</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_loc_includes</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">s2</span> <span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">/\</span> <span class="pl-en">loc_includes</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">s1</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_preserves_liveness</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">pre</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">t</span> <span class="pl-en">pre</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">/\</span> <span class="pl-en">loc_disjoint</span> <span class="pl-en">s1</span> <span class="pl-c1">(</span><span class="pl-en">loc_mreference</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">loc_includes</span> <span class="pl-c1">(</span><span class="pl-en">address_liveness_insensitive_locs</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-en">s2</span> <span class="pl-c1">/\</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">h'</span> <span class="pl-c1">`</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_preserves_liveness_strong</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">pre</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">t</span> <span class="pl-en">pre</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">aloc</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">as_addr</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">/\</span> <span class="pl-en">loc_disjoint</span> <span class="pl-en">s1</span> <span class="pl-c1">(</span><span class="pl-en">loc_of_aloc</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-c1">#(</span><span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">#(</span><span class="pl-smi">HS.</span><span class="pl-en">as_addr</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">loc_includes</span> <span class="pl-c1">(</span><span class="pl-en">address_liveness_insensitive_locs</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-en">s2</span> <span class="pl-c1">/\</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">h'</span> <span class="pl-c1">`</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_preserves_region_liveness</span>
+  <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">/\</span> <span class="pl-en">region_liveness_insensitive_locs</span> <span class="pl-en">c</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-en">l2</span> <span class="pl-c1">/\</span> <span class="pl-en">loc_disjoint</span> <span class="pl-c1">(</span><span class="pl-en">loc_region_only</span> <span class="pl-c1">false</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">l1</span> <span class="pl-c1">/\</span> <span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h'</span> <span class="pl-en">r</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_preserves_region_liveness_reference</span>
+  <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">pre</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">t</span> <span class="pl-en">pre</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">/\</span> <span class="pl-en">region_liveness_insensitive_locs</span> <span class="pl-en">c</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-en">l2</span> <span class="pl-c1">/\</span> <span class="pl-en">loc_disjoint</span> <span class="pl-c1">(</span><span class="pl-en">loc_mreference</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">l1</span> <span class="pl-c1">/\</span> <span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">r</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h'</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">r</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_preserves_region_liveness_aloc</span>
+  <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">al</span> <span class="pl-en">r</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">/\</span> <span class="pl-en">region_liveness_insensitive_locs</span> <span class="pl-en">c</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-en">l2</span> <span class="pl-c1">/\</span> <span class="pl-en">loc_disjoint</span> <span class="pl-c1">(</span><span class="pl-en">loc_of_aloc</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-en">l1</span> <span class="pl-c1">/\</span> <span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h'</span> <span class="pl-en">r</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_trans</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s12</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s23</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h3</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">s12</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span> <span class="pl-c1">/\</span> <span class="pl-en">modifies</span> <span class="pl-en">s23</span> <span class="pl-en">h2</span> <span class="pl-en">h3</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">s12</span> <span class="pl-en">s23</span><span class="pl-c1">)</span> <span class="pl-en">h1</span> <span class="pl-en">h3</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_only_live_regions</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">rs</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span>
+    <span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-c1">false</span> <span class="pl-en">rs</span><span class="pl-c1">)</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">/\</span>
+    <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">r</span> <span class="pl-c1">.</span> <span class="pl-smi">Set.</span><span class="pl-en">mem</span> <span class="pl-en">r</span> <span class="pl-en">rs</span> <span class="pl-c1">==&gt;</span> <span class="pl-c1">(~</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h</span> <span class="pl-en">r</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">l</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">no_upd_fresh_region</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h0</span><span class="pl-c1">:</span><span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h1</span><span class="pl-c1">:</span><span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">fresh_region</span> <span class="pl-en">r</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span> <span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-c1">(</span><span class="pl-en">loc_all_regions_from</span> <span class="pl-c1">false</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">l</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">fresh_frame_modifies</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h0</span> <span class="pl-en">h1</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">fresh_frame</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-en">loc_none</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">new_region_modifies</span>
+  <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">m0</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r0</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">col</span><span class="pl-c1">:</span> <span class="pl-en">option</span> <span class="pl-c1">int)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">is_eternal_region</span> <span class="pl-en">r0</span> <span class="pl-c1">/\</span> <span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">m0</span> <span class="pl-en">r0</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-c1">None</span><span class="pl-c1">?</span> <span class="pl-en">col</span> <span class="pl-c1">\/</span> <span class="pl-smi">HS.</span><span class="pl-en">is_heap_color</span> <span class="pl-c1">(</span><span class="pl-c1">Some</span><span class="pl-c1">?.</span><span class="pl-en">v</span> <span class="pl-en">col</span><span class="pl-c1">))))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span>
+    <span class="pl-k">let</span> <span class="pl-c1">(</span><span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-en">m1</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-smi">HS.</span><span class="pl-en">new_eternal_region</span> <span class="pl-en">m0</span> <span class="pl-en">r0</span> <span class="pl-en">col</span> <span class="pl-k">in</span>
+    <span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_none</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span>
+  <span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">popped_modifies</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h0</span> <span class="pl-en">h1</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">popped</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">loc_region_only</span> <span class="pl-c1">false</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">get_tip</span> <span class="pl-en">h0</span><span class="pl-c1">))</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_fresh_frame_popped</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h0</span> <span class="pl-en">h1</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h2</span> <span class="pl-en">h3</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span>
+    <span class="pl-smi">HS.</span><span class="pl-en">fresh_frame</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-c1">(</span><span class="pl-en">loc_all_regions_from</span> <span class="pl-c1">false</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">get_tip</span> <span class="pl-en">h1</span><span class="pl-c1">))</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span> <span class="pl-c1">/\</span>
+    <span class="pl-smi">HS.</span><span class="pl-en">get_tip</span> <span class="pl-en">h2</span> <span class="pl-c1">==</span> <span class="pl-smi">HS.</span><span class="pl-en">get_tip</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span>
+    <span class="pl-smi">HS.</span><span class="pl-en">popped</span> <span class="pl-en">h2</span> <span class="pl-en">h3</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span>
+    <span class="pl-en">modifies</span> <span class="pl-en">s</span> <span class="pl-en">h0</span> <span class="pl-en">h3</span> <span class="pl-c1">/\</span>
+    <span class="pl-smi">HS.</span><span class="pl-en">get_tip</span> <span class="pl-en">h3</span> <span class="pl-c1">==</span> <span class="pl-smi">HS.</span><span class="pl-en">get_tip</span> <span class="pl-en">h0</span>
+  <span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_loc_regions_intro</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">rs</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">modifies</span> <span class="pl-en">rs</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-c1">true</span> <span class="pl-en">rs</span><span class="pl-c1">)</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_loc_addresses_intro</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span>
+    <span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h2</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-c1">(</span><span class="pl-en">loc_region_only</span> <span class="pl-c1">false</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span> <span class="pl-c1">/\</span>
+    <span class="pl-smi">HS.</span><span class="pl-en">modifies_ref</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-c1">true</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_ralloc_post</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">init</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h'</span> <span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">ralloc_post</span> <span class="pl-en">i</span> <span class="pl-en">init</span> <span class="pl-en">h</span> <span class="pl-en">x</span> <span class="pl-en">h'</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_none</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_salloc_post</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">init</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span> <span class="pl-c1">{</span> <span class="pl-smi">HS.</span><span class="pl-en">is_stack_region</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">}</span> <span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h'</span> <span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">salloc_post</span> <span class="pl-en">init</span> <span class="pl-en">h</span> <span class="pl-en">x</span> <span class="pl-en">h'</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_none</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_free</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span> <span class="pl-c1">{</span> <span class="pl-smi">HS.</span><span class="pl-en">is_mm</span> <span class="pl-en">r</span> <span class="pl-c1">}</span> <span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span> <span class="pl-c1">{</span> <span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span> <span class="pl-c1">}</span> <span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_freed_mreference</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">m</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">free</span> <span class="pl-en">r</span> <span class="pl-en">m</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_none_modifies</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">modifies_none</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_none</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_upd</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">pre</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">t</span> <span class="pl-en">pre</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span> <span class="pl-en">h</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">loc_mreference</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">h</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">r</span> <span class="pl-en">v</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_strengthen</span>
+  <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">r0</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">a0</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">al0</span><span class="pl-c1">:</span> <span class="pl-en">al</span> <span class="pl-en">r0</span> <span class="pl-en">a0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">alocs</span><span class="pl-c1">:</span> <span class="pl-c1">(</span>
+    <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">((</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">pre</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">t</span> <span class="pl-en">pre</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+      <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">m</span> <span class="pl-c1">==</span> <span class="pl-en">r0</span> <span class="pl-c1">/\</span> <span class="pl-smi">HS.</span><span class="pl-en">as_addr</span> <span class="pl-en">m</span> <span class="pl-c1">==</span> <span class="pl-en">a0</span> <span class="pl-c1">/\</span> <span class="pl-smi">HS.</span><span class="pl-en">contains</span> <span class="pl-en">h</span> <span class="pl-en">m</span><span class="pl-c1">))</span>
+      <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span> <span class="pl-en">h'</span> <span class="pl-en">m</span><span class="pl-c1">))</span>
+    <span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">al</span> <span class="pl-en">r0</span> <span class="pl-en">a0</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">.</span><span class="pl-en">aloc_disjoint</span> <span class="pl-en">x</span> <span class="pl-en">al0</span> <span class="pl-c1">/\</span> <span class="pl-en">loc_disjoint</span> <span class="pl-c1">(</span><span class="pl-en">loc_of_aloc</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">.</span><span class="pl-en">aloc_preserved</span> <span class="pl-en">x</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">))</span>
+  <span class="pl-c1">))</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">l</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-c1">true</span> <span class="pl-en">r0</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">singleton</span> <span class="pl-en">a0</span><span class="pl-c1">)))</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">l</span> <span class="pl-c1">(</span><span class="pl-en">loc_of_aloc</span> <span class="pl-en">al0</span><span class="pl-c1">))</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">))</span></pre></div>
+<p>BEGIN TODO: move to FStar.Monotonic.HyperStack</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">does_not_contain_addr</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ra</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span> * <span class="pl-c1">nat)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">not_live_region_does_not_contain_addr</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ra</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span> * <span class="pl-c1">nat)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(~</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h</span> <span class="pl-c1">(</span><span class="pl-en">fst</span> <span class="pl-en">ra</span><span class="pl-c1">))))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">does_not_contain_addr</span><span class="pl-c1">`</span> <span class="pl-en">ra</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">unused_in_does_not_contain_addr</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-smi">HS.</span><span class="pl-en">unused_in</span><span class="pl-c1">`</span> <span class="pl-en">h</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">does_not_contain_addr</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">r</span><span class="pl-c1">,</span> <span class="pl-smi">HS.</span><span class="pl-en">as_addr</span> <span class="pl-en">r</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">addr_unused_in_does_not_contain_addr</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ra</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span> * <span class="pl-c1">nat)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h</span> <span class="pl-c1">(</span><span class="pl-en">fst</span> <span class="pl-en">ra</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">snd</span> <span class="pl-en">ra</span> <span class="pl-c1">`</span><span class="pl-smi">Heap.</span><span class="pl-en">addr_unused_in</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">get_hmap</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">sel</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">fst</span> <span class="pl-en">ra</span><span class="pl-c1">))))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">does_not_contain_addr</span><span class="pl-c1">`</span> <span class="pl-en">ra</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">does_not_contain_addr_addr_unused_in</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ra</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span> * <span class="pl-c1">nat)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">does_not_contain_addr</span><span class="pl-c1">`</span> <span class="pl-en">ra</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h</span> <span class="pl-c1">(</span><span class="pl-en">fst</span> <span class="pl-en">ra</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">snd</span> <span class="pl-en">ra</span> <span class="pl-c1">`</span><span class="pl-smi">Heap.</span><span class="pl-en">addr_unused_in</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">get_hmap</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">sel</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">fst</span> <span class="pl-en">ra</span><span class="pl-c1">))))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">free_does_not_contain_addr</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type0)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span> * <span class="pl-c1">nat)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span>
+    <span class="pl-smi">HS.</span><span class="pl-en">is_mm</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">fst</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">snd</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-smi">HS.</span><span class="pl-en">as_addr</span> <span class="pl-en">r</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span>
+    <span class="pl-smi">HS.</span><span class="pl-en">free</span> <span class="pl-en">r</span> <span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-en">does_not_contain_addr</span><span class="pl-c1">`</span> <span class="pl-en">x</span>
+  <span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">does_not_contain_addr_elim</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type0)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span> * <span class="pl-c1">nat)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span>
+    <span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-en">does_not_contain_addr</span><span class="pl-c1">`</span> <span class="pl-en">x</span> <span class="pl-c1">/\</span>
+    <span class="pl-smi">HS.</span><span class="pl-en">frameOf</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-en">fst</span> <span class="pl-en">x</span> <span class="pl-c1">/\</span>
+    <span class="pl-smi">HS.</span><span class="pl-en">as_addr</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-en">snd</span> <span class="pl-en">x</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(~</span> <span class="pl-c1">(</span><span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">)))</span></pre></div>
+<p>END TODO</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_not_unused_in</span> <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_unused_in</span> <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_regions_unused_in</span> <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">rs</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">r</span> <span class="pl-c1">.</span> <span class="pl-smi">Set.</span><span class="pl-en">mem</span> <span class="pl-en">r</span> <span class="pl-en">rs</span> <span class="pl-c1">==&gt;</span> <span class="pl-c1">(~</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h</span> <span class="pl-en">r</span><span class="pl-c1">))))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_unused_in</span> <span class="pl-en">c</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-en">loc_regions</span> <span class="pl-c1">false</span> <span class="pl-en">rs</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_addresses_unused_in</span> <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span> <span class="pl-c1">.</span> <span class="pl-smi">Set.</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">a</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">does_not_contain_addr</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">,</span> <span class="pl-en">x</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_unused_in</span> <span class="pl-en">c</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-en">loc_addresses</span> <span class="pl-c1">false</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_addresses_not_unused_in</span> <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span> <span class="pl-c1">.</span> <span class="pl-smi">Set.</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">a</span> <span class="pl-c1">==&gt;</span> <span class="pl-c1">~</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">does_not_contain_addr</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">,</span> <span class="pl-en">x</span><span class="pl-c1">))))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_not_unused_in</span> <span class="pl-en">c</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-en">loc_addresses</span> <span class="pl-c1">false</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_unused_in_not_unused_in_disjoint</span> <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">loc_unused_in</span> <span class="pl-en">c</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">loc_disjoint</span><span class="pl-c1">`</span> <span class="pl-en">loc_not_unused_in</span> <span class="pl-en">c</span> <span class="pl-en">h</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">not_live_region_loc_not_unused_in_disjoint</span>
+  <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h0</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(~</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">live_region</span> <span class="pl-en">h0</span> <span class="pl-en">r</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-c1">(</span><span class="pl-en">loc_region_only</span> <span class="pl-c1">false</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_not_unused_in</span> <span class="pl-en">c</span> <span class="pl-en">h0</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_address_liveness_insensitive_unused_in</span>
+  <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">address_liveness_insensitive_locs</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_not_unused_in</span> <span class="pl-en">c</span> <span class="pl-en">h'</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-en">loc_not_unused_in</span> <span class="pl-en">c</span> <span class="pl-en">h</span> <span class="pl-c1">/\</span> <span class="pl-en">loc_unused_in</span> <span class="pl-en">c</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-en">loc_unused_in</span> <span class="pl-en">c</span> <span class="pl-en">h'</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_only_not_unused_in</span>
+  <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_unused_in</span> <span class="pl-en">c</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">loc_union</span><span class="pl-c1">`</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">l</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">modifies_only_live_addresses</span>
+  <span class="pl-c1">(#</span><span class="pl-en">aloc</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">aloc</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span>
+    <span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-c1">false</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">/\</span>
+    <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span> <span class="pl-c1">.</span> <span class="pl-smi">Set.</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">a</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">does_not_contain_addr</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">,</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">l</span> <span class="pl-en">h</span> <span class="pl-en">h'</span><span class="pl-c1">))</span>
+<span class="pl-c1">=</span> <span class="pl-en">loc_addresses_unused_in</span> <span class="pl-en">c</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-en">h</span><span class="pl-c1">;</span>
+  <span class="pl-en">loc_includes_refl</span> <span class="pl-en">l</span><span class="pl-c1">;</span>
+  <span class="pl-en">loc_includes_union_l</span> <span class="pl-c1">(</span><span class="pl-en">loc_unused_in</span> <span class="pl-en">c</span> <span class="pl-en">h</span><span class="pl-c1">)</span> <span class="pl-en">l</span> <span class="pl-en">l</span><span class="pl-c1">;</span>
+  <span class="pl-en">loc_includes_union_l</span> <span class="pl-c1">(</span><span class="pl-en">loc_unused_in</span> <span class="pl-en">c</span> <span class="pl-en">h</span><span class="pl-c1">)</span> <span class="pl-en">l</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-c1">false</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">);</span>
+  <span class="pl-en">loc_includes_union_r</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-c1">(</span><span class="pl-en">loc_unused_in</span> <span class="pl-en">c</span> <span class="pl-en">h</span><span class="pl-c1">)</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-c1">false</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">l</span><span class="pl-c1">;</span>
+  <span class="pl-en">modifies_loc_includes</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-c1">(</span><span class="pl-en">loc_unused_in</span> <span class="pl-en">c</span> <span class="pl-en">h</span><span class="pl-c1">)</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-en">h</span> <span class="pl-en">h'</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-c1">false</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">l</span><span class="pl-c1">);</span>
+  <span class="pl-en">modifies_only_not_unused_in</span> <span class="pl-en">l</span> <span class="pl-en">h</span> <span class="pl-en">h'</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mreference_live_loc_not_unused_in</span>
+  <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">pre</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">t</span> <span class="pl-en">pre</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-smi">HS.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_not_unused_in</span> <span class="pl-en">c</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-en">loc_freed_mreference</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span> <span class="pl-en">loc_not_unused_in</span> <span class="pl-en">c</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-en">loc_mreference</span> <span class="pl-en">r</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mreference_unused_in_loc_unused_in</span>
+  <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">pre</span><span class="pl-c1">:</span> <span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mreference</span> <span class="pl-en">t</span> <span class="pl-en">pre</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-smi">HS.</span><span class="pl-en">unused_in</span><span class="pl-c1">`</span> <span class="pl-en">h</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">loc_unused_in</span> <span class="pl-en">c</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-en">loc_freed_mreference</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span> <span class="pl-en">loc_unused_in</span> <span class="pl-en">c</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-en">loc_mreference</span> <span class="pl-en">r</span><span class="pl-c1">))</span></pre></div>
+<ul>
+<li>Compositionality</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">aloc_union</span><span class="pl-c1">:</span> <span class="pl-c1">(bool</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">aloc_t</span> <span class="pl-c1">u#</span><span class="pl-en">x</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">aloc_t</span> <span class="pl-c1">u#</span><span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">cls_union</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">(bool</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">aloc_t</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-c1">((</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">cls</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">))))</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">cls</span> <span class="pl-c1">(</span><span class="pl-en">aloc_union</span> <span class="pl-en">a</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">union_loc_of_loc</span> <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-c1">(bool</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">aloc_t</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">cls</span> <span class="pl-c1">(</span><span class="pl-en">al</span> <span class="pl-en">b</span><span class="pl-c1">)))</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-c1">(</span><span class="pl-en">c</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">loc</span> <span class="pl-c1">(</span><span class="pl-en">cls_union</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">union_loc_of_loc_none</span>
+  <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-c1">(bool</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">aloc_t</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">cls</span> <span class="pl-c1">(</span><span class="pl-en">al</span> <span class="pl-en">b</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">union_loc_of_loc</span> <span class="pl-en">c</span> <span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">loc_none</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#(</span><span class="pl-en">c</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">==</span> <span class="pl-en">loc_none</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#(</span><span class="pl-en">cls_union</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">union_loc_of_loc_union</span>
+  <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-c1">(bool</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">aloc_t</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">cls</span> <span class="pl-c1">(</span><span class="pl-en">al</span> <span class="pl-en">b</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-c1">(</span><span class="pl-en">c</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">union_loc_of_loc</span> <span class="pl-en">c</span> <span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#(</span><span class="pl-en">c</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">loc_union</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#(</span><span class="pl-en">cls_union</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">union_loc_of_loc</span> <span class="pl-en">c</span> <span class="pl-en">b</span> <span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">union_loc_of_loc</span> <span class="pl-en">c</span> <span class="pl-en">b</span> <span class="pl-en">l2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">union_loc_of_loc_addresses</span>
+  <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-c1">(bool</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">aloc_t</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">cls</span> <span class="pl-c1">(</span><span class="pl-en">al</span> <span class="pl-en">b</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">union_loc_of_loc</span> <span class="pl-en">c</span> <span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#(</span><span class="pl-en">c</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">r</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">loc_addresses</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#(</span><span class="pl-en">cls_union</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">r</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">union_loc_of_loc_regions</span>
+  <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-c1">(bool</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">aloc_t</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">cls</span> <span class="pl-c1">(</span><span class="pl-en">al</span> <span class="pl-en">b</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">union_loc_of_loc</span> <span class="pl-en">c</span> <span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#(</span><span class="pl-en">c</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">loc_regions</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#(</span><span class="pl-en">cls_union</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">r</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">union_loc_of_loc_includes</span>
+  <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-c1">(bool</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">aloc_t</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">cls</span> <span class="pl-c1">(</span><span class="pl-en">al</span> <span class="pl-en">b</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-c1">(</span><span class="pl-en">c</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">union_loc_of_loc</span> <span class="pl-en">c</span> <span class="pl-en">b</span> <span class="pl-en">s1</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-en">union_loc_of_loc</span> <span class="pl-en">c</span> <span class="pl-en">b</span> <span class="pl-en">s2</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">s1</span> <span class="pl-c1">`</span><span class="pl-en">loc_includes</span><span class="pl-c1">`</span> <span class="pl-en">s2</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">union_loc_of_loc_disjoint</span>
+  <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-c1">(bool</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">aloc_t</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">cls</span> <span class="pl-c1">(</span><span class="pl-en">al</span> <span class="pl-en">b</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-c1">(</span><span class="pl-en">c</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">union_loc_of_loc</span> <span class="pl-en">c</span> <span class="pl-en">b</span> <span class="pl-en">s1</span> <span class="pl-c1">`</span><span class="pl-en">loc_disjoint</span><span class="pl-c1">`</span> <span class="pl-en">union_loc_of_loc</span> <span class="pl-en">c</span> <span class="pl-en">b</span> <span class="pl-en">s2</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">s1</span> <span class="pl-c1">`</span><span class="pl-en">loc_disjoint</span><span class="pl-c1">`</span> <span class="pl-en">s2</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_union_loc_of_loc</span>
+  <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-c1">(bool</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">aloc_t</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">cls</span> <span class="pl-c1">(</span><span class="pl-en">al</span> <span class="pl-en">b</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-c1">(</span><span class="pl-en">c</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#(</span><span class="pl-en">cls_union</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">union_loc_of_loc</span> <span class="pl-en">c</span> <span class="pl-en">b</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">modifies</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#(</span><span class="pl-en">c</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">l</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_of_union_loc</span>
+  <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-c1">(bool</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">aloc_t</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-c1">((</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">cls</span> <span class="pl-c1">(</span><span class="pl-en">al</span> <span class="pl-en">b</span><span class="pl-c1">))))</span>
+  <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-c1">(</span><span class="pl-en">cls_union</span> <span class="pl-en">c</span><span class="pl-c1">))</span>
+<span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">loc</span> <span class="pl-c1">(</span><span class="pl-en">c</span> <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_of_union_loc_union_loc_of_loc</span>
+  <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-c1">(bool</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type))</span>
+  <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-c1">((</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">cls</span> <span class="pl-c1">(</span><span class="pl-en">al</span> <span class="pl-en">b</span><span class="pl-c1">))))</span>
+  <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-c1">(</span><span class="pl-en">c</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">loc_of_union_loc</span> <span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">union_loc_of_loc</span> <span class="pl-en">c</span> <span class="pl-en">b</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">s</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_of_union_loc_none</span>
+  <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-c1">(bool</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">aloc_t</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-c1">((</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">cls</span> <span class="pl-c1">(</span><span class="pl-en">al</span> <span class="pl-en">b</span><span class="pl-c1">))))</span>
+  <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">loc_of_union_loc</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-en">b</span> <span class="pl-en">loc_none</span> <span class="pl-c1">==</span> <span class="pl-en">loc_none</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_of_union_loc_union</span>
+  <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-c1">(bool</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">aloc_t</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-c1">((</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">cls</span> <span class="pl-c1">(</span><span class="pl-en">al</span> <span class="pl-en">b</span><span class="pl-c1">))))</span>
+  <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-c1">(</span><span class="pl-en">cls_union</span> <span class="pl-en">c</span><span class="pl-c1">))</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">loc_of_union_loc</span> <span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-c1">`</span><span class="pl-en">loc_union</span><span class="pl-c1">`</span> <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">loc_of_union_loc</span> <span class="pl-en">b</span> <span class="pl-en">l1</span> <span class="pl-c1">`</span><span class="pl-en">loc_union</span><span class="pl-c1">`</span> <span class="pl-en">loc_of_union_loc</span> <span class="pl-en">b</span> <span class="pl-en">l2</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_of_union_loc_addresses</span>
+  <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-c1">(bool</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">aloc_t</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">cls</span> <span class="pl-c1">(</span><span class="pl-en">al</span> <span class="pl-en">b</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">loc_of_union_loc</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">r</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">loc_addresses</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">r</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">loc_of_union_loc_regions</span>
+  <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-c1">(bool</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">aloc_t</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">cls</span> <span class="pl-c1">(</span><span class="pl-en">al</span> <span class="pl-en">b</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">preserve_liveness</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">loc_of_union_loc</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">loc_regions</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">r</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<p>Universes</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">raise_aloc</span> <span class="pl-c1">(</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span> <span class="pl-c1">u#</span><span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">aloc_t</span> <span class="pl-c1">u#(</span><span class="pl-en">max</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">y</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">raise_cls</span> <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span> <span class="pl-c1">u#</span><span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">cls</span> <span class="pl-c1">(</span><span class="pl-en">raise_aloc</span> <span class="pl-c1">u#</span><span class="pl-en">x</span> <span class="pl-c1">u#</span><span class="pl-en">y</span> <span class="pl-en">al</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">raise_loc</span> <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span> <span class="pl-c1">u#</span><span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">loc</span> <span class="pl-c1">(</span><span class="pl-en">raise_cls</span> <span class="pl-c1">u#</span><span class="pl-en">x</span> <span class="pl-c1">u#</span><span class="pl-en">y</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">raise_loc_none</span> <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span> <span class="pl-c1">u#</span><span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">raise_loc</span> <span class="pl-c1">u#</span><span class="pl-en">x</span> <span class="pl-c1">u#</span><span class="pl-en">y</span> <span class="pl-c1">(</span><span class="pl-en">loc_none</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">loc_none</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">raise_loc_union</span> <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span> <span class="pl-c1">u#</span><span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">raise_loc</span> <span class="pl-c1">u#</span><span class="pl-en">x</span> <span class="pl-c1">u#</span><span class="pl-en">y</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">loc_union</span> <span class="pl-c1">(</span><span class="pl-en">raise_loc</span> <span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">raise_loc</span> <span class="pl-en">l2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">raise_loc_addresses</span> <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span> <span class="pl-c1">u#</span><span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">preserve_liveness</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">raise_loc</span> <span class="pl-c1">u#</span><span class="pl-en">x</span> <span class="pl-c1">u#</span><span class="pl-en">y</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">loc_addresses</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">raise_loc_regions</span> <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span> <span class="pl-c1">u#</span><span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">preserve_liveness</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">raise_loc</span> <span class="pl-c1">u#</span><span class="pl-en">x</span> <span class="pl-c1">u#</span><span class="pl-en">y</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">loc_regions</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">r</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">raise_loc_includes</span> <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span> <span class="pl-c1">u#</span><span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">loc_includes</span> <span class="pl-c1">(</span><span class="pl-en">raise_loc</span> <span class="pl-c1">u#</span><span class="pl-en">x</span> <span class="pl-c1">u#</span><span class="pl-en">y</span> <span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">raise_loc</span> <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">loc_includes</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">raise_loc_disjoint</span> <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span> <span class="pl-c1">u#</span><span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">loc_disjoint</span> <span class="pl-c1">(</span><span class="pl-en">raise_loc</span> <span class="pl-c1">u#</span><span class="pl-en">x</span> <span class="pl-c1">u#</span><span class="pl-en">y</span> <span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">raise_loc</span> <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">loc_disjoint</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_raise_loc</span> <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span> <span class="pl-c1">u#</span><span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">raise_loc</span> <span class="pl-c1">u#</span><span class="pl-en">x</span> <span class="pl-c1">u#</span><span class="pl-en">y</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">modifies</span> <span class="pl-en">l</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lower_loc</span> <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span> <span class="pl-c1">u#</span><span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-c1">(</span><span class="pl-en">raise_cls</span> <span class="pl-c1">u#</span><span class="pl-en">x</span> <span class="pl-c1">u#</span><span class="pl-en">y</span> <span class="pl-en">c</span><span class="pl-c1">))</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lower_loc_raise_loc</span> <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span> <span class="pl-c1">u#</span><span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">lower_loc</span> <span class="pl-c1">(</span><span class="pl-en">raise_loc</span> <span class="pl-c1">u#</span><span class="pl-en">x</span> <span class="pl-c1">u#</span><span class="pl-en">y</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">l</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">raise_loc_lower_loc</span> <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span> <span class="pl-c1">u#</span><span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-c1">(</span><span class="pl-en">raise_cls</span> <span class="pl-c1">u#</span><span class="pl-en">x</span> <span class="pl-c1">u#</span><span class="pl-en">y</span> <span class="pl-en">c</span><span class="pl-c1">))</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">raise_loc</span> <span class="pl-c1">(</span><span class="pl-en">lower_loc</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">l</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lower_loc_none</span> <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span> <span class="pl-c1">u#</span><span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">lower_loc</span> <span class="pl-c1">u#</span><span class="pl-en">x</span> <span class="pl-c1">u#</span><span class="pl-en">y</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-en">loc_none</span> <span class="pl-c1">==</span> <span class="pl-en">loc_none</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lower_loc_union</span> <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span> <span class="pl-c1">u#</span><span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">:</span> <span class="pl-en">loc</span> <span class="pl-c1">(</span><span class="pl-en">raise_cls</span> <span class="pl-c1">u#</span><span class="pl-en">x</span> <span class="pl-c1">u#</span><span class="pl-en">y</span> <span class="pl-en">c</span><span class="pl-c1">))</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">lower_loc</span> <span class="pl-c1">u#</span><span class="pl-en">x</span> <span class="pl-c1">u#</span><span class="pl-en">y</span> <span class="pl-c1">(</span><span class="pl-en">loc_union</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">loc_union</span> <span class="pl-c1">(</span><span class="pl-en">lower_loc</span> <span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">lower_loc</span> <span class="pl-en">l2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lower_loc_addresses</span> <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span> <span class="pl-c1">u#</span><span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">preserve_liveness</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">lower_loc</span> <span class="pl-c1">u#</span><span class="pl-en">x</span> <span class="pl-c1">u#</span><span class="pl-en">y</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">loc_addresses</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">loc_addresses</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">r</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lower_loc_regions</span> <span class="pl-c1">(#</span><span class="pl-en">al</span><span class="pl-c1">:</span> <span class="pl-en">aloc_t</span> <span class="pl-c1">u#</span><span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">cls</span> <span class="pl-en">al</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">preserve_liveness</span><span class="pl-c1">:</span> <span class="pl-c1">bool)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-smi">HS.</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">lower_loc</span> <span class="pl-c1">u#</span><span class="pl-en">x</span> <span class="pl-c1">u#</span><span class="pl-en">y</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">loc_regions</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">loc_regions</span> <span class="pl-en">preserve_liveness</span> <span class="pl-en">r</span><span class="pl-c1">)</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Monotonic.DependentMap.html b/docs/FStar.Monotonic.DependentMap.html
index ec2fa9e..b950c4a 100644
--- a/docs/FStar.Monotonic.DependentMap.html
+++ b/docs/FStar.Monotonic.DependentMap.html
@@ -1,55 +1,266 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Monotonic.DependentMap</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.monotonic.dependentmap">module FStar.Monotonic.DependentMap</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="ot">open</span> FStar<span class="kw">.</span>HyperStack<span class="kw">.</span>ST</code></pre></div>
-<p>A library for mutable partial, dependent maps, that grow monotonically, while subject to an invariant on the entire map</p>
+<h1>
+<a id="user-content-fstarmonotonicdependentmap" class="anchor" href="#fstarmonotonicdependentmap" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Monotonic.DependentMap</h1>
+<ul>
+<li>
+<p>Opens module <a href="FStar.HyperStack.ST.html">FStar.HyperStack.ST</a>
+A library for mutable partial, dependent maps,
+that grow monotonically,
+while subject to an invariant on the entire map</p>
+</li>
+<li>
+<p>Aliases module <a href="FStar.HyperStack.html"> FStar.HyperStack</a> as <code>HS  </code></p>
+</li>
+<li>
+<p>Aliases module <a href="FStar.DependentMap.html"> FStar.DependentMap</a> as <code>DM  </code></p>
+</li>
+<li>
+<p>Aliases module <a href="FStar.HyperStack.ST.html"> FStar.HyperStack.ST</a> as <code>HST </code></p>
+</li>
+</ul>
+<blockquote>
+<p>The logical model of the map is given in terms of DM.t///</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">opt</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span> <span class="pl-c1">=</span> <span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">option</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">partial_dependent_map</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span> <span class="pl-c1">=</span>
+    <span class="pl-smi">DM.</span><span class="pl-en">t</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">opt</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<p>An empty partial, dependent map maps all keys to None</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">empty_partial_dependent_map</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-c1">_</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-en">partial_dependent_map</span> <span class="pl-en">a</span> <span class="pl-en">b</span>
+  <span class="pl-c1">=</span> <span class="pl-smi">DM.</span><span class="pl-en">create</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#(</span><span class="pl-en">opt</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">None</span><span class="pl-c1">)</span></pre></div>
+<p>//////////////////////////////////////////////////////////////////////////////</p>
+<blockquote>
+<p><code>map a b</code>: Internally, the model is implemented using this abstract type
+These maps provide three operations:
+- empty, sel, upd
+Which are proven to be in correspondence with the operations on DM.t
+via the homomorphism <code>repr</code> below</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">map</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span>
+    <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">b</span><span class="pl-c1">))</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">b</span></pre></div>
+<blockquote>
+<p><code>repr m</code>: A ghost function that reveals the internal <code>map</code> as a <code>DM.t</code></p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">repr</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-c1">_</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">map</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">partial_dependent_map</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<p>An <code>empty : map a b</code> is equivalent to the <code>empty_partial_dependent_map</code></p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">empty</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-c1">_</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">map</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">{</span><span class="pl-en">repr</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-en">empty_partial_dependent_map</span><span class="pl-c1">}</span></pre></div>
+<blockquote>
+<p>Selecting a key from a map <code>sel r x</code> is equivalent to selecting it from its <code>repr</code></p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sel</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-c1">_</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">map</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">option</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">o</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">DM.</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-en">repr</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">o</span><span class="pl-c1">))</span></pre></div>
+<blockquote>
+<p>Updating a map using <code>upd r x v</code> is equivalent to updating its repr</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">upd</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-c1">_</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">map</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">r'</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">repr</span> <span class="pl-en">r'</span> <span class="pl-c1">==</span> <span class="pl-smi">DM.</span><span class="pl-en">upd</span> <span class="pl-c1">(</span><span class="pl-en">repr</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-c1">Some</span> <span class="pl-en">v</span><span class="pl-c1">)))</span></pre></div>
+<blockquote>
+<p><code>imap a b inv</code> further augments a map with an invariant on its repr</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">imap</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">inv</span><span class="pl-c1">:</span><span class="pl-smi">DM.</span><span class="pl-en">t</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">opt</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span> <span class="pl-c1">=</span>
+    <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">map</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">{</span><span class="pl-en">inv</span> <span class="pl-c1">(</span><span class="pl-en">repr</span> <span class="pl-en">r</span><span class="pl-c1">)}</span></pre></div>
+<blockquote>
+<p><code>grows r1 r2</code> is an abstract preorder on <code>imap</code></p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">grows</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">inv</span><span class="pl-c1">:</span><span class="pl-smi">DM.</span><span class="pl-en">t</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">opt</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">:</span> <span class="pl-smi">FStar.Preorder.</span><span class="pl-en">preorder</span> <span class="pl-c1">(</span><span class="pl-en">imap</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">inv</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<p>And, finally, the main type of this module:</p>
+<p><code>t r a b inv</code> is a mutable, imap stored in region <code>r</code> constrained
+to evolve according to <code>grows</code></p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">t</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">erid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">inv</span><span class="pl-c1">:</span><span class="pl-smi">DM.</span><span class="pl-en">t</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">opt</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span> <span class="pl-c1">=</span>
+    <span class="pl-en">m_rref</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">imap</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">inv</span><span class="pl-c1">)</span> <span class="pl-en">grows</span></pre></div>
+<blockquote>
+<p><code>defined t x h</code>: In state <code>h</code>, map <code>t</code> is defined at point <code>x</code>.
+- We define these in <code>Type</code> rather than <code>bool</code>
+since it is typical for client code to use <code>defined</code>
+as a stable heap predicate, which requires a <code>heap -&gt; Type</code></p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">defined</span>
+    <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">inv</span><span class="pl-c1">:</span><span class="pl-smi">DM.</span><span class="pl-en">t</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">opt</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">erid</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">inv</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type</span>
+  <span class="pl-c1">=</span> <span class="pl-c1">Some</span><span class="pl-c1">?</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<p><code>fresh t x h</code>: The map is not defined at point <code>x</code></p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">fresh</span>
+    <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">inv</span><span class="pl-c1">:</span><span class="pl-smi">DM.</span><span class="pl-en">t</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">opt</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">erid</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">inv</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span>
+  <span class="pl-c1">=</span> <span class="pl-c1">~</span> <span class="pl-c1">(</span><span class="pl-en">defined</span> <span class="pl-en">t</span> <span class="pl-en">x</span> <span class="pl-en">h</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<p><code>value_of t x h</code>: Get the value of <code>x</code> in the map <code>t</code> in state <code>h</code></p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">value_of</span>
+    <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">inv</span><span class="pl-c1">:</span><span class="pl-smi">DM.</span><span class="pl-en">t</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">opt</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">erid</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">inv</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">{</span><span class="pl-en">defined</span> <span class="pl-en">t</span> <span class="pl-en">x</span> <span class="pl-en">h</span><span class="pl-c1">})</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-c1">Some</span><span class="pl-c1">?.</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<p><code>contains t x y h</code>: In state <code>h</code>, <code>t</code> maps <code>x</code> to <code>y</code></p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">contains</span>
+    <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">inv</span><span class="pl-c1">:</span><span class="pl-smi">DM.</span><span class="pl-en">t</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">opt</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">erid</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">inv</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span>
+  <span class="pl-c1">=</span> <span class="pl-en">defined</span> <span class="pl-en">t</span> <span class="pl-en">x</span> <span class="pl-en">h</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">value_of</span> <span class="pl-en">t</span> <span class="pl-en">x</span> <span class="pl-en">h</span> <span class="pl-c1">==</span> <span class="pl-en">y</span></pre></div>
+<blockquote>
+<p><code>contains_stable</code>: The <code>contains</code> predicate is stable with respect to <code>grows</code></p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">contains_stable</span>
+    <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">inv</span><span class="pl-c1">:</span><span class="pl-smi">DM.</span><span class="pl-en">t</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">opt</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">erid</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">inv</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">stable_on_t</span> <span class="pl-en">t</span> <span class="pl-c1">(</span><span class="pl-en">contains</span> <span class="pl-en">t</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)))</span></pre></div>
+<blockquote>
+<p><code>defined_stable</code>: The <code>defined</code> predicate is stable with respect to <code>grows</code></p>
+<ul>
+<li>this is easily derivable from the previous lemma
+But, we provide it here as a convenience to clients</li>
+</ul>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">defined_stable</span>
+    <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">inv</span><span class="pl-c1">:</span><span class="pl-smi">DM.</span><span class="pl-en">t</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">opt</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">erid</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">inv</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">stable_on_t</span> <span class="pl-en">t</span> <span class="pl-c1">(</span><span class="pl-en">defined</span> <span class="pl-en">t</span> <span class="pl-en">x</span><span class="pl-c1">)))</span></pre></div>
+<p>//////////////////////////////////////////////////////////////////////////////
+Interface of stateful operations
+//////////////////////////////////////////////////////////////////////////////</p>
+<blockquote>
+<p><code>alloc ()</code>: Allocating a new <code>t</code> requires proving the <code>inv</code> of the empty map</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">alloc</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">inv</span><span class="pl-c1">:</span><span class="pl-smi">DM.</span><span class="pl-en">t</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">opt</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">erid</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-c1">_</span><span class="pl-c1">:unit{</span><span class="pl-en">inv</span> <span class="pl-c1">(</span><span class="pl-en">repr</span> <span class="pl-en">empty</span><span class="pl-c1">)})</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">ST</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">inv</span><span class="pl-c1">)</span>
+       <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">HyperStack.ST.</span><span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">region_contains_pred</span> <span class="pl-en">r</span><span class="pl-c1">)))</span>
+       <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-en">x</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span>
+         <span class="pl-en">ralloc_post</span> <span class="pl-en">r</span> <span class="pl-en">empty</span> <span class="pl-en">h0</span> <span class="pl-en">x</span> <span class="pl-en">h1</span><span class="pl-c1">))</span></pre></div>
+<blockquote>
+<p><code>extend t x y</code>: Extending <code>t</code> with (x -&gt; y)
+Requires: - proving that the <code>t</code> does not already define <code>x</code>
+- and that the resulting heap would still respect <code>inv</code>
+Ensures:  - that only <code>t</code> is modified
+- by updating it to contain <code>(x -&gt; y)</code>
+- and in the future <code>t</code> will always contain <code>(x -&gt; y)</code></p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">extend</span>
+    <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">inv</span><span class="pl-c1">:</span><span class="pl-smi">DM.</span><span class="pl-en">t</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">opt</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">erid</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">inv</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Stack</span> <span class="pl-c1">unit</span>
+       <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h</span> <span class="pl-c1">-&gt;</span>
+         <span class="pl-c1">~(</span><span class="pl-en">defined</span> <span class="pl-en">t</span> <span class="pl-en">x</span> <span class="pl-en">h</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+         <span class="pl-en">inv</span> <span class="pl-c1">(</span><span class="pl-en">repr</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">))))</span>
+       <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-en">u</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span>
+         <span class="pl-k">let</span> <span class="pl-en">cur</span> <span class="pl-c1">=</span> <span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h0</span> <span class="pl-en">t</span> <span class="pl-k">in</span>
+         <span class="pl-smi">HS.</span><span class="pl-en">contains</span> <span class="pl-en">h1</span> <span class="pl-en">t</span> <span class="pl-c1">/\</span>
+         <span class="pl-smi">HS.</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">singleton</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span>
+         <span class="pl-smi">HS.</span><span class="pl-en">modifies_ref</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">singleton</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">as_addr</span> <span class="pl-en">t</span><span class="pl-c1">))</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span>
+         <span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h1</span> <span class="pl-en">t</span> <span class="pl-c1">==</span> <span class="pl-en">upd</span> <span class="pl-en">cur</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">/\</span>
+         <span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">contains</span> <span class="pl-en">t</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)))</span></pre></div>
+<blockquote>
+<p><code>lookup t x</code>: Querying the map <code>t</code> at point <code>x</code>
+Ensures: - The state does not change
+- If it returns <code>Some v</code>, then <code>t</code> will always contains <code>x -&gt; v</code></p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lookup</span>
+    <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">inv</span><span class="pl-c1">:</span><span class="pl-smi">DM.</span><span class="pl-en">t</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">opt</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">erid</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">inv</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">ST</span> <span class="pl-c1">(</span><span class="pl-en">option</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+       <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span>
+       <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-en">y</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span>
+         <span class="pl-en">h0</span><span class="pl-c1">==</span><span class="pl-en">h1</span> <span class="pl-c1">/\</span>
+         <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h1</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-en">x</span> <span class="pl-c1">/\</span>
+         <span class="pl-c1">(</span><span class="pl-k">match</span> <span class="pl-en">y</span> <span class="pl-k">with</span>
+          <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">~(</span><span class="pl-en">defined</span> <span class="pl-en">t</span> <span class="pl-en">x</span> <span class="pl-en">h1</span><span class="pl-c1">)</span>
+          <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">v</span> <span class="pl-c1">-&gt;</span>
+            <span class="pl-en">contains</span> <span class="pl-en">t</span> <span class="pl-en">x</span> <span class="pl-en">v</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span>
+            <span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">contains</span> <span class="pl-en">t</span> <span class="pl-en">x</span> <span class="pl-en">v</span><span class="pl-c1">))))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">forall_t</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">inv</span><span class="pl-c1">:</span><span class="pl-smi">DM.</span><span class="pl-en">t</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">opt</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">erid</span><span class="pl-c1">)</span>
+             <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">inv</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">pred</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0)</span>
+  <span class="pl-c1">=</span> <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">\/</span> <span class="pl-c1">(</span><span class="pl-smi">DM.</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-en">repr</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">t</span><span class="pl-c1">))</span> <span class="pl-en">x</span><span class="pl-c1">)}</span>
+            <span class="pl-en">defined</span> <span class="pl-en">t</span> <span class="pl-en">x</span> <span class="pl-en">h</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">pred</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-c1">Some</span><span class="pl-c1">?.</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">f_opt</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span> <span class="pl-c1">#</span><span class="pl-en">c</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">:(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">option</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">option</span> <span class="pl-c1">(</span><span class="pl-en">c</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">match</span> <span class="pl-en">y</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">None</span>   <span class="pl-c1">-&gt;</span> <span class="pl-c1">None</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Some</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mmap_f</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span> <span class="pl-c1">#</span><span class="pl-en">c</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">map</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">m'</span><span class="pl-c1">:(</span><span class="pl-en">map</span> <span class="pl-en">a</span> <span class="pl-en">c</span><span class="pl-c1">){</span><span class="pl-en">repr</span> <span class="pl-en">m'</span> <span class="pl-c1">==</span> <span class="pl-smi">DM.</span><span class="pl-en">map</span> <span class="pl-c1">(</span><span class="pl-en">f_opt</span> <span class="pl-en">f</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">repr</span> <span class="pl-en">m</span><span class="pl-c1">)})</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">map_f</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span> <span class="pl-c1">#</span><span class="pl-en">c</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span>
+          <span class="pl-c1">(#</span><span class="pl-en">inv</span><span class="pl-c1">:</span><span class="pl-smi">DM.</span><span class="pl-en">t</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">opt</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">inv'</span><span class="pl-c1">:</span><span class="pl-smi">DM.</span><span class="pl-en">t</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">opt</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">r</span> <span class="pl-c1">#</span><span class="pl-en">r'</span><span class="pl-c1">:</span><span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">erid</span><span class="pl-c1">)</span>
+          <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">inv</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+      <span class="pl-c1">:</span><span class="pl-c1">ST</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-en">r'</span> <span class="pl-en">a</span> <span class="pl-en">c</span> <span class="pl-en">inv'</span><span class="pl-c1">)</span>
+          <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">inv'</span> <span class="pl-c1">(</span><span class="pl-smi">DM.</span><span class="pl-en">map</span> <span class="pl-c1">(</span><span class="pl-en">f_opt</span> <span class="pl-en">f</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">repr</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h0</span> <span class="pl-en">m</span><span class="pl-c1">)))</span> <span class="pl-c1">/\</span> <span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">region_contains_pred</span> <span class="pl-en">r'</span><span class="pl-c1">)))</span>
+          <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-en">m'</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span>
+                     <span class="pl-en">inv'</span> <span class="pl-c1">(</span><span class="pl-smi">DM.</span><span class="pl-en">map</span> <span class="pl-c1">(</span><span class="pl-en">f_opt</span> <span class="pl-en">f</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">repr</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h0</span> <span class="pl-en">m</span><span class="pl-c1">)))</span> <span class="pl-c1">/\</span>  <span class="pl-c">//AR: surprised that even after the fix for #57, we need this repetetion from the requires clause</span>
+                     <span class="pl-en">ralloc_post</span> <span class="pl-en">r'</span> <span class="pl-c1">(</span><span class="pl-en">mmap_f</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h0</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-en">f</span><span class="pl-c1">)</span> <span class="pl-en">h0</span> <span class="pl-en">m'</span> <span class="pl-en">h1</span><span class="pl-c1">))</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Monotonic.Heap.html b/docs/FStar.Monotonic.Heap.html
index be03f76..472ec6e 100644
--- a/docs/FStar.Monotonic.Heap.html
+++ b/docs/FStar.Monotonic.Heap.html
@@ -1,54 +1,347 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Monotonic.Heap</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.monotonic.heap">module FStar.Monotonic.Heap</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">* Untyped views <span class="kw">of</span> monotonic references </code></pre></div>
+<h1>
+<a id="user-content-fstarmonotonicheap" class="anchor" href="#fstarmonotonicheap" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Monotonic.Heap</h1>
+<ul>
+<li>
+<p>Aliases module <a href="FStar.Set.html"> FStar.Set</a> as <code>S  </code></p>
+</li>
+<li>
+<p>Aliases module <a href="FStar.TSet.html"> FStar.TSet</a> as <code>TS </code></p>
+</li>
+<li>
+<p>Opens module <a href="FStar.Preorder.html">FStar.Preorder</a></p>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">set</span>  <span class="pl-c1">=</span> <span class="pl-smi">Set.</span><span class="pl-en">set</span>
+<span class="pl-k">let</span> <span class="pl-en">tset</span> <span class="pl-c1">=</span> <span class="pl-smi">TSet.</span><span class="pl-en">set</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">heap</span> <span class="pl-c1">:Type</span> <span class="pl-c1">u#</span><span class="pl-c1">1</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">equal</span><span class="pl-c1">:</span> <span class="pl-en">heap</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">heap</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">equal_extensional</span> <span class="pl-c1">(</span><span class="pl-en">h1</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h2</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">h1</span> <span class="pl-c1">==</span> <span class="pl-en">h2</span><span class="pl-c1">))</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">emp</span> <span class="pl-c1">:</span><span class="pl-en">heap</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">next_addr</span><span class="pl-c1">:</span> <span class="pl-en">heap</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">pos</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@ <span class="pl-en">remove_unused_type_parameters</span> <span class="pl-c1">[</span><span class="pl-c1">1</span><span class="pl-c1">]]</span>
+<span class="pl-k">val</span> <span class="pl-en">mref</span> <span class="pl-c1">([</span>@@@ <span class="pl-en">strictly_positive</span><span class="pl-c1">]</span> <span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">([</span>@@@ <span class="pl-en">strictly_positive</span><span class="pl-c1">]</span> <span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:Type0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">addr_of</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">pos</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">is_mm</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">bool</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">compare_addrs</span> <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel1</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">rel2</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r1</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r2</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">b</span> <span class="pl-en">rel2</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">GTot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">addr_of</span> <span class="pl-en">r1</span> <span class="pl-c1">=</span> <span class="pl-en">addr_of</span> <span class="pl-en">r2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">contains</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">heap</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">addr_unused_in</span><span class="pl-c1">:</span> <span class="pl-c1">nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">heap</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">not_addr_unused_in_nullptr</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(~</span> <span class="pl-c1">(</span><span class="pl-en">addr_unused_in</span> <span class="pl-c1">0</span> <span class="pl-en">h</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">unused_in</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">heap</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">fresh</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h0</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h1</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">unused_in</span><span class="pl-c1">`</span> <span class="pl-en">h0</span> <span class="pl-c1">/\</span> <span class="pl-en">h1</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">only_t</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">tset</span> <span class="pl-c1">nat)</span> <span class="pl-c1">=</span> <span class="pl-smi">TS.</span><span class="pl-en">singleton</span> <span class="pl-c1">(</span><span class="pl-en">addr_of</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">only</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span> <span class="pl-c1">=</span> <span class="pl-smi">S.</span><span class="pl-en">singleton</span> <span class="pl-c1">(</span><span class="pl-en">addr_of</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">op_Hat_Plus_Plus</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span> <span class="pl-c1">:</span><span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span> <span class="pl-c1">=</span> <span class="pl-smi">S.</span><span class="pl-en">union</span> <span class="pl-c1">(</span><span class="pl-en">only</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">s</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">op_Plus_Plus_Hat</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span> <span class="pl-c1">=</span> <span class="pl-smi">S.</span><span class="pl-en">union</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-en">only</span> <span class="pl-en">r</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">op_Hat_Plus_Hat</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel1</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">rel2</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r1</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r2</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">b</span> <span class="pl-en">rel2</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span> <span class="pl-c1">=</span> <span class="pl-smi">S.</span><span class="pl-en">union</span> <span class="pl-c1">(</span><span class="pl-en">only</span> <span class="pl-en">r1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">only</span> <span class="pl-en">r2</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sel_tot</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">{</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sel</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">heap</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">upd_tot</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">{</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">heap</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">upd</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-en">heap</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">alloc</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type0</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">heap</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mm</span><span class="pl-c1">:bool</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span> * <span class="pl-en">heap</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">free_mm</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">{</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span> <span class="pl-en">is_mm</span> <span class="pl-en">r</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">heap</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">modifies_t</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">tset</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">h0</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h1</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">).{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-en">h1</span> <span class="pl-en">r</span><span class="pl-c1">)}</span>
+                               <span class="pl-c1">((~</span> <span class="pl-c1">(</span><span class="pl-smi">TS.</span><span class="pl-en">mem</span> <span class="pl-c1">(</span><span class="pl-en">addr_of</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">s</span><span class="pl-c1">))</span> <span class="pl-c1">/\</span> <span class="pl-en">h0</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">sel</span> <span class="pl-en">h1</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-en">sel</span> <span class="pl-en">h0</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+  <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">).{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">contains</span> <span class="pl-en">h1</span> <span class="pl-en">r</span><span class="pl-c1">)}</span>
+                               <span class="pl-en">h0</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">h1</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+  <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">).{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">unused_in</span><span class="pl-c1">`</span> <span class="pl-en">h0</span><span class="pl-c1">)}</span>
+                               <span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">unused_in</span><span class="pl-c1">`</span> <span class="pl-en">h1</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">unused_in</span><span class="pl-c1">`</span> <span class="pl-en">h0</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+  <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">.</span> <span class="pl-c1">{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">`</span><span class="pl-en">addr_unused_in</span><span class="pl-c1">`</span> <span class="pl-en">h0</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+    <span class="pl-en">n</span> <span class="pl-c1">`</span><span class="pl-en">addr_unused_in</span><span class="pl-c1">`</span> <span class="pl-en">h1</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">n</span> <span class="pl-c1">`</span><span class="pl-en">addr_unused_in</span><span class="pl-c1">`</span> <span class="pl-en">h0</span>
+  <span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">h0</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h1</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">modifies_t</span> <span class="pl-c1">(</span><span class="pl-smi">TS.</span><span class="pl-en">tset_of_set</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">equal_dom</span> <span class="pl-c1">(</span><span class="pl-en">h1</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h2</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">).</span>
+     <span class="pl-c1">{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">h1</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">\/</span> <span class="pl-c1">(</span><span class="pl-en">h2</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">)}</span>
+     <span class="pl-en">h1</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">h2</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+  <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">).</span>
+     <span class="pl-c1">{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">unused_in</span><span class="pl-c1">`</span> <span class="pl-en">h1</span><span class="pl-c1">)</span> <span class="pl-c1">\/</span> <span class="pl-c1">(</span><span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">unused_in</span><span class="pl-c1">`</span> <span class="pl-en">h2</span><span class="pl-c1">)}</span>
+     <span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">unused_in</span><span class="pl-c1">`</span> <span class="pl-en">h1</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">unused_in</span><span class="pl-c1">`</span> <span class="pl-en">h2</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_ref_unused_iff_addr_unused</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">unused_in</span><span class="pl-c1">`</span> <span class="pl-en">h</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">addr_of</span> <span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">addr_unused_in</span><span class="pl-c1">`</span> <span class="pl-en">h</span><span class="pl-c1">))</span>
+     <span class="pl-c1">[</span><span class="pl-k">SMTPatOr</span> <span class="pl-c1">[[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">unused_in</span><span class="pl-c1">`</span> <span class="pl-en">h</span><span class="pl-c1">)];</span> <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">addr_of</span> <span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">addr_unused_in</span><span class="pl-c1">`</span> <span class="pl-en">h</span><span class="pl-c1">)]]]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_contains_implies_used</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(~</span> <span class="pl-c1">(</span><span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">unused_in</span><span class="pl-c1">`</span> <span class="pl-en">h</span><span class="pl-c1">)))</span>
+     <span class="pl-c1">[</span><span class="pl-k">SMTPatOr</span> <span class="pl-c1">[[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">)];</span> <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">unused_in</span><span class="pl-c1">`</span> <span class="pl-en">h</span><span class="pl-c1">)]]]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_distinct_addrs_distinct_types</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel1</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">rel2</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r1</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r2</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">b</span> <span class="pl-en">rel2</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">=</span>!<span class="pl-c1">=</span> <span class="pl-en">b</span> <span class="pl-c1">/\</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r1</span> <span class="pl-c1">/\</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r2</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">addr_of</span> <span class="pl-en">r1</span> &lt;&gt; <span class="pl-en">addr_of</span> <span class="pl-en">r2</span><span class="pl-c1">))</span>
+     <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r1</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r2</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_distinct_addrs_distinct_preorders</span> <span class="pl-c1">(</span><span class="pl-en">u</span><span class="pl-c1">:unit)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">rel1</span> <span class="pl-en">rel2</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r1</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r2</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">).</span>
+            <span class="pl-c1">{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r1</span><span class="pl-c1">);</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r2</span><span class="pl-c1">)}</span>
+        <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r1</span> <span class="pl-c1">/\</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r2</span> <span class="pl-c1">/\</span> <span class="pl-en">rel1</span> <span class="pl-c1">=</span>!<span class="pl-c1">=</span> <span class="pl-en">rel2</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">addr_of</span> <span class="pl-en">r1</span> &lt;&gt; <span class="pl-en">addr_of</span> <span class="pl-en">r2</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_distinct_addrs_distinct_mm</span> <span class="pl-c1">(</span><span class="pl-en">u</span><span class="pl-c1">:unit)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">rel1</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">rel2</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r1</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r2</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">b</span> <span class="pl-en">rel2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">).</span>
+            <span class="pl-c1">{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r1</span><span class="pl-c1">);</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r2</span><span class="pl-c1">)}</span>
+        <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r1</span> <span class="pl-c1">/\</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r2</span> <span class="pl-c1">/\</span> <span class="pl-en">is_mm</span> <span class="pl-en">r1</span> <span class="pl-c1">=</span>!<span class="pl-c1">=</span> <span class="pl-en">is_mm</span> <span class="pl-en">r2</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">addr_of</span> <span class="pl-en">r1</span> &lt;&gt; <span class="pl-en">addr_of</span> <span class="pl-en">r2</span><span class="pl-c1">)</span></pre></div>
+<ul>
+<li>AR: this is a bit surprising. i had to add ~ (r1 === r2) postcondition to make the lemma</li>
+<li>lemma_live_1 in hyperstack to go through. if addr_of r1 &lt;&gt; addr_of r2, shouldn't we get ~ (r1 === r2)</li>
+<li>automatically? should dig into smt encoding to figure.</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_distinct_addrs_unused</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel1</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">rel2</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r1</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r2</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">b</span> <span class="pl-en">rel2</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">r1</span> <span class="pl-c1">`</span><span class="pl-en">unused_in</span><span class="pl-c1">`</span> <span class="pl-en">h</span> <span class="pl-c1">/\</span> <span class="pl-c1">~</span> <span class="pl-c1">(</span><span class="pl-en">r2</span> <span class="pl-c1">`</span><span class="pl-en">unused_in</span><span class="pl-c1">`</span> <span class="pl-en">h</span><span class="pl-c1">)))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">addr_of</span> <span class="pl-en">r1</span> &lt;&gt; <span class="pl-en">addr_of</span> <span class="pl-en">r2</span> <span class="pl-c1">/\</span> <span class="pl-c1">(~</span> <span class="pl-c1">(</span><span class="pl-en">r1</span> <span class="pl-c1">===</span> <span class="pl-en">r2</span><span class="pl-c1">))))</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">r1</span> <span class="pl-c1">`</span><span class="pl-en">unused_in</span><span class="pl-c1">`</span> <span class="pl-en">h</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">r2</span> <span class="pl-c1">`</span><span class="pl-en">unused_in</span><span class="pl-c1">`</span> <span class="pl-en">h</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_alloc</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h0</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">mm</span><span class="pl-c1">:bool)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-en">r</span><span class="pl-c1">,</span> <span class="pl-en">h1</span> <span class="pl-c1">=</span> <span class="pl-en">alloc</span> <span class="pl-en">rel</span> <span class="pl-en">h0</span> <span class="pl-en">x</span> <span class="pl-en">mm</span> <span class="pl-k">in</span>
+                    <span class="pl-en">fresh</span> <span class="pl-en">r</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span> <span class="pl-en">h1</span> <span class="pl-c1">==</span> <span class="pl-en">upd</span> <span class="pl-en">h0</span> <span class="pl-en">r</span> <span class="pl-en">x</span> <span class="pl-c1">/\</span> <span class="pl-en">is_mm</span> <span class="pl-en">r</span> <span class="pl-c1">=</span> <span class="pl-en">mm</span> <span class="pl-c1">/\</span> <span class="pl-en">addr_of</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-en">next_addr</span> <span class="pl-en">h0</span><span class="pl-c1">))</span>
+     <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">alloc</span> <span class="pl-en">rel</span> <span class="pl-en">h0</span> <span class="pl-en">x</span> <span class="pl-en">mm</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_free_mm_sel</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel1</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">rel2</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h0</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r1</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel1</span><span class="pl-c1">{</span><span class="pl-en">h0</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r1</span> <span class="pl-c1">/\</span> <span class="pl-en">is_mm</span> <span class="pl-en">r1</span><span class="pl-c1">})</span> <span class="pl-c1">(</span><span class="pl-en">r2</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">b</span> <span class="pl-en">rel2</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">addr_of</span> <span class="pl-en">r2</span> &lt;&gt; <span class="pl-en">addr_of</span> <span class="pl-en">r1</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">sel</span> <span class="pl-en">h0</span> <span class="pl-en">r2</span> <span class="pl-c1">==</span> <span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-en">free_mm</span> <span class="pl-en">h0</span> <span class="pl-en">r1</span><span class="pl-c1">)</span> <span class="pl-en">r2</span><span class="pl-c1">))</span>
+     <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-en">free_mm</span> <span class="pl-en">h0</span> <span class="pl-en">r1</span><span class="pl-c1">)</span> <span class="pl-en">r2</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_free_mm_contains</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel1</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">rel2</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h0</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r1</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel1</span><span class="pl-c1">{</span><span class="pl-en">h0</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r1</span> <span class="pl-c1">/\</span> <span class="pl-en">is_mm</span> <span class="pl-en">r1</span><span class="pl-c1">})</span> <span class="pl-c1">(</span><span class="pl-en">r2</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">b</span> <span class="pl-en">rel2</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-en">h1</span> <span class="pl-c1">=</span> <span class="pl-en">free_mm</span> <span class="pl-en">h0</span> <span class="pl-en">r1</span> <span class="pl-k">in</span>
+                <span class="pl-c1">(</span><span class="pl-en">addr_of</span> <span class="pl-en">r2</span> &lt;&gt; <span class="pl-en">addr_of</span> <span class="pl-en">r1</span> <span class="pl-c1">/\</span> <span class="pl-en">h0</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r2</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">h1</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r2</span><span class="pl-c1">))</span>
+     <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">((</span><span class="pl-en">free_mm</span> <span class="pl-en">h0</span> <span class="pl-en">r1</span><span class="pl-c1">)</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r2</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_free_mm_unused</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel1</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">rel2</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h0</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r1</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel1</span><span class="pl-c1">{</span><span class="pl-en">h0</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r1</span> <span class="pl-c1">/\</span> <span class="pl-en">is_mm</span> <span class="pl-en">r1</span><span class="pl-c1">})</span> <span class="pl-c1">(</span><span class="pl-en">r2</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">b</span> <span class="pl-en">rel2</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-en">h1</span> <span class="pl-c1">=</span> <span class="pl-en">free_mm</span> <span class="pl-en">h0</span> <span class="pl-en">r1</span> <span class="pl-k">in</span>
+                <span class="pl-c1">((</span><span class="pl-en">addr_of</span> <span class="pl-en">r1</span> <span class="pl-c1">=</span> <span class="pl-en">addr_of</span> <span class="pl-en">r2</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">r2</span> <span class="pl-c1">`</span><span class="pl-en">unused_in</span><span class="pl-c1">`</span> <span class="pl-en">h1</span><span class="pl-c1">)</span>      <span class="pl-c1">/\</span>
+             <span class="pl-c1">(</span><span class="pl-en">r2</span> <span class="pl-c1">`</span><span class="pl-en">unused_in</span><span class="pl-c1">`</span> <span class="pl-en">h0</span>       <span class="pl-c1">==&gt;</span> <span class="pl-en">r2</span> <span class="pl-c1">`</span><span class="pl-en">unused_in</span><span class="pl-c1">`</span> <span class="pl-en">h1</span><span class="pl-c1">)</span>      <span class="pl-c1">/\</span>
+             <span class="pl-c1">(</span><span class="pl-en">r2</span> <span class="pl-c1">`</span><span class="pl-en">unused_in</span><span class="pl-c1">`</span> <span class="pl-en">h1</span>       <span class="pl-c1">==&gt;</span> <span class="pl-c1">(</span><span class="pl-en">r2</span> <span class="pl-c1">`</span><span class="pl-en">unused_in</span><span class="pl-c1">`</span> <span class="pl-en">h0</span> <span class="pl-c1">\/</span> <span class="pl-en">addr_of</span> <span class="pl-en">r2</span> <span class="pl-c1">=</span> <span class="pl-en">addr_of</span> <span class="pl-en">r1</span><span class="pl-c1">)))))</span>
+     <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">r2</span> <span class="pl-c1">`</span><span class="pl-en">unused_in</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">free_mm</span> <span class="pl-en">h0</span> <span class="pl-en">r1</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_free_addr_unused_in</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span> <span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span> <span class="pl-c1">{</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span> <span class="pl-en">is_mm</span> <span class="pl-en">r</span> <span class="pl-c1">}</span> <span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">`</span><span class="pl-en">addr_unused_in</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">free_mm</span> <span class="pl-en">h</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">n</span> &lt;&gt; <span class="pl-en">addr_of</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">`</span><span class="pl-en">addr_unused_in</span><span class="pl-c1">`</span> <span class="pl-en">h</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">`</span><span class="pl-en">addr_unused_in</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">free_mm</span> <span class="pl-en">h</span> <span class="pl-en">r</span><span class="pl-c1">))]</span></pre></div>
+<ul>
+<li>AR: we can prove this lemma only if both the mreferences have same preorder</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_sel_same_addr</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r1</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r2</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r1</span> <span class="pl-c1">/\</span> <span class="pl-en">addr_of</span> <span class="pl-en">r1</span> <span class="pl-c1">=</span> <span class="pl-en">addr_of</span> <span class="pl-en">r2</span> <span class="pl-c1">/\</span> <span class="pl-en">is_mm</span> <span class="pl-en">r1</span> <span class="pl-c1">==</span> <span class="pl-en">is_mm</span> <span class="pl-en">r2</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r2</span> <span class="pl-c1">/\</span> <span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">r1</span> <span class="pl-c1">==</span> <span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">r2</span><span class="pl-c1">))</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPatOr</span> <span class="pl-c1">[</span>
+       <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">r1</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">r2</span><span class="pl-c1">)];</span>
+           <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r1</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r2</span><span class="pl-c1">)];</span>
+         <span class="pl-c1">]]</span></pre></div>
+<ul>
+<li>AR: this is true only if the preorder is same, else r2 may not be contained in h</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_sel_upd1</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r1</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r2</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">addr_of</span> <span class="pl-en">r1</span> <span class="pl-c1">=</span> <span class="pl-en">addr_of</span> <span class="pl-en">r2</span> <span class="pl-c1">/\</span> <span class="pl-en">is_mm</span> <span class="pl-en">r1</span> <span class="pl-c1">==</span> <span class="pl-en">is_mm</span> <span class="pl-en">r2</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">r1</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-en">r2</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">r1</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-en">r2</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_sel_upd2</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel1</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">rel2</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r1</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r2</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">b</span> <span class="pl-en">rel2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">addr_of</span> <span class="pl-en">r1</span> &lt;&gt; <span class="pl-en">addr_of</span> <span class="pl-en">r2</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">r2</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-en">r1</span> <span class="pl-c1">==</span> <span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">r1</span><span class="pl-c1">))</span>
+     <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">r2</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-en">r1</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_mref_injectivity</span>
+  <span class="pl-c1">:(</span><span class="pl-en">u</span><span class="pl-c1">:unit{</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">rel1</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">rel2</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r1</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r2</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">b</span> <span class="pl-en">rel2</span><span class="pl-c1">).</span> <span class="pl-en">a</span> <span class="pl-c1">=</span>!<span class="pl-c1">=</span> <span class="pl-en">b</span> <span class="pl-c1">==&gt;</span> <span class="pl-c1">~</span> <span class="pl-c1">(</span><span class="pl-en">eq3</span> <span class="pl-en">r1</span> <span class="pl-en">r2</span><span class="pl-c1">)})</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_mref_injectivity_preorder</span> <span class="pl-c1">(</span><span class="pl-c1">_</span><span class="pl-c1">:unit)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">rel1</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">rel2</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r1</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r2</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel2</span><span class="pl-c1">).</span> <span class="pl-en">rel1</span> <span class="pl-c1">=</span>!<span class="pl-c1">=</span> <span class="pl-en">rel2</span> <span class="pl-c1">==&gt;</span> <span class="pl-c1">~</span> <span class="pl-c1">(</span><span class="pl-en">eq3</span> <span class="pl-en">r1</span> <span class="pl-en">r2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_in_dom_emp</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">unused_in</span><span class="pl-c1">`</span> <span class="pl-en">emp</span><span class="pl-c1">))</span>
+     <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">unused_in</span><span class="pl-c1">`</span> <span class="pl-en">emp</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_upd_contains</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">((</span><span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">r</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+     <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">((</span><span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">r</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_well_typed_upd_contains</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel1</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">rel2</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r1</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r2</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">b</span> <span class="pl-en">rel2</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r1</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-en">h1</span> <span class="pl-c1">=</span> <span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">r1</span> <span class="pl-en">x</span> <span class="pl-k">in</span>
+                <span class="pl-en">h1</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r2</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r2</span><span class="pl-c1">))</span>
+     <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">((</span><span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">r1</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r2</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_unused_upd_contains</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel1</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">rel2</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r1</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r2</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">b</span> <span class="pl-en">rel2</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">r1</span> <span class="pl-c1">`</span><span class="pl-en">unused_in</span><span class="pl-c1">`</span> <span class="pl-en">h</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-en">h1</span> <span class="pl-c1">=</span> <span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">r1</span> <span class="pl-en">x</span> <span class="pl-k">in</span>
+                <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r2</span>  <span class="pl-c1">==&gt;</span> <span class="pl-en">h1</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r2</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+            <span class="pl-c1">(</span><span class="pl-en">h1</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r2</span> <span class="pl-c1">==&gt;</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r2</span> <span class="pl-c1">\/</span> <span class="pl-en">addr_of</span> <span class="pl-en">r2</span> <span class="pl-c1">=</span> <span class="pl-en">addr_of</span> <span class="pl-en">r1</span><span class="pl-c1">))))</span>
+     <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">((</span><span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">r1</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r2</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_upd_contains_different_addr</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel1</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">rel2</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r1</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r2</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">b</span> <span class="pl-en">rel2</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r2</span> <span class="pl-c1">/\</span> <span class="pl-en">addr_of</span> <span class="pl-en">r1</span> &lt;&gt; <span class="pl-en">addr_of</span> <span class="pl-en">r2</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">((</span><span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">r1</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r2</span><span class="pl-c1">))</span>
+     <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">((</span><span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">r1</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r2</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_upd_unused</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel1</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">rel2</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r1</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r2</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">b</span> <span class="pl-en">rel2</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">((</span><span class="pl-en">addr_of</span> <span class="pl-en">r1</span> &lt;&gt; <span class="pl-en">addr_of</span> <span class="pl-en">r2</span> <span class="pl-c1">/\</span> <span class="pl-en">r2</span> <span class="pl-c1">`</span><span class="pl-en">unused_in</span><span class="pl-c1">`</span> <span class="pl-en">h</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">r2</span> <span class="pl-c1">`</span><span class="pl-en">unused_in</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">r1</span> <span class="pl-en">x</span><span class="pl-c1">)))</span>
+     <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">r2</span> <span class="pl-c1">`</span><span class="pl-en">unused_in</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">r1</span> <span class="pl-en">x</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_contains_upd_modifies</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">singleton</span> <span class="pl-c1">(</span><span class="pl-en">addr_of</span> <span class="pl-en">r</span><span class="pl-c1">))</span> <span class="pl-en">h</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">r</span> <span class="pl-en">x</span><span class="pl-c1">)))</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">r</span> <span class="pl-en">x</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_unused_upd_modifies</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">unused_in</span><span class="pl-c1">`</span> <span class="pl-en">h</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">singleton</span> <span class="pl-c1">(</span><span class="pl-en">addr_of</span> <span class="pl-en">r</span><span class="pl-c1">))</span> <span class="pl-en">h</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">r</span> <span class="pl-en">x</span><span class="pl-c1">)))</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">r</span> <span class="pl-en">x</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">unused_in</span><span class="pl-c1">`</span> <span class="pl-en">h</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_sel_equals_sel_tot_for_contained_refs</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">{</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">})</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">sel_tot</span> <span class="pl-en">h</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">r</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_upd_equals_upd_tot_for_contained_refs</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">{</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">})</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">upd_tot</span> <span class="pl-en">h</span> <span class="pl-en">r</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">r</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_modifies_and_equal_dom_sel_diff_addr</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">h0</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h1</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">s</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span> <span class="pl-en">equal_dom</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span> <span class="pl-c1">(~</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">mem</span> <span class="pl-c1">(</span><span class="pl-en">addr_of</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">s</span><span class="pl-c1">))))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-en">h0</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-en">sel</span> <span class="pl-en">h1</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+     <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">s</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">equal_dom</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-en">h1</span> <span class="pl-en">r</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_heap_equality_upd_same_addr</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span> <span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r1</span> <span class="pl-en">r2</span><span class="pl-c1">:</span> <span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">((</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r1</span> <span class="pl-c1">\/</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r2</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">addr_of</span> <span class="pl-en">r1</span> <span class="pl-c1">=</span> <span class="pl-en">addr_of</span> <span class="pl-en">r2</span> <span class="pl-c1">/\</span> <span class="pl-en">is_mm</span> <span class="pl-en">r1</span> <span class="pl-c1">==</span> <span class="pl-en">is_mm</span> <span class="pl-en">r2</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">r1</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">r2</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_heap_equality_cancel_same_mref_upd</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">r</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-en">r</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">r</span> <span class="pl-en">y</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_heap_equality_upd_with_sel</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">h</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_heap_equality_commute_distinct_upds</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel_a</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">rel_b</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r1</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel_a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r2</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">b</span> <span class="pl-en">rel_b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">addr_of</span> <span class="pl-en">r1</span> <span class="pl-c1">=</span>!<span class="pl-c1">=</span> <span class="pl-en">addr_of</span> <span class="pl-en">r2</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">r1</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-en">r2</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">upd</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">r2</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-en">r1</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_next_addr_upd_tot</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h0</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">{</span><span class="pl-en">h0</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">})</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-en">h1</span> <span class="pl-c1">=</span> <span class="pl-en">upd_tot</span> <span class="pl-en">h0</span> <span class="pl-en">r</span> <span class="pl-en">x</span> <span class="pl-k">in</span> <span class="pl-en">next_addr</span> <span class="pl-en">h1</span> <span class="pl-c1">==</span> <span class="pl-en">next_addr</span> <span class="pl-en">h0</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_next_addr_upd</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h0</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-en">h1</span> <span class="pl-c1">=</span> <span class="pl-en">upd</span> <span class="pl-en">h0</span> <span class="pl-en">r</span> <span class="pl-en">x</span> <span class="pl-k">in</span> <span class="pl-en">next_addr</span> <span class="pl-en">h1</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">next_addr</span> <span class="pl-en">h0</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_next_addr_alloc</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h0</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">mm</span><span class="pl-c1">:bool)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-en">h1</span> <span class="pl-c1">=</span> <span class="pl-en">alloc</span> <span class="pl-en">rel</span> <span class="pl-en">h0</span> <span class="pl-en">x</span> <span class="pl-en">mm</span> <span class="pl-k">in</span> <span class="pl-en">next_addr</span> <span class="pl-en">h1</span> &gt; <span class="pl-en">next_addr</span> <span class="pl-en">h0</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_next_addr_free_mm</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h0</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">{</span><span class="pl-en">h0</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span> <span class="pl-en">is_mm</span> <span class="pl-en">r</span><span class="pl-c1">})</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-en">h1</span> <span class="pl-c1">=</span> <span class="pl-en">free_mm</span> <span class="pl-en">h0</span> <span class="pl-en">r</span> <span class="pl-k">in</span> <span class="pl-en">next_addr</span> <span class="pl-en">h1</span> <span class="pl-c1">==</span> <span class="pl-en">next_addr</span> <span class="pl-en">h0</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_next_addr_contained_refs_addr</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">addr_of</span> <span class="pl-en">r</span> &lt; <span class="pl-en">next_addr</span> <span class="pl-en">h</span><span class="pl-c1">)</span></pre></div>
+<h3>
+<a id="user-content-untyped-views-of-monotonic-references" class="anchor" href="#untyped-views-of-monotonic-references" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Untyped views of monotonic references</h3>
+<p>Definition and ghost decidable equality</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">aref</span><span class="pl-c1">:</span> <span class="pl-c1">Type0</span>
+<span class="pl-k">val</span> <span class="pl-en">dummy_aref</span><span class="pl-c1">:</span> <span class="pl-en">aref</span>
+<span class="pl-k">val</span> <span class="pl-en">aref_equal</span> <span class="pl-c1">(</span><span class="pl-en">a1</span> <span class="pl-en">a2</span><span class="pl-c1">:</span> <span class="pl-en">aref</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Ghost</span> <span class="pl-c1">bool</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span> <span class="pl-c1">==</span> <span class="pl-c1">true</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">a1</span> <span class="pl-c1">==</span> <span class="pl-en">a2</span><span class="pl-c1">))</span></pre></div>
+<p>Introduction rule</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">aref_of</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">rel</span><span class="pl-c1">:</span> <span class="pl-en">preorder</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-en">mref</span> <span class="pl-en">t</span> <span class="pl-en">rel</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">aref</span></pre></div>
+<p>Operators lifted from ref</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">addr_of_aref</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-en">aref</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span> <span class="pl-c1">nat</span> <span class="pl-c1">{</span> <span class="pl-en">n</span> &gt; <span class="pl-c1">0</span> <span class="pl-c1">}</span> <span class="pl-c1">)</span>
+<span class="pl-k">val</span> <span class="pl-en">addr_of_aref_of</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">rel</span><span class="pl-c1">:</span> <span class="pl-en">preorder</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-en">mref</span> <span class="pl-en">t</span> <span class="pl-en">rel</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">addr_of</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-en">addr_of_aref</span> <span class="pl-c1">(</span><span class="pl-en">aref_of</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+<span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">addr_of_aref</span> <span class="pl-c1">(</span><span class="pl-en">aref_of</span> <span class="pl-en">r</span><span class="pl-c1">))]</span>
+<span class="pl-k">val</span> <span class="pl-en">aref_is_mm</span><span class="pl-c1">:</span> <span class="pl-en">aref</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">bool</span>
+<span class="pl-k">val</span> <span class="pl-en">is_mm_aref_of</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">rel</span><span class="pl-c1">:</span> <span class="pl-en">preorder</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-en">mref</span> <span class="pl-en">t</span> <span class="pl-en">rel</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">is_mm</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-en">aref_is_mm</span> <span class="pl-c1">(</span><span class="pl-en">aref_of</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+<span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">aref_is_mm</span> <span class="pl-c1">(</span><span class="pl-en">aref_of</span> <span class="pl-en">r</span><span class="pl-c1">))]</span>
+<span class="pl-k">val</span> <span class="pl-en">aref_unused_in</span><span class="pl-c1">:</span> <span class="pl-en">aref</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">heap</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0</span>
+<span class="pl-k">val</span> <span class="pl-en">unused_in_aref_of</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">rel</span><span class="pl-c1">:</span> <span class="pl-en">preorder</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-en">mref</span> <span class="pl-en">t</span> <span class="pl-en">rel</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-en">heap</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">unused_in</span> <span class="pl-en">r</span> <span class="pl-en">h</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">aref_unused_in</span> <span class="pl-c1">(</span><span class="pl-en">aref_of</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">h</span><span class="pl-c1">)</span>
+<span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">aref_unused_in</span> <span class="pl-c1">(</span><span class="pl-en">aref_of</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">h</span><span class="pl-c1">)]</span>
+<span class="pl-k">val</span> <span class="pl-en">contains_aref_unused_in</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">rel</span><span class="pl-c1">:</span> <span class="pl-en">preorder</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">aref</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">contains</span> <span class="pl-en">h</span> <span class="pl-en">x</span> <span class="pl-c1">/\</span> <span class="pl-en">aref_unused_in</span> <span class="pl-en">y</span> <span class="pl-en">h</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">addr_of</span> <span class="pl-en">x</span> &lt;&gt; <span class="pl-en">addr_of_aref</span> <span class="pl-en">y</span><span class="pl-c1">))</span></pre></div>
+<p>Elimination rule</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">aref_live_at</span><span class="pl-c1">:</span> <span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-en">heap</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-en">aref</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type0</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">rel</span><span class="pl-c1">:</span> <span class="pl-en">preorder</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span>
+<span class="pl-k">val</span> <span class="pl-en">gref_of</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-en">aref</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type0</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">rel</span><span class="pl-c1">:</span> <span class="pl-en">preorder</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Ghost</span> <span class="pl-c1">(</span><span class="pl-en">mref</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-en">h</span> <span class="pl-c1">.</span> <span class="pl-en">aref_live_at</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span>
+<span class="pl-k">val</span> <span class="pl-en">ref_of</span><span class="pl-c1">:</span> <span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-en">heap</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-en">aref</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type0</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">rel</span><span class="pl-c1">:</span> <span class="pl-en">preorder</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">mref</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">aref_live_at</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">aref_live_at</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span> <span class="pl-c1">/\</span> <span class="pl-en">addr_of</span> <span class="pl-c1">(</span><span class="pl-en">gref_of</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">addr_of</span> <span class="pl-en">x</span> <span class="pl-c1">/\</span> <span class="pl-en">is_mm</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">aref_is_mm</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+<span class="pl-k">val</span> <span class="pl-en">aref_live_at_aref_of</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-en">heap</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type0)</span>
+  <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span> <span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-en">mref</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">aref_live_at</span> <span class="pl-en">h</span> <span class="pl-c1">(</span><span class="pl-en">aref_of</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">t</span> <span class="pl-en">rel</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">contains</span> <span class="pl-en">h</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">aref_live_at</span> <span class="pl-en">h</span> <span class="pl-c1">(</span><span class="pl-en">aref_of</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)]</span>
+<span class="pl-k">val</span> <span class="pl-en">contains_gref_of</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-en">heap</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-en">aref</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type0)</span>
+  <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span> <span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-en">h'</span> <span class="pl-c1">.</span> <span class="pl-en">aref_live_at</span> <span class="pl-en">h'</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">((</span><span class="pl-k">exists</span> <span class="pl-en">h'</span> <span class="pl-c1">.</span> <span class="pl-en">aref_live_at</span> <span class="pl-en">h'</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-en">contains</span> <span class="pl-en">h</span> <span class="pl-c1">(</span><span class="pl-en">gref_of</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">aref_live_at</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPatOr</span> <span class="pl-c1">[</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">contains</span> <span class="pl-en">h</span> <span class="pl-c1">(</span><span class="pl-en">gref_of</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">))];</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">aref_live_at</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)];</span>
+  <span class="pl-c1">]]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">aref_of_gref_of</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-en">aref</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type0)</span>
+  <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span> <span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-en">h</span> <span class="pl-c1">.</span> <span class="pl-en">aref_live_at</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">((</span><span class="pl-k">exists</span> <span class="pl-en">h</span> <span class="pl-c1">.</span> <span class="pl-en">aref_live_at</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">aref_of</span> <span class="pl-c1">(</span><span class="pl-en">gref_of</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">aref_of</span> <span class="pl-c1">(</span><span class="pl-en">gref_of</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">))]</span></pre></div>
+<p>Operators lowered to ref</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">addr_of_gref_of</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-en">aref</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type0)</span>
+  <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span> <span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-en">h</span> <span class="pl-c1">.</span> <span class="pl-en">aref_live_at</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">((</span><span class="pl-k">exists</span> <span class="pl-en">h</span> <span class="pl-c1">.</span> <span class="pl-en">aref_live_at</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">addr_of</span> <span class="pl-c1">(</span><span class="pl-en">gref_of</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">addr_of_aref</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">addr_of</span> <span class="pl-c1">(</span><span class="pl-en">gref_of</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">is_mm_gref_of</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-en">aref</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type0)</span>
+  <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span> <span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-en">h</span> <span class="pl-c1">.</span> <span class="pl-en">aref_live_at</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">((</span><span class="pl-k">exists</span> <span class="pl-en">h</span> <span class="pl-c1">.</span> <span class="pl-en">aref_live_at</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">is_mm</span> <span class="pl-c1">(</span><span class="pl-en">gref_of</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">aref_is_mm</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">is_mm</span> <span class="pl-c1">(</span><span class="pl-en">gref_of</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">unused_in_gref_of</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-en">aref</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type0)</span>
+  <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span> <span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-en">heap</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-en">h</span> <span class="pl-c1">.</span> <span class="pl-en">aref_live_at</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">((</span><span class="pl-k">exists</span> <span class="pl-en">h</span> <span class="pl-c1">.</span> <span class="pl-en">aref_live_at</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-en">unused_in</span> <span class="pl-c1">(</span><span class="pl-en">gref_of</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-en">h</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">aref_unused_in</span> <span class="pl-en">a</span> <span class="pl-en">h</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">unused_in</span> <span class="pl-c1">(</span><span class="pl-en">gref_of</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-en">h</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sel_ref_of</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-en">aref</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type0)</span>
+  <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span> <span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">:</span> <span class="pl-en">heap</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">aref_live_at</span> <span class="pl-en">h1</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span> <span class="pl-c1">/\</span> <span class="pl-en">aref_live_at</span> <span class="pl-en">h2</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">aref_live_at</span> <span class="pl-en">h2</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span> <span class="pl-c1">/\</span> <span class="pl-en">sel</span> <span class="pl-en">h1</span> <span class="pl-c1">(</span><span class="pl-en">ref_of</span> <span class="pl-en">h2</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">sel</span> <span class="pl-en">h1</span> <span class="pl-c1">(</span><span class="pl-en">gref_of</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-en">h1</span> <span class="pl-c1">(</span><span class="pl-en">ref_of</span> <span class="pl-en">h2</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">upd_ref_of</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-en">aref</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type0)</span>
+  <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span> <span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">:</span> <span class="pl-en">heap</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">aref_live_at</span> <span class="pl-en">h1</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span> <span class="pl-c1">/\</span> <span class="pl-en">aref_live_at</span> <span class="pl-en">h2</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">aref_live_at</span> <span class="pl-en">h2</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span> <span class="pl-c1">/\</span> <span class="pl-en">upd</span> <span class="pl-en">h1</span> <span class="pl-c1">(</span><span class="pl-en">ref_of</span> <span class="pl-en">h2</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">upd</span> <span class="pl-en">h1</span> <span class="pl-c1">(</span><span class="pl-en">gref_of</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">h1</span> <span class="pl-c1">(</span><span class="pl-en">ref_of</span> <span class="pl-en">h2</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-en">x</span><span class="pl-c1">)]</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Monotonic.HyperHeap.html b/docs/FStar.Monotonic.HyperHeap.html
index dba9a44..91e430e 100644
--- a/docs/FStar.Monotonic.HyperHeap.html
+++ b/docs/FStar.Monotonic.HyperHeap.html
@@ -1,16 +1,152 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Monotonic.HyperHeap</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.monotonic.hyperheap">module FStar.Monotonic.HyperHeap</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarmonotonichyperheap" class="anchor" href="#fstarmonotonichyperheap" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Monotonic.HyperHeap</h1>
+<ul>
+<li>
+<p>Aliases module <a href="FStar.Set.html"> FStar.Set</a> as <code>Set </code></p>
+</li>
+<li>
+<p>Aliases module <a href="FStar.Map.html"> FStar.Map</a> as <code>Map </code></p>
+</li>
+<li>
+<p>Opens module <a href="FStar.Monotonic.Heap.html">FStar.Monotonic.Heap</a></p>
+</li>
+<li>
+<p>Opens module <a href="FStar.Ghost.html">FStar.Ghost</a></p>
+</li>
+<li>
+<p>This module provides the map view of the memory and associated functions and lemmas</p>
+</li>
+<li>
+<p>The intention of this module is for it to be included in HyperStack</p>
+</li>
+<li>
+<p>Clients should not open/know about HyperHeap, they should work only with HyperStack</p>
+</li>
+<li>
+<p>AR: mark it must_erase_for_extraction temporarily until CMI comes in</p>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">must_erase_for_extraction</span><span class="pl-c1">]</span>
+<span class="pl-k">val</span> <span class="pl-en">rid</span> <span class="pl-c1">:eqtype</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">reveal</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-c1">(int</span> * <span class="pl-c1">int))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">color</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-c1">GTot</span> <span class="pl-c1">int</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">rid_freeable</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">bool</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">hmap</span> <span class="pl-c1">=</span> <span class="pl-smi">Map.</span><span class="pl-en">t</span> <span class="pl-en">rid</span> <span class="pl-en">heap</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">root</span> <span class="pl-c1">:</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">{</span><span class="pl-en">color</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-c1">0</span> <span class="pl-c1">/\</span> <span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-en">rid_freeable</span> <span class="pl-en">r</span><span class="pl-c1">)}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">root_has_color_zero</span> <span class="pl-c1">(</span><span class="pl-en">u</span><span class="pl-c1">:unit)</span> <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">color</span> <span class="pl-en">root</span> <span class="pl-c1">==</span> <span class="pl-c1">0</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">root_is_not_freeable</span> <span class="pl-c1">(</span><span class="pl-c1">_</span><span class="pl-c1">:unit)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-en">rid_freeable</span> <span class="pl-en">root</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">rid_length</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-c1">GTot</span> <span class="pl-c1">nat</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">rid_tail</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">{</span><span class="pl-en">rid_length</span> <span class="pl-en">r</span> &gt; <span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">:</span><span class="pl-en">rid</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">includes</span> <span class="pl-c1">(</span><span class="pl-en">r1</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r2</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-c1">GTot</span> <span class="pl-c1">bool</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">r2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">disjoint</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">j</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-c1">GTot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-en">includes</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-en">includes</span> <span class="pl-en">j</span> <span class="pl-en">i</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_disjoint_includes</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">j</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span>  <span class="pl-c1">(</span><span class="pl-en">disjoint</span> <span class="pl-en">i</span> <span class="pl-en">j</span> <span class="pl-c1">/\</span> <span class="pl-en">includes</span> <span class="pl-en">j</span> <span class="pl-en">k</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>   <span class="pl-c1">(</span><span class="pl-en">disjoint</span> <span class="pl-en">i</span> <span class="pl-en">k</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-smi">List.Tot.</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">k</span><span class="pl-c1">)))</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">disjoint</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">includes</span> <span class="pl-en">j</span> <span class="pl-en">k</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">extends</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">j</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-c1">GTot</span> <span class="pl-c1">bool</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">parent</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">{</span><span class="pl-en">r</span> <span class="pl-c1">=</span>!<span class="pl-c1">=</span> <span class="pl-en">root</span><span class="pl-c1">})</span> <span class="pl-c1">:</span><span class="pl-en">rid</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_includes_refl</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">includes</span> <span class="pl-en">i</span> <span class="pl-en">i</span><span class="pl-c1">)</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">includes</span> <span class="pl-en">i</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_extends_includes</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">j</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">extends</span> <span class="pl-en">j</span> <span class="pl-en">i</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">includes</span> <span class="pl-en">i</span> <span class="pl-en">j</span> <span class="pl-c1">/\</span> <span class="pl-en">not</span><span class="pl-c1">(</span><span class="pl-en">includes</span> <span class="pl-en">j</span> <span class="pl-en">i</span><span class="pl-c1">)))</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">extends</span> <span class="pl-en">j</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_includes_anti_symmetric</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">j</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">includes</span> <span class="pl-en">i</span> <span class="pl-en">j</span> <span class="pl-c1">/\</span> <span class="pl-en">i</span> <span class="pl-c1">=</span>!<span class="pl-c1">=</span> <span class="pl-en">j</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-en">includes</span> <span class="pl-en">j</span> <span class="pl-en">i</span><span class="pl-c1">)))</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">includes</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_extends_disjoint</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">j</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">extends</span> <span class="pl-en">j</span> <span class="pl-en">i</span> <span class="pl-c1">/\</span> <span class="pl-en">extends</span> <span class="pl-en">k</span> <span class="pl-en">i</span> <span class="pl-c1">/\</span> <span class="pl-en">j</span> <span class="pl-c1">=</span>!<span class="pl-c1">=</span> <span class="pl-en">k</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">disjoint</span> <span class="pl-en">j</span> <span class="pl-en">k</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_extends_parent</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">{</span><span class="pl-en">i</span> <span class="pl-c1">=</span>!<span class="pl-c1">=</span> <span class="pl-en">root</span><span class="pl-c1">})</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">extends</span> <span class="pl-en">i</span> <span class="pl-c1">(</span><span class="pl-en">parent</span> <span class="pl-en">i</span><span class="pl-c1">))</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">parent</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_extends_not_root</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">j</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">{</span><span class="pl-en">extends</span> <span class="pl-en">j</span> <span class="pl-en">i</span><span class="pl-c1">})</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">j</span> <span class="pl-c1">=</span>!<span class="pl-c1">=</span> <span class="pl-en">root</span><span class="pl-c1">)</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">extends</span> <span class="pl-en">j</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_extends_only_parent</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">j</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">{</span><span class="pl-en">extends</span> <span class="pl-en">j</span> <span class="pl-en">i</span><span class="pl-c1">})</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-en">parent</span> <span class="pl-en">j</span><span class="pl-c1">)</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">extends</span> <span class="pl-en">j</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mod_set</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">:(</span><span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-en">rid</span><span class="pl-c1">)</span>
+<span class="pl-k">assume</span> <span class="pl-c1">Mod_set_def</span><span class="pl-c1">:</span> <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-en">rid</span><span class="pl-c1">).</span> <span class="pl-c1">{:pattern</span> <span class="pl-smi">Set.</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">mod_set</span> <span class="pl-en">s</span><span class="pl-c1">)}</span>
+                    <span class="pl-smi">Set.</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">mod_set</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">).</span> <span class="pl-smi">Set.</span><span class="pl-en">mem</span> <span class="pl-en">y</span> <span class="pl-en">s</span> <span class="pl-c1">/\</span> <span class="pl-en">includes</span> <span class="pl-en">y</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m0</span><span class="pl-c1">:</span><span class="pl-en">hmap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">hmap</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-smi">Map.</span><span class="pl-en">equal</span> <span class="pl-en">m1</span> <span class="pl-c1">(</span><span class="pl-smi">Map.</span><span class="pl-en">concat</span> <span class="pl-en">m1</span> <span class="pl-c1">(</span><span class="pl-smi">Map.</span><span class="pl-en">restrict</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">complement</span> <span class="pl-c1">(</span><span class="pl-en">mod_set</span> <span class="pl-en">s</span><span class="pl-c1">))</span> <span class="pl-en">m0</span><span class="pl-c1">))</span> <span class="pl-c1">/\</span>
+  <span class="pl-smi">Set.</span><span class="pl-en">subset</span> <span class="pl-c1">(</span><span class="pl-smi">Map.</span><span class="pl-en">domain</span> <span class="pl-en">m0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">Map.</span><span class="pl-en">domain</span> <span class="pl-en">m1</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">modifies_just</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m0</span><span class="pl-c1">:</span><span class="pl-en">hmap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">hmap</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-smi">Map.</span><span class="pl-en">equal</span> <span class="pl-en">m1</span> <span class="pl-c1">(</span><span class="pl-smi">Map.</span><span class="pl-en">concat</span> <span class="pl-en">m1</span> <span class="pl-c1">(</span><span class="pl-smi">Map.</span><span class="pl-en">restrict</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">complement</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">m0</span><span class="pl-c1">))</span> <span class="pl-c1">/\</span>
+  <span class="pl-smi">Set.</span><span class="pl-en">subset</span> <span class="pl-c1">(</span><span class="pl-smi">Map.</span><span class="pl-en">domain</span> <span class="pl-en">m0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">Map.</span><span class="pl-en">domain</span> <span class="pl-en">m1</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">modifies_one</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m0</span><span class="pl-c1">:</span><span class="pl-en">hmap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">hmap</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">modifies_just</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">singleton</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">equal_on</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m0</span><span class="pl-c1">:</span><span class="pl-en">hmap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">hmap</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+ <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">).</span> <span class="pl-c1">{:pattern</span> <span class="pl-c1">(</span><span class="pl-smi">Map.</span><span class="pl-en">contains</span> <span class="pl-en">m0</span> <span class="pl-en">r</span><span class="pl-c1">)}</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">mem</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">mod_set</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-smi">Map.</span><span class="pl-en">contains</span> <span class="pl-en">m0</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-smi">Map.</span><span class="pl-en">contains</span> <span class="pl-en">m1</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+ <span class="pl-smi">Map.</span><span class="pl-en">equal</span> <span class="pl-en">m1</span> <span class="pl-c1">(</span><span class="pl-smi">Map.</span><span class="pl-en">concat</span> <span class="pl-en">m1</span> <span class="pl-c1">(</span><span class="pl-smi">Map.</span><span class="pl-en">restrict</span> <span class="pl-c1">(</span><span class="pl-en">mod_set</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">m0</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lemma_modifies_just_trans</span> <span class="pl-c1">(</span><span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">hmap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m2</span><span class="pl-c1">:</span><span class="pl-en">hmap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m3</span><span class="pl-c1">:</span><span class="pl-en">hmap</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">modifies_just</span> <span class="pl-en">s1</span> <span class="pl-en">m1</span> <span class="pl-en">m2</span> <span class="pl-c1">/\</span> <span class="pl-en">modifies_just</span> <span class="pl-en">s2</span> <span class="pl-en">m2</span> <span class="pl-en">m3</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">modifies_just</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">union</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-en">m1</span> <span class="pl-en">m3</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lemma_modifies_trans</span> <span class="pl-c1">(</span><span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">hmap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m2</span><span class="pl-c1">:</span><span class="pl-en">hmap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m3</span><span class="pl-c1">:</span><span class="pl-en">hmap</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">s1</span> <span class="pl-en">m1</span> <span class="pl-en">m2</span> <span class="pl-c1">/\</span> <span class="pl-en">modifies</span> <span class="pl-en">s2</span> <span class="pl-en">m2</span> <span class="pl-en">m3</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">union</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-en">m1</span> <span class="pl-en">m3</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_includes_trans</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">j</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span>  <span class="pl-c1">(</span><span class="pl-en">includes</span> <span class="pl-en">i</span> <span class="pl-en">j</span> <span class="pl-c1">/\</span> <span class="pl-en">includes</span> <span class="pl-en">j</span> <span class="pl-en">k</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>   <span class="pl-c1">(</span><span class="pl-en">includes</span> <span class="pl-en">i</span> <span class="pl-en">k</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">k</span><span class="pl-c1">))</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">includes</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">includes</span> <span class="pl-en">j</span> <span class="pl-en">k</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_modset</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">j</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">includes</span> <span class="pl-en">j</span> <span class="pl-en">i</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">subset</span> <span class="pl-c1">(</span><span class="pl-en">mod_set</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">singleton</span> <span class="pl-en">i</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">mod_set</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">singleton</span> <span class="pl-en">j</span><span class="pl-c1">))))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_modifies_includes</span> <span class="pl-c1">(</span><span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">hmap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m2</span><span class="pl-c1">:</span><span class="pl-en">hmap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">j</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">singleton</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-en">m1</span> <span class="pl-en">m2</span> <span class="pl-c1">/\</span> <span class="pl-en">includes</span> <span class="pl-en">j</span> <span class="pl-en">i</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">singleton</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-en">m1</span> <span class="pl-en">m2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_modifies_includes2</span> <span class="pl-c1">(</span><span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">hmap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m2</span><span class="pl-c1">:</span><span class="pl-en">hmap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">s1</span> <span class="pl-en">m1</span> <span class="pl-en">m2</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span>  <span class="pl-smi">Set.</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s1</span> <span class="pl-c1">==&gt;</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-en">y</span><span class="pl-c1">.</span> <span class="pl-smi">Set.</span><span class="pl-en">mem</span> <span class="pl-en">y</span> <span class="pl-en">s2</span> <span class="pl-c1">/\</span> <span class="pl-en">includes</span> <span class="pl-en">y</span> <span class="pl-en">x</span><span class="pl-c1">))))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-en">s2</span> <span class="pl-en">m1</span> <span class="pl-en">m2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_disjoint_parents</span> <span class="pl-c1">(</span><span class="pl-en">pr</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ps</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">extends</span><span class="pl-c1">`</span> <span class="pl-en">pr</span> <span class="pl-c1">/\</span> <span class="pl-en">s</span> <span class="pl-c1">`</span><span class="pl-en">extends</span><span class="pl-c1">`</span> <span class="pl-en">ps</span> <span class="pl-c1">/\</span> <span class="pl-en">disjoint</span> <span class="pl-en">pr</span> <span class="pl-en">ps</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">disjoint</span> <span class="pl-en">r</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">extends</span> <span class="pl-en">r</span> <span class="pl-en">pr</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">extends</span> <span class="pl-en">s</span> <span class="pl-en">ps</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">disjoint</span> <span class="pl-en">pr</span> <span class="pl-en">ps</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_include_cons</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">j</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">=</span>!<span class="pl-c1">=</span> <span class="pl-en">j</span> <span class="pl-c1">/\</span> <span class="pl-en">includes</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">j</span> <span class="pl-c1">=</span>!<span class="pl-c1">=</span> <span class="pl-en">root</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">disjoint_regions</span> <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+     <span class="pl-k">forall</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">.</span> <span class="pl-c1">{:pattern</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s1</span><span class="pl-c1">);</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">mem</span> <span class="pl-en">y</span> <span class="pl-en">s2</span><span class="pl-c1">)}</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s1</span> <span class="pl-c1">/\</span> <span class="pl-smi">Set.</span><span class="pl-en">mem</span> <span class="pl-en">y</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">disjoint</span> <span class="pl-en">x</span> <span class="pl-en">y</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">extends_parent</span> <span class="pl-c1">(</span><span class="pl-en">tip</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">{</span><span class="pl-en">tip</span> <span class="pl-c1">=</span>!<span class="pl-c1">=</span> <span class="pl-en">root</span><span class="pl-c1">})</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">extends</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">parent</span> <span class="pl-en">tip</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">r</span> <span class="pl-c1">=</span>!<span class="pl-c1">=</span> <span class="pl-en">tip</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">disjoint</span> <span class="pl-en">r</span> <span class="pl-en">tip</span> <span class="pl-c1">\/</span> <span class="pl-en">extends</span> <span class="pl-en">r</span> <span class="pl-en">tip</span><span class="pl-c1">)</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">extends</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">parent</span> <span class="pl-en">tip</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">includes_child</span> <span class="pl-c1">(</span><span class="pl-en">tip</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">{</span><span class="pl-en">tip</span> <span class="pl-c1">=</span>!<span class="pl-c1">=</span> <span class="pl-en">root</span><span class="pl-c1">})</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">includes</span> <span class="pl-en">r</span> <span class="pl-en">tip</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-en">tip</span> <span class="pl-c1">\/</span> <span class="pl-en">includes</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">parent</span> <span class="pl-en">tip</span><span class="pl-c1">))</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">includes</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">parent</span> <span class="pl-en">tip</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">root_is_root</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">includes</span> <span class="pl-en">s</span> <span class="pl-en">root</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">s</span> <span class="pl-c1">==</span> <span class="pl-en">root</span><span class="pl-c1">))</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">includes</span> <span class="pl-en">s</span> <span class="pl-en">root</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">extend_post</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">freeable</span><span class="pl-c1">:bool)</span> <span class="pl-c1">:</span> <span class="pl-en">pure_post</span> <span class="pl-en">rid</span> <span class="pl-c1">=</span>
+  <span class="pl-k">fun</span> <span class="pl-en">s</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">s</span> <span class="pl-c1">`</span><span class="pl-en">extends</span><span class="pl-c1">`</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span>
+  <span class="pl-c1">Cons</span><span class="pl-c1">?</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+  <span class="pl-c1">Cons</span><span class="pl-c1">?.</span><span class="pl-en">hd</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">,</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+  <span class="pl-en">color</span> <span class="pl-en">s</span> <span class="pl-c1">==</span> <span class="pl-en">c</span> <span class="pl-c1">/\</span>
+  <span class="pl-en">rid_freeable</span> <span class="pl-en">s</span> <span class="pl-c1">==</span> <span class="pl-en">freeable</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">extend</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:int)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">rid</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">extend_post</span> <span class="pl-en">r</span> <span class="pl-en">n</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">rid_freeable</span> <span class="pl-en">r</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">extend_monochrome_freeable</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">freeable</span><span class="pl-c1">:bool)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">rid</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">extend_post</span> <span class="pl-en">r</span> <span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">color</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">freeable</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">extend_monochrome</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:int)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">rid</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">extend_post</span> <span class="pl-en">r</span> <span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">color</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">rid_freeable</span> <span class="pl-en">r</span><span class="pl-c1">))</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Monotonic.HyperStack.html b/docs/FStar.Monotonic.HyperStack.html
index 52eedb6..04a36a2 100644
--- a/docs/FStar.Monotonic.HyperStack.html
+++ b/docs/FStar.Monotonic.HyperStack.html
@@ -1,65 +1,514 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Monotonic.HyperStack</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.monotonic.hyperstack">module FStar.Monotonic.HyperStack</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">**** Some predicates *****</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">**** Mem definition *****</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">**** Lemmas about mem <span class="kw">and</span> predicates *****</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">***** map_invariant related lemmas *****</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">**** downward_closed related lemmas ******</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">**** tip_top related lemmas *****</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">**** rid_ctr_pred related lemmas *****</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">**** Operations on mem *****</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">**** The following two lemmas are only used <span class="kw">in</span> FStar<span class="kw">.</span>Pointer<span class="kw">.</span>Base, <span class="kw">and</span> invoked explicitly *****</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">**** API <span class="kw">for</span> generating modifies clauses <span class="kw">in</span> the old style, should <span class="kw">use</span> <span class="kw">new</span> modifies clauses now *****</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">**** Lemmas about equality <span class="kw">of</span> mem *****</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">* Untyped views <span class="kw">of</span> references </code></pre></div>
+<h1>
+<a id="user-content-fstarmonotonichyperstack" class="anchor" href="#fstarmonotonichyperstack" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Monotonic.HyperStack</h1>
+<ul>
+<li>
+<p>Opens module <a href="FStar.Preorder.html">FStar.Preorder</a></p>
+</li>
+<li>
+<p>Aliases module <a href="FStar.Map.html"> FStar.Map</a> as <code>Map </code></p>
+</li>
+<li>
+<p>Includes module <a href="FStar.Monotonic.HyperHeap.html">FStar.Monotonic.HyperHeap</a></p>
+</li>
+</ul>
+<p>***** Some predicates *****</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">is_in</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">hmap</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">is_stack_region</span> <span class="pl-en">r</span> <span class="pl-c1">=</span> <span class="pl-en">color</span> <span class="pl-en">r</span> &gt; <span class="pl-c1">0</span>
+<span class="pl-k">let</span> <span class="pl-en">is_heap_color</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">c</span> &lt;<span class="pl-c1">=</span> <span class="pl-c1">0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>FStar.HyperStack.ST.is_eternal_region<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">let</span> <span class="pl-en">is_eternal_region</span> <span class="pl-en">r</span>  <span class="pl-c1">=</span> <span class="pl-en">is_heap_color</span> <span class="pl-c1">(</span><span class="pl-en">color</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-en">rid_freeable</span> <span class="pl-en">r</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">is_eternal_region_hs</span> <span class="pl-en">r</span> <span class="pl-c1">=</span> <span class="pl-en">is_heap_color</span> <span class="pl-c1">(</span><span class="pl-en">color</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-en">rid_freeable</span> <span class="pl-en">r</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">sid</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">{</span><span class="pl-en">is_stack_region</span> <span class="pl-en">r</span><span class="pl-c1">}</span> <span class="pl-c">//stack region ids</span></pre></div>
+<ul>
+<li>AR: marking these unfolds, else I think there are pattern firing issues depending on which one we use</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">is_above</span> <span class="pl-en">r1</span> <span class="pl-en">r2</span>          <span class="pl-c1">=</span> <span class="pl-en">r1</span> <span class="pl-c1">`</span><span class="pl-en">includes</span><span class="pl-c1">`</span> <span class="pl-en">r2</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">is_just_below</span> <span class="pl-en">r1</span> <span class="pl-en">r2</span>     <span class="pl-c1">=</span> <span class="pl-en">r1</span> <span class="pl-c1">`</span><span class="pl-en">extends</span><span class="pl-c1">`</span>  <span class="pl-en">r2</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">is_below</span> <span class="pl-en">r1</span> <span class="pl-en">r2</span>          <span class="pl-c1">=</span> <span class="pl-en">r2</span> <span class="pl-c1">`</span><span class="pl-en">is_above</span><span class="pl-c1">`</span> <span class="pl-en">r1</span>
+<span class="pl-k">let</span> <span class="pl-en">is_strictly_below</span> <span class="pl-en">r1</span> <span class="pl-en">r2</span> <span class="pl-c1">=</span> <span class="pl-en">r1</span> <span class="pl-c1">`</span><span class="pl-en">is_below</span><span class="pl-c1">`</span> <span class="pl-en">r2</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">r1</span> &lt;&gt; <span class="pl-en">r2</span>
+<span class="pl-k">let</span> <span class="pl-en">is_strictly_above</span> <span class="pl-en">r1</span> <span class="pl-en">r2</span> <span class="pl-c1">=</span> <span class="pl-en">r1</span> <span class="pl-c1">`</span><span class="pl-en">is_above</span><span class="pl-c1">`</span> <span class="pl-en">r2</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">r1</span> &lt;&gt; <span class="pl-en">r2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-s"><span class="pl-pds">"</span>opaque_to_smt<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">unfold</span> <span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">map_invariant_predicate</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">hmap</span><span class="pl-c1">)</span> <span class="pl-c1">:Type0</span> <span class="pl-c1">=</span>
+  <span class="pl-k">forall</span> <span class="pl-en">r</span><span class="pl-c1">.</span> <span class="pl-smi">Map.</span><span class="pl-en">contains</span> <span class="pl-en">m</span> <span class="pl-en">r</span> <span class="pl-c1">==&gt;</span>
+      <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">s</span><span class="pl-c1">.</span> <span class="pl-en">includes</span> <span class="pl-en">s</span> <span class="pl-en">r</span> <span class="pl-c1">==&gt;</span> <span class="pl-smi">Map.</span><span class="pl-en">contains</span> <span class="pl-en">m</span> <span class="pl-en">s</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-s"><span class="pl-pds">"</span>opaque_to_smt<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">unfold</span> <span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">downward_closed_predicate</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">hmap</span><span class="pl-c1">)</span> <span class="pl-c1">:Type0</span> <span class="pl-c1">=</span>
+  <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">).</span> <span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">is_in</span><span class="pl-c1">`</span> <span class="pl-en">h</span>  <span class="pl-c">//for any region in the memory</span>
+        <span class="pl-c1">==&gt;</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">=</span><span class="pl-en">root</span>    <span class="pl-c">//either is the root</span>
+            <span class="pl-c1">\/</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">).</span> <span class="pl-c1">(</span><span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">is_above</span><span class="pl-c1">`</span> <span class="pl-en">s</span>  <span class="pl-c">//or, any region beneath it</span>
+                           <span class="pl-c1">/\</span> <span class="pl-en">s</span> <span class="pl-c1">`</span><span class="pl-en">is_in</span><span class="pl-c1">`</span> <span class="pl-en">h</span><span class="pl-c1">)</span>   <span class="pl-c">//that is also in the memory</span>
+                     <span class="pl-c1">==&gt;</span> <span class="pl-c1">((</span><span class="pl-en">is_stack_region</span> <span class="pl-en">r</span> <span class="pl-c1">=</span> <span class="pl-en">is_stack_region</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>  <span class="pl-c">//must be of the same flavor as itself</span>
+                          <span class="pl-c1">((</span><span class="pl-en">is_heap_color</span> <span class="pl-c1">(</span><span class="pl-en">color</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">rid_freeable</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">s</span> <span class="pl-c1">==</span> <span class="pl-en">r</span><span class="pl-c1">))))</span> <span class="pl-c">//and if r is a freeable heap region, s can only be r (no regions strictly below r)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-s"><span class="pl-pds">"</span>opaque_to_smt<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">unfold</span> <span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">tip_top_predicate</span> <span class="pl-c1">(</span><span class="pl-en">tip</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">hmap</span><span class="pl-c1">)</span> <span class="pl-c1">:Type0</span> <span class="pl-c1">=</span>
+  <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">sid</span><span class="pl-c1">).</span> <span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">is_in</span><span class="pl-c1">`</span> <span class="pl-en">h</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">is_above</span><span class="pl-c1">`</span> <span class="pl-en">tip</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">rid_last_component</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-c1">GTot</span> <span class="pl-c1">int</span>
+  <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-k">open</span> <span class="pl-smi">FStar.List.Tot</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">r</span> <span class="pl-c1">=</span> <span class="pl-en">reveal</span> <span class="pl-en">r</span> <span class="pl-k">in</span>
+    <span class="pl-k">if</span> <span class="pl-en">length</span> <span class="pl-en">r</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-c1">0</span>
+    <span class="pl-k">else</span> <span class="pl-en">snd</span> <span class="pl-c1">(</span><span class="pl-en">hd</span> <span class="pl-en">r</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-s"><span class="pl-pds">"</span>opaque_to_smt<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">unfold</span> <span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">rid_ctr_pred_predicate</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">hmap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:int)</span> <span class="pl-c1">:Type0</span> <span class="pl-c1">=</span>
+  <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">).</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">rid_last_component</span> <span class="pl-en">r</span> &lt; <span class="pl-en">n</span></pre></div>
+<p>***** Mem definition *****</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@ <span class="pl-en">remove_unused_type_parameters</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">]]</span>
+<span class="pl-k">val</span> <span class="pl-en">map_invariant</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">hmap</span><span class="pl-c1">)</span> <span class="pl-c1">:Type0</span>  <span class="pl-c">//all regions above a contained region are contained</span>
+<span class="pl-c1">[</span>@@ <span class="pl-en">remove_unused_type_parameters</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">]]</span>
+<span class="pl-k">val</span> <span class="pl-en">downward_closed</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">hmap</span><span class="pl-c1">)</span> <span class="pl-c1">:Type0</span>  <span class="pl-c">//regions below a non-root region are of the same color</span>
+<span class="pl-c1">[</span>@@ <span class="pl-en">remove_unused_type_parameters</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">;</span><span class="pl-c1">1</span><span class="pl-c1">]]</span>
+<span class="pl-k">val</span> <span class="pl-en">tip_top</span> <span class="pl-c1">(</span><span class="pl-en">tip</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">hmap</span><span class="pl-c1">)</span> <span class="pl-c1">:Type0</span>  <span class="pl-c">//all contained stack regions are above tip</span>
+<span class="pl-c1">[</span>@@ <span class="pl-en">remove_unused_type_parameters</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">;</span><span class="pl-c1">1</span><span class="pl-c1">]]</span>
+<span class="pl-k">val</span> <span class="pl-en">rid_ctr_pred</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">hmap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:int)</span> <span class="pl-c1">:Type0</span>  <span class="pl-c">//all live regions have last component less than the rid_ctr</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">is_tip</span> <span class="pl-c1">(</span><span class="pl-en">tip</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">hmap</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">(</span><span class="pl-en">is_stack_region</span> <span class="pl-en">tip</span> <span class="pl-c1">\/</span> <span class="pl-en">tip</span> <span class="pl-c1">=</span> <span class="pl-en">root</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>  <span class="pl-c">//the tip is a stack region, or the root</span>
+  <span class="pl-en">tip</span> <span class="pl-c1">`</span><span class="pl-en">is_in</span><span class="pl-c1">`</span> <span class="pl-en">h</span>                      <span class="pl-c1">/\</span>   <span class="pl-c">//the tip is live</span>
+  <span class="pl-en">tip_top</span> <span class="pl-en">tip</span> <span class="pl-en">h</span>                          <span class="pl-c">//any other sid activation is a above (or equal to) the tip</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">is_wf_with_ctr_and_tip</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">hmap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ctr</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">tip</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-en">rid_freeable</span> <span class="pl-en">root</span><span class="pl-c1">))</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">root</span> <span class="pl-c1">`</span><span class="pl-en">is_in</span><span class="pl-c1">`</span> <span class="pl-en">h</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">tip</span> <span class="pl-c1">`</span><span class="pl-en">is_tip</span><span class="pl-c1">`</span> <span class="pl-en">h</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">map_invariant</span> <span class="pl-en">h</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">downward_closed</span> <span class="pl-en">h</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">rid_ctr_pred</span> <span class="pl-en">h</span> <span class="pl-en">ctr</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">mem'</span> <span class="pl-c1">:Type</span> <span class="pl-c1">u#</span><span class="pl-c1">1</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">mk_mem</span> <span class="pl-c1">(</span><span class="pl-en">rid_ctr</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">hmap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">tip</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-en">mem'</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">get_hmap</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">mem'</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-en">hmap</span>
+<span class="pl-k">val</span> <span class="pl-en">get_rid_ctr</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">mem'</span><span class="pl-c1">)</span> <span class="pl-c1">:int</span>
+<span class="pl-k">val</span> <span class="pl-en">get_tip</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">mem'</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-en">rid</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">lemma_mk_mem'_projectors</span> <span class="pl-c1">(</span><span class="pl-en">rid_ctr</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">hmap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">tip</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-en">m</span> <span class="pl-c1">=</span> <span class="pl-en">mk_mem</span> <span class="pl-en">rid_ctr</span> <span class="pl-en">h</span> <span class="pl-en">tip</span> <span class="pl-k">in</span>
+                <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-en">m</span> <span class="pl-c1">==</span> <span class="pl-en">h</span> <span class="pl-c1">/\</span> <span class="pl-en">get_rid_ctr</span> <span class="pl-en">m</span> <span class="pl-c1">==</span> <span class="pl-en">rid_ctr</span> <span class="pl-c1">/\</span> <span class="pl-en">get_tip</span> <span class="pl-en">m</span> <span class="pl-c1">==</span> <span class="pl-en">tip</span><span class="pl-c1">)))</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPatOr</span> <span class="pl-c1">[[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-c1">(</span><span class="pl-en">mk_mem</span> <span class="pl-en">rid_ctr</span> <span class="pl-en">h</span> <span class="pl-en">tip</span><span class="pl-c1">))];</span>
+                <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">get_rid_ctr</span> <span class="pl-c1">(</span><span class="pl-en">mk_mem</span> <span class="pl-en">rid_ctr</span> <span class="pl-en">h</span> <span class="pl-en">tip</span><span class="pl-c1">))];</span>
+            <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">get_tip</span> <span class="pl-c1">(</span><span class="pl-en">mk_mem</span> <span class="pl-en">rid_ctr</span> <span class="pl-en">h</span> <span class="pl-en">tip</span><span class="pl-c1">))]</span>
+            <span class="pl-c1">]]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">mem</span> <span class="pl-c1">:Type</span> <span class="pl-c1">=</span> <span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">mem'</span><span class="pl-c1">{</span><span class="pl-en">is_wf_with_ctr_and_tip</span> <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">get_rid_ctr</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">get_tip</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-c1">}</span></pre></div>
+<p>***** Lemmas about mem and predicates *****</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">lemma_mem_projectors_are_in_wf_relation</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">is_wf_with_ctr_and_tip</span> <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">get_rid_ctr</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">get_tip</span> <span class="pl-en">m</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">lemma_is_wf_ctr_and_tip_intro</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">hmap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ctr</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">tip</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">root</span> <span class="pl-c1">`</span><span class="pl-en">is_in</span><span class="pl-c1">`</span> <span class="pl-en">h</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-en">is_stack_region</span> <span class="pl-en">tip</span> <span class="pl-c1">\/</span> <span class="pl-en">tip</span> <span class="pl-c1">=</span> <span class="pl-en">root</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>  <span class="pl-en">tip</span> <span class="pl-c1">`</span><span class="pl-en">is_in</span><span class="pl-c1">`</span> <span class="pl-en">h</span> <span class="pl-c1">/\</span>
+                    <span class="pl-en">tip_top_predicate</span> <span class="pl-en">tip</span> <span class="pl-en">h</span> <span class="pl-c1">/\</span> <span class="pl-en">map_invariant_predicate</span> <span class="pl-en">h</span> <span class="pl-c1">/\</span>
+                    <span class="pl-en">downward_closed_predicate</span> <span class="pl-en">h</span> <span class="pl-c1">/\</span> <span class="pl-en">rid_ctr_pred_predicate</span> <span class="pl-en">h</span> <span class="pl-en">ctr</span><span class="pl-c1">))</span>
+     <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">is_wf_with_ctr_and_tip</span> <span class="pl-en">h</span> <span class="pl-en">ctr</span> <span class="pl-en">tip</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">lemma_is_wf_ctr_and_tip_elim</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-en">h</span><span class="pl-c1">,</span> <span class="pl-en">rid_ctr</span><span class="pl-c1">,</span> <span class="pl-en">tip</span> <span class="pl-c1">=</span> <span class="pl-en">get_hmap</span> <span class="pl-en">m</span><span class="pl-c1">,</span> <span class="pl-en">get_rid_ctr</span> <span class="pl-en">m</span><span class="pl-c1">,</span> <span class="pl-en">get_tip</span> <span class="pl-en">m</span> <span class="pl-k">in</span>
+          <span class="pl-c1">(</span><span class="pl-en">root</span> <span class="pl-c1">`</span><span class="pl-en">is_in</span><span class="pl-c1">`</span> <span class="pl-en">h</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-en">is_stack_region</span> <span class="pl-en">tip</span> <span class="pl-c1">\/</span> <span class="pl-en">tip</span> <span class="pl-c1">=</span> <span class="pl-en">root</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>  <span class="pl-en">tip</span> <span class="pl-c1">`</span><span class="pl-en">is_in</span><span class="pl-c1">`</span> <span class="pl-en">h</span> <span class="pl-c1">/\</span>
+       <span class="pl-en">tip_top_predicate</span> <span class="pl-en">tip</span> <span class="pl-en">h</span> <span class="pl-c1">/\</span> <span class="pl-en">map_invariant_predicate</span> <span class="pl-en">h</span> <span class="pl-c1">/\</span>
+           <span class="pl-en">downward_closed_predicate</span> <span class="pl-en">h</span> <span class="pl-c1">/\</span> <span class="pl-en">rid_ctr_pred_predicate</span> <span class="pl-en">h</span> <span class="pl-en">rid_ctr</span><span class="pl-c1">))</span></pre></div>
+<p>****** map_invariant related lemmas *****</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_map_invariant</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">is_in</span><span class="pl-c1">`</span> <span class="pl-en">get_hmap</span> <span class="pl-en">m</span> <span class="pl-c1">/\</span> <span class="pl-en">s</span> <span class="pl-c1">`</span><span class="pl-en">is_above</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">s</span> <span class="pl-c1">`</span><span class="pl-en">is_in</span><span class="pl-c1">`</span> <span class="pl-en">get_hmap</span> <span class="pl-en">m</span><span class="pl-c1">))</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">is_in</span><span class="pl-c1">`</span> <span class="pl-en">get_hmap</span> <span class="pl-en">m</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">s</span> <span class="pl-c1">`</span><span class="pl-en">is_above</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">s</span> <span class="pl-c1">`</span><span class="pl-en">is_in</span><span class="pl-c1">`</span> <span class="pl-en">get_hmap</span> <span class="pl-en">m</span><span class="pl-c1">)]</span></pre></div>
+<p>***** downward_closed related lemmas ******</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_downward_closed</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">{</span><span class="pl-en">s</span> <span class="pl-c1">=</span>!<span class="pl-c1">=</span> <span class="pl-en">root</span><span class="pl-c1">})</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">is_in</span><span class="pl-c1">`</span> <span class="pl-en">get_hmap</span> <span class="pl-en">m</span> <span class="pl-c1">/\</span> <span class="pl-en">s</span> <span class="pl-c1">`</span><span class="pl-en">is_above</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">is_heap_color</span> <span class="pl-c1">(</span><span class="pl-en">color</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">is_heap_color</span> <span class="pl-c1">(</span><span class="pl-en">color</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+                <span class="pl-en">is_stack_region</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-en">is_stack_region</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPatOr</span> <span class="pl-c1">[[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">s</span> <span class="pl-c1">`</span><span class="pl-en">is_above</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">is_heap_color</span> <span class="pl-c1">(</span><span class="pl-en">color</span> <span class="pl-en">s</span><span class="pl-c1">))];</span>
+                    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">s</span> <span class="pl-c1">`</span><span class="pl-en">is_above</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">is_stack_region</span> <span class="pl-en">s</span><span class="pl-c1">)]</span>
+                    <span class="pl-c1">]]</span></pre></div>
+<p>***** tip_top related lemmas *****</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_tip_top</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">sid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">is_in</span><span class="pl-c1">`</span> <span class="pl-en">get_hmap</span> <span class="pl-en">m</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">is_above</span><span class="pl-c1">`</span> <span class="pl-en">get_tip</span> <span class="pl-en">m</span><span class="pl-c1">)</span></pre></div>
+<ul>
+<li>Pointer uses lemma_tip_top by calling it explicitly with Classical.forall_intro2</li>
+<li>Classical.forall_intro2 does not work well with SMTPat</li>
+<li>So adding this smt form of the same lemma</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_tip_top_smt</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">is_stack_region</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">is_in</span><span class="pl-c1">`</span> <span class="pl-en">get_hmap</span> <span class="pl-en">m</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">is_above</span><span class="pl-c1">`</span> <span class="pl-en">get_tip</span> <span class="pl-en">m</span><span class="pl-c1">))</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPatOr</span> <span class="pl-c1">[[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">is_stack_region</span> <span class="pl-en">r</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">is_above</span><span class="pl-c1">`</span> <span class="pl-en">get_tip</span> <span class="pl-en">m</span><span class="pl-c1">)];</span>
+                    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">is_stack_region</span> <span class="pl-en">r</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">is_in</span><span class="pl-c1">`</span> <span class="pl-en">get_hmap</span> <span class="pl-en">m</span><span class="pl-c1">)]]]</span></pre></div>
+<p>***** rid_ctr_pred related lemmas *****</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_rid_ctr_pred</span> <span class="pl-c1">(</span><span class="pl-c1">_</span><span class="pl-c1">:unit)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">).{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">)}</span> <span class="pl-en">get_hmap</span> <span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">rid_last_component</span> <span class="pl-en">r</span> &lt; <span class="pl-en">get_rid_ctr</span> <span class="pl-en">m</span><span class="pl-c1">)</span></pre></div>
+<hr>
+<p>***** Operations on mem *****</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">empty_mem</span> <span class="pl-c1">:</span> <span class="pl-en">mem</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">empty_map</span> <span class="pl-c1">=</span> <span class="pl-smi">Map.</span><span class="pl-en">restrict</span> <span class="pl-smi">Set.</span><span class="pl-en">empty</span> <span class="pl-c1">(</span><span class="pl-smi">Map.</span><span class="pl-en">const</span> <span class="pl-smi">Heap.</span><span class="pl-en">emp</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">h</span> <span class="pl-c1">=</span> <span class="pl-smi">Map.</span><span class="pl-en">upd</span> <span class="pl-en">empty_map</span> <span class="pl-en">root</span> <span class="pl-smi">Heap.</span><span class="pl-en">emp</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">tip</span> <span class="pl-c1">=</span> <span class="pl-en">root</span> <span class="pl-k">in</span>
+  <span class="pl-k">assume</span> <span class="pl-c1">(</span><span class="pl-en">rid_last_component</span> <span class="pl-en">root</span> <span class="pl-c1">==</span> <span class="pl-c1">0</span><span class="pl-c1">);</span>
+  <span class="pl-en">lemma_is_wf_ctr_and_tip_intro</span> <span class="pl-en">h</span> <span class="pl-c1">1</span> <span class="pl-en">tip</span><span class="pl-c1">;</span>
+  <span class="pl-en">mk_mem</span> <span class="pl-c1">1</span> <span class="pl-en">h</span> <span class="pl-en">tip</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">heap_region_does_not_overlap_with_tip</span>
+  <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">{</span><span class="pl-en">is_heap_color</span> <span class="pl-c1">(</span><span class="pl-en">color</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-en">disjoint</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">get_tip</span> <span class="pl-en">m</span><span class="pl-c1">))</span> <span class="pl-c1">/\</span> <span class="pl-en">r</span> <span class="pl-c1">=</span>!<span class="pl-c1">=</span> <span class="pl-en">root</span> <span class="pl-c1">/\</span> <span class="pl-en">is_stack_region</span> <span class="pl-c1">(</span><span class="pl-en">get_tip</span> <span class="pl-en">m</span><span class="pl-c1">)})</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+          <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(~</span> <span class="pl-c1">(</span><span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">is_in</span><span class="pl-c1">`</span> <span class="pl-en">get_hmap</span> <span class="pl-en">m</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">=</span> <span class="pl-en">root_has_color_zero</span><span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">poppable</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">get_tip</span> <span class="pl-en">m</span> <span class="pl-c1">=</span>!<span class="pl-c1">=</span> <span class="pl-en">root</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">remove_elt</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-smi">Set.</span><span class="pl-en">intersect</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">complement</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">singleton</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">popped</span> <span class="pl-c1">(</span><span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">poppable</span> <span class="pl-en">m0</span> <span class="pl-c1">/\</span>
+  <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-en">h0</span><span class="pl-c1">,</span> <span class="pl-en">tip0</span><span class="pl-c1">,</span> <span class="pl-en">h1</span><span class="pl-c1">,</span> <span class="pl-en">tip1</span> <span class="pl-c1">=</span> <span class="pl-en">get_hmap</span> <span class="pl-en">m0</span><span class="pl-c1">,</span> <span class="pl-en">get_tip</span> <span class="pl-en">m0</span><span class="pl-c1">,</span> <span class="pl-en">get_hmap</span> <span class="pl-en">m1</span><span class="pl-c1">,</span> <span class="pl-en">get_tip</span> <span class="pl-en">m1</span> <span class="pl-k">in</span>
+   <span class="pl-c1">(</span><span class="pl-en">parent</span> <span class="pl-en">tip0</span> <span class="pl-c1">=</span> <span class="pl-en">tip1</span> <span class="pl-c1">/\</span>
+    <span class="pl-smi">Set.</span><span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-smi">Map.</span><span class="pl-en">domain</span> <span class="pl-en">h1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">remove_elt</span> <span class="pl-c1">(</span><span class="pl-smi">Map.</span><span class="pl-en">domain</span> <span class="pl-en">h0</span><span class="pl-c1">)</span> <span class="pl-en">tip0</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+    <span class="pl-smi">Map.</span><span class="pl-en">equal</span> <span class="pl-en">h1</span> <span class="pl-c1">(</span><span class="pl-smi">Map.</span><span class="pl-en">restrict</span> <span class="pl-c1">(</span><span class="pl-smi">Map.</span><span class="pl-en">domain</span> <span class="pl-en">h1</span><span class="pl-c1">)</span> <span class="pl-en">h0</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">pop</span> <span class="pl-c1">(</span><span class="pl-en">m0</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">{</span><span class="pl-en">poppable</span> <span class="pl-en">m0</span><span class="pl-c1">})</span> <span class="pl-c1">:</span><span class="pl-en">mem</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">h0</span><span class="pl-c1">,</span> <span class="pl-en">tip0</span><span class="pl-c1">,</span> <span class="pl-en">rid_ctr0</span> <span class="pl-c1">=</span> <span class="pl-en">get_hmap</span> <span class="pl-en">m0</span><span class="pl-c1">,</span> <span class="pl-en">get_tip</span> <span class="pl-en">m0</span><span class="pl-c1">,</span> <span class="pl-en">get_rid_ctr</span> <span class="pl-en">m0</span> <span class="pl-k">in</span>
+  <span class="pl-en">root_has_color_zero</span><span class="pl-c1">();</span>
+  <span class="pl-en">lemma_is_wf_ctr_and_tip_elim</span> <span class="pl-en">m0</span><span class="pl-c1">;</span>
+  <span class="pl-k">let</span> <span class="pl-en">dom</span> <span class="pl-c1">=</span> <span class="pl-en">remove_elt</span> <span class="pl-c1">(</span><span class="pl-smi">Map.</span><span class="pl-en">domain</span> <span class="pl-en">h0</span><span class="pl-c1">)</span> <span class="pl-en">tip0</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">h1</span> <span class="pl-c1">=</span> <span class="pl-smi">Map.</span><span class="pl-en">restrict</span> <span class="pl-en">dom</span> <span class="pl-en">h0</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">tip1</span> <span class="pl-c1">=</span> <span class="pl-en">parent</span> <span class="pl-en">tip0</span> <span class="pl-k">in</span>
+  <span class="pl-en">lemma_is_wf_ctr_and_tip_intro</span> <span class="pl-en">h1</span> <span class="pl-en">rid_ctr0</span> <span class="pl-en">tip1</span><span class="pl-c1">;</span>
+  <span class="pl-en">mk_mem</span> <span class="pl-en">rid_ctr0</span> <span class="pl-en">h1</span> <span class="pl-en">tip1</span></pre></div>
+<p>A (reference a) may reside in the stack or heap, and may be manually managed
+Mark it private so that clients can't use its projectors etc.
+enabling extraction of mreference to just a reference in ML and pointer in C
+note that this not enforcing any abstraction</p>
+<ul>
+<li>AR: 12/26: Defining it using Heap.mref directly, removing the HyperHeap.mref indirection</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">noeq</span>
+<span class="pl-k">type</span> <span class="pl-en">mreference'</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">MkRef</span> <span class="pl-c1">:</span> <span class="pl-en">frame</span><span class="pl-c1">:</span><span class="pl-en">rid</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">ref</span><span class="pl-c1">:</span><span class="pl-smi">Heap.</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mreference'</span> <span class="pl-en">a</span> <span class="pl-en">rel</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span> <span class="pl-c1">=</span> <span class="pl-en">mreference'</span> <span class="pl-en">a</span> <span class="pl-en">rel</span></pre></div>
+<p>TODO: rename to frame_of, avoiding the inconsistent use of camelCase</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">frameOf</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-en">rid</span>
+  <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">frame</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mk_mreference</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">id</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+                  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-smi">Heap.</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span>
+  <span class="pl-c1">=</span> <span class="pl-c1">MkRef</span> <span class="pl-en">id</span> <span class="pl-en">r</span></pre></div>
+<p>Hopefully we can get rid of this one</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">as_ref</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-smi">Heap.</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span></pre></div>
+<p>And make this one abstract</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">as_addr</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">rel</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">GTot</span> <span class="pl-c1">pos</span>
+  <span class="pl-c1">=</span> <span class="pl-smi">Heap.</span><span class="pl-en">addr_of</span> <span class="pl-c1">(</span><span class="pl-en">as_ref</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_as_ref_inj</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">mk_mreference</span> <span class="pl-c1">(</span><span class="pl-en">frameOf</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">as_ref</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">as_ref</span> <span class="pl-en">r</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">is_mm</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-c1">GTot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span>
+  <span class="pl-smi">Heap.</span><span class="pl-en">is_mm</span> <span class="pl-c1">(</span><span class="pl-en">as_ref</span> <span class="pl-en">r</span><span class="pl-c1">)</span></pre></div>
+<p>Warning: all of the type aliases below get special support for KreMLin
+extraction. If you rename or add to this list,
+src/extraction/FStar.Extraction.Kremlin.fs needs to be updated.</p>
+<p>adding (not s.mm) to stackref and ref so as to keep their semantics as is</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mstackref</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">{</span> <span class="pl-en">is_stack_region</span> <span class="pl-c1">(</span><span class="pl-en">frameOf</span> <span class="pl-en">s</span><span class="pl-c1">)</span>  <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-en">is_mm</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mref</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">{</span> <span class="pl-en">is_eternal_region_hs</span> <span class="pl-c1">(</span><span class="pl-en">frameOf</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-en">is_mm</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mmmstackref</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">{</span> <span class="pl-en">is_stack_region</span> <span class="pl-c1">(</span><span class="pl-en">frameOf</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">is_mm</span> <span class="pl-en">s</span> <span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mmmref</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">{</span> <span class="pl-en">is_eternal_region_hs</span> <span class="pl-c1">(</span><span class="pl-en">frameOf</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">is_mm</span> <span class="pl-en">s</span> <span class="pl-c1">}</span></pre></div>
+<p>NS: Why do we need this one?</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">s_mref</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">{</span><span class="pl-en">frameOf</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-en">i</span><span class="pl-c1">}</span></pre></div>
+<ul>
+<li>AR: this used to be (is_eternal_region i / i <code>is_above</code> m.tip) /\ Map.contains ...</li>
+<li>
+<pre><code>As far as the memory model is concerned, this should just be Map.contains
+</code></pre>
+</li>
+<li>
+<pre><code>The fact that an eternal region is always contained (because of monotonicity) should be used in the ST interface
+</code></pre>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">live_region</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">:bool</span> <span class="pl-c1">=</span> <span class="pl-en">get_hmap</span> <span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">i</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">contains</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-c1">GTot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">frameOf</span> <span class="pl-en">s</span> <span class="pl-k">in</span>
+  <span class="pl-en">live_region</span> <span class="pl-en">m</span> <span class="pl-en">i</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-c1">(</span><span class="pl-smi">FStar.StrongExcludedMiddle.</span><span class="pl-en">strong_excluded_middle</span> <span class="pl-c1">(</span><span class="pl-smi">Heap.</span><span class="pl-en">contains</span> <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">sel</span><span class="pl-c1">`</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">as_ref</span> <span class="pl-en">s</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">unused_in</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-c1">GTot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">h</span> <span class="pl-c1">=</span> <span class="pl-en">get_hmap</span> <span class="pl-en">m</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">frameOf</span> <span class="pl-en">r</span> <span class="pl-k">in</span>
+  <span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">||</span>
+  <span class="pl-smi">FStar.StrongExcludedMiddle.</span><span class="pl-en">strong_excluded_middle</span> <span class="pl-c1">(</span><span class="pl-smi">Heap.</span><span class="pl-en">unused_in</span> <span class="pl-c1">(</span><span class="pl-en">as_ref</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">sel</span><span class="pl-c1">`</span> <span class="pl-en">i</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">contains_ref_in_its_region</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-c1">GTot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">frameOf</span> <span class="pl-en">r</span> <span class="pl-k">in</span>
+  <span class="pl-smi">FStar.StrongExcludedMiddle.</span><span class="pl-en">strong_excluded_middle</span> <span class="pl-c1">(</span><span class="pl-smi">Heap.</span><span class="pl-en">contains</span> <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">sel</span><span class="pl-c1">`</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">as_ref</span> <span class="pl-en">r</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">fresh_ref</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m0</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">:Type0</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">frameOf</span> <span class="pl-en">r</span> <span class="pl-k">in</span>
+  <span class="pl-smi">Heap.</span><span class="pl-en">fresh</span> <span class="pl-c1">(</span><span class="pl-en">as_ref</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-en">m0</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">sel</span><span class="pl-c1">`</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-en">m1</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">sel</span><span class="pl-c1">`</span> <span class="pl-en">i</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">fresh_region</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m0</span> <span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-en">m0</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">get_hmap</span> <span class="pl-en">m1</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">i</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">sel</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-c1">GTot</span> <span class="pl-en">a</span>
+  <span class="pl-c1">=</span> <span class="pl-smi">Heap.</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">sel</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">frameOf</span> <span class="pl-en">s</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">as_ref</span> <span class="pl-en">s</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">upd</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">{</span><span class="pl-en">live_region</span> <span class="pl-en">m</span> <span class="pl-c1">(</span><span class="pl-en">frameOf</span> <span class="pl-en">s</span><span class="pl-c1">)})</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">GTot</span> <span class="pl-en">mem</span>
+  <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-en">h</span><span class="pl-c1">,</span> <span class="pl-en">rid_ctr</span><span class="pl-c1">,</span> <span class="pl-en">tip</span> <span class="pl-c1">=</span> <span class="pl-en">get_hmap</span> <span class="pl-en">m</span><span class="pl-c1">,</span> <span class="pl-en">get_rid_ctr</span> <span class="pl-en">m</span><span class="pl-c1">,</span> <span class="pl-en">get_tip</span> <span class="pl-en">m</span> <span class="pl-k">in</span>
+    <span class="pl-en">lemma_is_wf_ctr_and_tip_elim</span> <span class="pl-en">m</span><span class="pl-c1">;</span>
+    <span class="pl-k">let</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">frameOf</span> <span class="pl-en">s</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">h</span> <span class="pl-c1">=</span> <span class="pl-smi">Map.</span><span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">i</span> <span class="pl-c1">(</span><span class="pl-smi">Heap.</span><span class="pl-en">upd</span> <span class="pl-c1">(</span><span class="pl-smi">Map.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">as_ref</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+    <span class="pl-en">lemma_is_wf_ctr_and_tip_intro</span> <span class="pl-en">h</span> <span class="pl-en">rid_ctr</span> <span class="pl-en">tip</span><span class="pl-c1">;</span>
+    <span class="pl-en">mk_mem</span> <span class="pl-en">rid_ctr</span> <span class="pl-en">h</span> <span class="pl-en">tip</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">alloc</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">id</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">init</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">mm</span><span class="pl-c1">:bool)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">{</span><span class="pl-en">get_hmap</span> <span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">id</span><span class="pl-c1">})</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span> * <span class="pl-en">mem</span><span class="pl-c1">){</span><span class="pl-k">let</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">,</span> <span class="pl-en">h</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-smi">Heap.</span><span class="pl-en">alloc</span> <span class="pl-en">rel</span> <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">sel</span><span class="pl-c1">`</span> <span class="pl-en">id</span><span class="pl-c1">)</span> <span class="pl-en">init</span> <span class="pl-en">mm</span> <span class="pl-k">in</span>
+                                   <span class="pl-en">as_ref</span> <span class="pl-c1">(</span><span class="pl-en">fst</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span>
+                                   <span class="pl-en">get_hmap</span> <span class="pl-c1">(</span><span class="pl-en">snd</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-smi">Map.</span><span class="pl-en">upd</span> <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-en">id</span> <span class="pl-en">h</span><span class="pl-c1">})</span>
+  <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-en">h</span><span class="pl-c1">,</span> <span class="pl-en">rid_ctr</span><span class="pl-c1">,</span> <span class="pl-en">tip</span> <span class="pl-c1">=</span> <span class="pl-en">get_hmap</span> <span class="pl-en">m</span><span class="pl-c1">,</span> <span class="pl-en">get_rid_ctr</span> <span class="pl-en">m</span><span class="pl-c1">,</span> <span class="pl-en">get_tip</span> <span class="pl-en">m</span> <span class="pl-k">in</span>
+    <span class="pl-en">lemma_is_wf_ctr_and_tip_elim</span> <span class="pl-en">m</span><span class="pl-c1">;</span>
+    <span class="pl-k">let</span> <span class="pl-en">r</span><span class="pl-c1">,</span> <span class="pl-en">id_h</span> <span class="pl-c1">=</span> <span class="pl-smi">Heap.</span><span class="pl-en">alloc</span> <span class="pl-en">rel</span> <span class="pl-c1">(</span><span class="pl-smi">Map.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">id</span><span class="pl-c1">)</span> <span class="pl-en">init</span> <span class="pl-en">mm</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">h</span> <span class="pl-c1">=</span> <span class="pl-smi">Map.</span><span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">id</span> <span class="pl-en">id_h</span> <span class="pl-k">in</span>
+    <span class="pl-en">lemma_is_wf_ctr_and_tip_intro</span> <span class="pl-en">h</span> <span class="pl-en">rid_ctr</span> <span class="pl-en">tip</span><span class="pl-c1">;</span>
+    <span class="pl-c1">(</span><span class="pl-en">mk_mreference</span> <span class="pl-en">id</span> <span class="pl-en">r</span><span class="pl-c1">),</span> <span class="pl-en">mk_mem</span> <span class="pl-en">rid_ctr</span> <span class="pl-en">h</span> <span class="pl-en">tip</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">free</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">{</span><span class="pl-en">is_mm</span> <span class="pl-en">r</span><span class="pl-c1">})</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">{</span><span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">})</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Tot</span> <span class="pl-en">mem</span>
+  <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-en">h</span><span class="pl-c1">,</span> <span class="pl-en">rid_ctr</span><span class="pl-c1">,</span> <span class="pl-en">tip</span> <span class="pl-c1">=</span> <span class="pl-en">get_hmap</span> <span class="pl-en">m</span><span class="pl-c1">,</span> <span class="pl-en">get_rid_ctr</span> <span class="pl-en">m</span><span class="pl-c1">,</span> <span class="pl-en">get_tip</span> <span class="pl-en">m</span> <span class="pl-k">in</span>
+    <span class="pl-en">lemma_is_wf_ctr_and_tip_elim</span> <span class="pl-en">m</span><span class="pl-c1">;</span>
+    <span class="pl-k">let</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">frameOf</span> <span class="pl-en">r</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">i_h</span> <span class="pl-c1">=</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">sel</span><span class="pl-c1">`</span> <span class="pl-en">i</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">i_h</span> <span class="pl-c1">=</span> <span class="pl-smi">Heap.</span><span class="pl-en">free_mm</span> <span class="pl-en">i_h</span> <span class="pl-c1">(</span><span class="pl-en">as_ref</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">h</span> <span class="pl-c1">=</span> <span class="pl-smi">Map.</span><span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">i</span> <span class="pl-en">i_h</span> <span class="pl-k">in</span>
+    <span class="pl-en">lemma_is_wf_ctr_and_tip_intro</span> <span class="pl-en">h</span> <span class="pl-en">rid_ctr</span> <span class="pl-en">tip</span><span class="pl-c1">;</span>
+    <span class="pl-en">mk_mem</span> <span class="pl-en">rid_ctr</span> <span class="pl-en">h</span> <span class="pl-en">tip</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">upd_tot</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">{</span><span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">})</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Tot</span> <span class="pl-en">mem</span>
+  <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-en">h</span><span class="pl-c1">,</span> <span class="pl-en">rid_ctr</span><span class="pl-c1">,</span> <span class="pl-en">tip</span> <span class="pl-c1">=</span> <span class="pl-en">get_hmap</span> <span class="pl-en">m</span><span class="pl-c1">,</span> <span class="pl-en">get_rid_ctr</span> <span class="pl-en">m</span><span class="pl-c1">,</span> <span class="pl-en">get_tip</span> <span class="pl-en">m</span> <span class="pl-k">in</span>
+    <span class="pl-en">lemma_is_wf_ctr_and_tip_elim</span> <span class="pl-en">m</span><span class="pl-c1">;</span>
+    <span class="pl-k">let</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">frameOf</span> <span class="pl-en">r</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">i_h</span> <span class="pl-c1">=</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">sel</span><span class="pl-c1">`</span> <span class="pl-en">i</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">i_h</span> <span class="pl-c1">=</span> <span class="pl-smi">Heap.</span><span class="pl-en">upd_tot</span> <span class="pl-en">i_h</span> <span class="pl-c1">(</span><span class="pl-en">as_ref</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">v</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">h</span> <span class="pl-c1">=</span> <span class="pl-smi">Map.</span><span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">i</span> <span class="pl-en">i_h</span> <span class="pl-k">in</span>
+    <span class="pl-en">lemma_is_wf_ctr_and_tip_intro</span> <span class="pl-en">h</span> <span class="pl-en">rid_ctr</span> <span class="pl-en">tip</span><span class="pl-c1">;</span>
+    <span class="pl-en">mk_mem</span> <span class="pl-en">rid_ctr</span> <span class="pl-en">h</span> <span class="pl-en">tip</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">sel_tot</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">{</span><span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">})</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Tot</span> <span class="pl-en">a</span>
+  <span class="pl-c1">=</span> <span class="pl-smi">Heap.</span><span class="pl-en">sel_tot</span> <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">sel</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">frameOf</span> <span class="pl-en">r</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">as_ref</span> <span class="pl-en">r</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">fresh_frame</span> <span class="pl-c1">(</span><span class="pl-en">m0</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-en">m0</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">get_tip</span> <span class="pl-en">m1</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+  <span class="pl-en">parent</span> <span class="pl-c1">(</span><span class="pl-en">get_tip</span> <span class="pl-en">m1</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">get_tip</span> <span class="pl-en">m0</span>  <span class="pl-c1">/\</span>
+  <span class="pl-en">get_hmap</span> <span class="pl-en">m1</span> <span class="pl-c1">==</span> <span class="pl-smi">Map.</span><span class="pl-en">upd</span> <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-en">m0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">get_tip</span> <span class="pl-en">m1</span><span class="pl-c1">)</span> <span class="pl-smi">Heap.</span><span class="pl-en">emp</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">hs_push_frame</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">m'</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">{</span><span class="pl-en">fresh_frame</span> <span class="pl-en">m</span> <span class="pl-en">m'</span><span class="pl-c1">})</span>
+  <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-en">h</span><span class="pl-c1">,</span> <span class="pl-en">rid_ctr</span><span class="pl-c1">,</span> <span class="pl-en">tip</span> <span class="pl-c1">=</span> <span class="pl-en">get_hmap</span> <span class="pl-en">m</span><span class="pl-c1">,</span> <span class="pl-en">get_rid_ctr</span> <span class="pl-en">m</span><span class="pl-c1">,</span> <span class="pl-en">get_tip</span> <span class="pl-en">m</span> <span class="pl-k">in</span>
+    <span class="pl-en">lemma_is_wf_ctr_and_tip_elim</span> <span class="pl-en">m</span><span class="pl-c1">;</span>
+    <span class="pl-k">let</span> <span class="pl-en">new_tip_rid</span> <span class="pl-c1">=</span> <span class="pl-en">extend</span> <span class="pl-en">tip</span> <span class="pl-en">rid_ctr</span> <span class="pl-c1">1</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">h</span> <span class="pl-c1">=</span> <span class="pl-smi">Map.</span><span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">new_tip_rid</span> <span class="pl-smi">Heap.</span><span class="pl-en">emp</span> <span class="pl-k">in</span>
+    <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">).</span> <span class="pl-c1">(</span><span class="pl-en">new_tip_rid</span> <span class="pl-c1">`</span><span class="pl-en">is_above</span><span class="pl-c1">`</span> <span class="pl-en">s</span> <span class="pl-c1">/\</span> <span class="pl-en">s</span> <span class="pl-c1">`</span><span class="pl-en">is_in</span><span class="pl-c1">`</span> <span class="pl-en">h</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-en">new_tip_rid</span><span class="pl-c1">);</span>
+    <span class="pl-en">lemma_is_wf_ctr_and_tip_intro</span> <span class="pl-en">h</span> <span class="pl-c1">(</span><span class="pl-en">rid_ctr</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">new_tip_rid</span><span class="pl-c1">;</span>
+    <span class="pl-en">mk_mem</span> <span class="pl-c1">(</span><span class="pl-en">rid_ctr</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">h</span> <span class="pl-en">new_tip_rid</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">new_eternal_region</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">parent</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">{</span><span class="pl-en">is_eternal_region_hs</span> <span class="pl-en">parent</span> <span class="pl-c1">/\</span> <span class="pl-en">get_hmap</span> <span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">parent</span><span class="pl-c1">})</span>
+                       <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span><span class="pl-en">option</span> <span class="pl-c1">int{</span><span class="pl-c1">None</span><span class="pl-c1">?</span> <span class="pl-en">c</span> <span class="pl-c1">\/</span> <span class="pl-en">is_heap_color</span> <span class="pl-c1">(</span><span class="pl-c1">Some</span><span class="pl-c1">?.</span><span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">)})</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:(</span><span class="pl-en">rid</span> * <span class="pl-en">mem</span><span class="pl-c1">){</span><span class="pl-en">fresh_region</span> <span class="pl-c1">(</span><span class="pl-en">fst</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-en">m</span> <span class="pl-c1">(</span><span class="pl-en">snd</span> <span class="pl-en">t</span><span class="pl-c1">)})</span>
+  <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-en">h</span><span class="pl-c1">,</span> <span class="pl-en">rid_ctr</span><span class="pl-c1">,</span> <span class="pl-en">tip</span> <span class="pl-c1">=</span> <span class="pl-en">get_hmap</span> <span class="pl-en">m</span><span class="pl-c1">,</span> <span class="pl-en">get_rid_ctr</span> <span class="pl-en">m</span><span class="pl-c1">,</span> <span class="pl-en">get_tip</span> <span class="pl-en">m</span> <span class="pl-k">in</span>
+    <span class="pl-en">lemma_is_wf_ctr_and_tip_elim</span> <span class="pl-en">m</span><span class="pl-c1">;</span>
+    <span class="pl-k">let</span> <span class="pl-en">new_rid</span> <span class="pl-c1">=</span>
+      <span class="pl-k">if</span> <span class="pl-c1">None</span><span class="pl-c1">?</span> <span class="pl-en">c</span> <span class="pl-k">then</span> <span class="pl-en">extend_monochrome</span> <span class="pl-en">parent</span> <span class="pl-en">rid_ctr</span>
+      <span class="pl-k">else</span> <span class="pl-en">extend</span> <span class="pl-en">parent</span> <span class="pl-en">rid_ctr</span> <span class="pl-c1">(</span><span class="pl-c1">Some</span><span class="pl-c1">?.</span><span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+    <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">h</span> <span class="pl-c1">=</span> <span class="pl-smi">Map.</span><span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">new_rid</span> <span class="pl-smi">Heap.</span><span class="pl-en">emp</span> <span class="pl-k">in</span>
+    <span class="pl-en">lemma_is_wf_ctr_and_tip_intro</span> <span class="pl-en">h</span> <span class="pl-c1">(</span><span class="pl-en">rid_ctr</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">tip</span><span class="pl-c1">;</span>
+    <span class="pl-en">new_rid</span><span class="pl-c1">,</span> <span class="pl-en">mk_mem</span> <span class="pl-c1">(</span><span class="pl-en">rid_ctr</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">h</span> <span class="pl-en">tip</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">new_freeable_heap_region</span>
+  <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">parent</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">{</span><span class="pl-en">is_eternal_region_hs</span> <span class="pl-en">parent</span> <span class="pl-c1">/\</span> <span class="pl-en">get_hmap</span> <span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">parent</span><span class="pl-c1">})</span>
+<span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">:(</span><span class="pl-en">rid</span> * <span class="pl-en">mem</span><span class="pl-c1">){</span><span class="pl-en">fresh_region</span> <span class="pl-c1">(</span><span class="pl-en">fst</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-en">m</span> <span class="pl-c1">(</span><span class="pl-en">snd</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">rid_freeable</span> <span class="pl-c1">(</span><span class="pl-en">fst</span> <span class="pl-en">t</span><span class="pl-c1">)}</span>
+<span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-en">h</span><span class="pl-c1">,</span> <span class="pl-en">rid_ctr</span><span class="pl-c1">,</span> <span class="pl-en">tip</span> <span class="pl-c1">=</span> <span class="pl-en">get_hmap</span> <span class="pl-en">m</span><span class="pl-c1">,</span> <span class="pl-en">get_rid_ctr</span> <span class="pl-en">m</span><span class="pl-c1">,</span> <span class="pl-en">get_tip</span> <span class="pl-en">m</span> <span class="pl-k">in</span>
+  <span class="pl-en">lemma_is_wf_ctr_and_tip_elim</span> <span class="pl-en">m</span><span class="pl-c1">;</span>
+  <span class="pl-k">let</span> <span class="pl-en">new_rid</span> <span class="pl-c1">=</span> <span class="pl-en">extend_monochrome_freeable</span> <span class="pl-en">parent</span> <span class="pl-en">rid_ctr</span> <span class="pl-c1">true</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">h</span> <span class="pl-c1">=</span> <span class="pl-smi">Map.</span><span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">new_rid</span> <span class="pl-smi">Heap.</span><span class="pl-en">emp</span> <span class="pl-k">in</span>
+  <span class="pl-en">lemma_is_wf_ctr_and_tip_intro</span> <span class="pl-en">h</span> <span class="pl-c1">(</span><span class="pl-en">rid_ctr</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">tip</span><span class="pl-c1">;</span>
+  <span class="pl-en">new_rid</span><span class="pl-c1">,</span> <span class="pl-en">mk_mem</span> <span class="pl-c1">(</span><span class="pl-en">rid_ctr</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">h</span> <span class="pl-en">tip</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">free_heap_region</span>
+  <span class="pl-c1">(</span><span class="pl-en">m0</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">{</span>
+    <span class="pl-en">is_heap_color</span> <span class="pl-c1">(</span><span class="pl-en">color</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">rid_freeable</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">get_hmap</span> <span class="pl-en">m0</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">})</span>
+<span class="pl-c1">:</span> <span class="pl-en">mem</span>
+<span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-en">h0</span><span class="pl-c1">,</span> <span class="pl-en">rid_ctr0</span> <span class="pl-c1">=</span> <span class="pl-en">get_hmap</span> <span class="pl-en">m0</span><span class="pl-c1">,</span> <span class="pl-en">get_rid_ctr</span> <span class="pl-en">m0</span> <span class="pl-k">in</span>
+  <span class="pl-en">lemma_is_wf_ctr_and_tip_elim</span> <span class="pl-en">m0</span><span class="pl-c1">;</span>
+  <span class="pl-k">let</span> <span class="pl-en">dom</span> <span class="pl-c1">=</span> <span class="pl-en">remove_elt</span> <span class="pl-c1">(</span><span class="pl-smi">Map.</span><span class="pl-en">domain</span> <span class="pl-en">h0</span><span class="pl-c1">)</span> <span class="pl-en">r</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">h1</span> <span class="pl-c1">=</span> <span class="pl-smi">Map.</span><span class="pl-en">restrict</span> <span class="pl-en">dom</span> <span class="pl-en">h0</span> <span class="pl-k">in</span>
+  <span class="pl-en">lemma_is_wf_ctr_and_tip_intro</span> <span class="pl-en">h1</span> <span class="pl-en">rid_ctr0</span> <span class="pl-c1">(</span><span class="pl-en">get_tip</span> <span class="pl-en">m0</span><span class="pl-c1">);</span>
+  <span class="pl-en">mk_mem</span> <span class="pl-c1">(</span><span class="pl-en">get_rid_ctr</span> <span class="pl-en">m0</span><span class="pl-c1">)</span> <span class="pl-en">h1</span> <span class="pl-c1">(</span><span class="pl-en">get_tip</span> <span class="pl-en">m0</span><span class="pl-c1">)</span></pre></div>
+<p>***** The following two lemmas are only used in FStar.Pointer.Base, and invoked explicitly *****</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_sel_same_addr</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r1</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r2</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">frameOf</span> <span class="pl-en">r1</span> <span class="pl-c1">==</span> <span class="pl-en">frameOf</span> <span class="pl-en">r2</span> <span class="pl-c1">/\</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r1</span> <span class="pl-c1">/\</span> <span class="pl-en">as_addr</span> <span class="pl-en">r1</span> <span class="pl-c1">=</span> <span class="pl-en">as_addr</span> <span class="pl-en">r2</span> <span class="pl-c1">/\</span> <span class="pl-en">is_mm</span> <span class="pl-en">r1</span> <span class="pl-c1">==</span> <span class="pl-en">is_mm</span> <span class="pl-en">r2</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r2</span> <span class="pl-c1">/\</span> <span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">r1</span> <span class="pl-c1">==</span> <span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">r2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_upd_same_addr</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r1</span> <span class="pl-en">r2</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">frameOf</span> <span class="pl-en">r1</span> <span class="pl-c1">==</span> <span class="pl-en">frameOf</span> <span class="pl-en">r2</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r1</span> <span class="pl-c1">\/</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r2</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+                    <span class="pl-en">as_addr</span> <span class="pl-en">r1</span> <span class="pl-c1">==</span> <span class="pl-en">as_addr</span> <span class="pl-en">r2</span> <span class="pl-c1">/\</span> <span class="pl-en">is_mm</span> <span class="pl-en">r1</span> <span class="pl-c1">==</span> <span class="pl-en">is_mm</span> <span class="pl-en">r2</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r1</span> <span class="pl-c1">/\</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r2</span> <span class="pl-c1">/\</span> <span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">r1</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">r2</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<p>Two references with different reads are disjoint.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mreference_distinct_sel_disjoint</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel1</span><span class="pl-c1">:</span> <span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">rel2</span><span class="pl-c1">:</span> <span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r1</span><span class="pl-c1">:</span> <span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r2</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel2</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r1</span> <span class="pl-c1">/\</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r2</span> <span class="pl-c1">/\</span> <span class="pl-en">frameOf</span> <span class="pl-en">r1</span> <span class="pl-c1">==</span> <span class="pl-en">frameOf</span> <span class="pl-en">r2</span> <span class="pl-c1">/\</span> <span class="pl-en">as_addr</span> <span class="pl-en">r1</span> <span class="pl-c1">==</span> <span class="pl-en">as_addr</span> <span class="pl-en">r2</span><span class="pl-c1">))</span>
+          <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">r1</span> <span class="pl-c1">==</span> <span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">r2</span><span class="pl-c1">))</span></pre></div>
+<ul>
+<li>AR: 12/26: modifies clauses</li>
+<li>
+<pre><code>       NOTE: the modifies clauses used to have a m0.tip == m1.tip conjunct too
+</code></pre>
+</li>
+<li>
+<pre><code>             which seemed a bit misplaced
+</code></pre>
+</li>
+<li>
+<pre><code>             removing that conjunct required very few changes (one in HACL), since ST effect gives it already
+</code></pre>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m0</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">modifies_just</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-en">m0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-en">m1</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">modifies_transitively</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m0</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-smi">FStar.Monotonic.HyperHeap.</span><span class="pl-en">modifies</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-en">m0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-en">m1</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">heap_only</span> <span class="pl-c1">(</span><span class="pl-en">m0</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">get_tip</span> <span class="pl-en">m0</span> <span class="pl-c1">==</span> <span class="pl-en">root</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">top_frame</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">get_hmap</span> <span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">sel</span><span class="pl-c1">`</span> <span class="pl-en">get_tip</span> <span class="pl-en">m</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">modifies_drop_tip</span> <span class="pl-c1">(</span><span class="pl-en">m0</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m2</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-en">rid</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">fresh_frame</span> <span class="pl-en">m0</span> <span class="pl-en">m1</span> <span class="pl-c1">/\</span> <span class="pl-en">get_tip</span> <span class="pl-en">m1</span> <span class="pl-c1">==</span> <span class="pl-en">get_tip</span> <span class="pl-en">m2</span> <span class="pl-c1">/\</span>
+             <span class="pl-en">modifies_transitively</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">union</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">singleton</span> <span class="pl-c1">(</span><span class="pl-en">get_tip</span> <span class="pl-en">m1</span><span class="pl-c1">)))</span> <span class="pl-en">m1</span> <span class="pl-en">m2</span> <span class="pl-c1">==&gt;</span>
+             <span class="pl-en">modifies_transitively</span> <span class="pl-en">s</span> <span class="pl-en">m0</span> <span class="pl-c1">(</span><span class="pl-en">pop</span> <span class="pl-en">m2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">modifies_one</span> <span class="pl-en">id</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span> <span class="pl-c1">=</span> <span class="pl-en">modifies_one</span> <span class="pl-en">id</span> <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-en">h0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-en">h1</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">modifies_ref</span> <span class="pl-c1">(</span><span class="pl-en">id</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">h0</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h1</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-smi">Heap.</span><span class="pl-en">modifies</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-en">h0</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">sel</span><span class="pl-c1">`</span> <span class="pl-en">id</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-en">h1</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">sel</span><span class="pl-c1">`</span> <span class="pl-en">id</span><span class="pl-c1">)</span></pre></div>
+<p>***** API for generating modifies clauses in the old style, should use new modifies clauses now *****</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">noeq</span> <span class="pl-k">type</span> <span class="pl-en">some_ref</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Ref</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">some_ref</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">some_refs</span> <span class="pl-c1">=</span> <span class="pl-en">list</span> <span class="pl-en">some_ref</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-s"><span class="pl-pds">"</span>opaque_to_smt<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">regions_of_some_refs</span> <span class="pl-c1">(</span><span class="pl-en">rs</span><span class="pl-c1">:</span><span class="pl-en">some_refs</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">rs</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span>         <span class="pl-c1">-&gt;</span> <span class="pl-smi">Set.</span><span class="pl-en">empty</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">(</span><span class="pl-c1">Ref</span> <span class="pl-en">r</span><span class="pl-c1">)::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">Set.</span><span class="pl-en">union</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">singleton</span> <span class="pl-c1">(</span><span class="pl-en">frameOf</span> <span class="pl-en">r</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">regions_of_some_refs</span> <span class="pl-en">tl</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-s"><span class="pl-pds">"</span>opaque_to_smt<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">refs_in_region</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">rs</span><span class="pl-c1">:</span><span class="pl-en">some_refs</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">rs</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span>         <span class="pl-c1">-&gt;</span> <span class="pl-smi">Set.</span><span class="pl-en">empty</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">(</span><span class="pl-c1">Ref</span> <span class="pl-en">x</span><span class="pl-c1">)::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-smi">Set.</span><span class="pl-en">union</span> <span class="pl-c1">(</span><span class="pl-k">if</span> <span class="pl-en">frameOf</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">r</span> <span class="pl-k">then</span> <span class="pl-smi">Set.</span><span class="pl-en">singleton</span> <span class="pl-c1">(</span><span class="pl-en">as_addr</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-k">else</span> <span class="pl-smi">Set.</span><span class="pl-en">empty</span><span class="pl-c1">)</span>
+              <span class="pl-c1">(</span><span class="pl-en">refs_in_region</span> <span class="pl-en">r</span> <span class="pl-en">tl</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-s"><span class="pl-pds">"</span>opaque_to_smt<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">modifies_some_refs</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">some_refs</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">rs</span><span class="pl-c1">:</span><span class="pl-en">some_refs</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h0</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h1</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">i</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span>         <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">(</span><span class="pl-c1">Ref</span> <span class="pl-en">x</span><span class="pl-c1">)::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">modifies_ref</span> <span class="pl-c1">(</span><span class="pl-en">frameOf</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">refs_in_region</span> <span class="pl-c1">(</span><span class="pl-en">frameOf</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-en">rs</span><span class="pl-c1">)</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+    <span class="pl-c1">(</span><span class="pl-en">modifies_some_refs</span> <span class="pl-en">tl</span> <span class="pl-en">rs</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-s"><span class="pl-pds">"</span>opaque_to_smt<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">unfold</span> <span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">norm_steps</span> <span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">norm_step</span> <span class="pl-c1">=</span></pre></div>
+<p>iota for reducing match</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span><span class="pl-en">iota</span><span class="pl-c1">;</span> <span class="pl-en">zeta</span><span class="pl-c1">;</span> <span class="pl-en">delta</span><span class="pl-c1">;</span> <span class="pl-en">delta_only</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>FStar.Monotonic.HyperStack.regions_of_some_refs<span class="pl-pds">"</span></span><span class="pl-c1">;</span>
+                                <span class="pl-s"><span class="pl-pds">"</span>FStar.Monotonic.HyperStack.refs_in_region<span class="pl-pds">"</span></span><span class="pl-c1">;</span>
+                                <span class="pl-s"><span class="pl-pds">"</span>FStar.Monotonic.HyperStack.modifies_some_refs<span class="pl-pds">"</span></span><span class="pl-c1">];</span>
+ <span class="pl-en">primops</span><span class="pl-c1">]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-s"><span class="pl-pds">"</span>opaque_to_smt<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">mods</span> <span class="pl-c1">(</span><span class="pl-en">rs</span><span class="pl-c1">:</span><span class="pl-en">some_refs</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h0</span> <span class="pl-en">h1</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">(</span><span class="pl-en">norm</span> <span class="pl-en">norm_steps</span> <span class="pl-c1">(</span><span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">regions_of_some_refs</span> <span class="pl-en">rs</span><span class="pl-c1">)</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span><span class="pl-c1">))</span> <span class="pl-c1">/\</span>
+  <span class="pl-c1">(</span><span class="pl-en">norm</span> <span class="pl-en">norm_steps</span> <span class="pl-c1">(</span><span class="pl-en">modifies_some_refs</span> <span class="pl-en">rs</span> <span class="pl-en">rs</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span><span class="pl-c1">))</span></pre></div>
+<p>////</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">eternal_disjoint_from_tip</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">{</span><span class="pl-en">is_stack_region</span> <span class="pl-c1">(</span><span class="pl-en">get_tip</span> <span class="pl-en">h</span><span class="pl-c1">)})</span>
+                              <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">{</span><span class="pl-en">is_heap_color</span> <span class="pl-c1">(</span><span class="pl-en">color</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+                                     <span class="pl-en">r</span> <span class="pl-c1">=</span>!<span class="pl-c1">=</span> <span class="pl-en">root</span> <span class="pl-c1">/\</span>
+                                     <span class="pl-en">r</span> <span class="pl-c1">`</span><span class="pl-en">is_in</span><span class="pl-c1">`</span> <span class="pl-en">get_hmap</span> <span class="pl-en">h</span><span class="pl-c1">})</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">disjoint</span> <span class="pl-c1">(</span><span class="pl-en">get_tip</span> <span class="pl-en">h</span><span class="pl-c1">)</span> <span class="pl-en">r</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">above_tip_is_live</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">frameOf</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">is_above</span><span class="pl-c1">`</span> <span class="pl-en">get_tip</span> <span class="pl-en">m</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">frameOf</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">is_in</span><span class="pl-c1">`</span> <span class="pl-en">get_hmap</span> <span class="pl-en">m</span><span class="pl-c1">))</span></pre></div>
+<p>///</p>
+<p>***** Lemmas about equality of mem *****</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_heap_equality_cancel_same_mref_upd</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">live_region</span> <span class="pl-en">h</span> <span class="pl-c1">(</span><span class="pl-en">frameOf</span> <span class="pl-en">r</span><span class="pl-c1">)))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">r</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-en">r</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">r</span> <span class="pl-en">y</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_heap_equality_upd_with_sel</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">h</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_heap_equality_commute_distinct_upds</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel_a</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">rel_b</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r1</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel_a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r2</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">b</span> <span class="pl-en">rel_b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">as_addr</span> <span class="pl-en">r1</span> <span class="pl-c1">=</span>!<span class="pl-c1">=</span> <span class="pl-en">as_addr</span> <span class="pl-en">r2</span> <span class="pl-c1">/\</span> <span class="pl-en">live_region</span> <span class="pl-en">h</span> <span class="pl-c1">(</span><span class="pl-en">frameOf</span> <span class="pl-en">r1</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">live_region</span> <span class="pl-en">h</span> <span class="pl-c1">(</span><span class="pl-en">frameOf</span> <span class="pl-en">r2</span><span class="pl-c1">)))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">r1</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-en">r2</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">upd</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">r2</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-en">r1</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_next_addr_contained_refs_addr</span> <span class="pl-c1">(</span><span class="pl-c1">_</span><span class="pl-c1">:unit)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">).</span>
+            <span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">as_addr</span> <span class="pl-en">r</span> &lt; <span class="pl-smi">Heap.</span><span class="pl-en">next_addr</span> <span class="pl-c1">(</span><span class="pl-en">get_hmap</span> <span class="pl-en">m</span> <span class="pl-c1">`</span><span class="pl-smi">Map.</span><span class="pl-en">sel</span><span class="pl-c1">`</span> <span class="pl-en">frameOf</span> <span class="pl-en">r</span><span class="pl-c1">))</span></pre></div>
+<h3>
+<a id="user-content-untyped-views-of-references" class="anchor" href="#untyped-views-of-references" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Untyped views of references</h3>
+<p>Definition and ghost decidable equality</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">aref</span><span class="pl-c1">:</span> <span class="pl-c1">Type0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">dummy_aref</span> <span class="pl-c1">:</span><span class="pl-en">aref</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">aref_equal</span> <span class="pl-c1">(</span><span class="pl-en">a1</span> <span class="pl-en">a2</span><span class="pl-c1">:</span> <span class="pl-en">aref</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Ghost</span> <span class="pl-c1">bool</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+              <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span> <span class="pl-c1">==</span> <span class="pl-c1">true</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">a1</span> <span class="pl-c1">==</span> <span class="pl-en">a2</span><span class="pl-c1">))</span></pre></div>
+<p>Introduction rule</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">aref_of</span> <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span> <span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-en">mreference</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-en">aref</span></pre></div>
+<p>Operators lifted from reference</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">frameOf_aref</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">aref</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-c1">GTot</span> <span class="pl-en">rid</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">frameOf_aref_of</span> <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">frameOf_aref</span> <span class="pl-c1">(</span><span class="pl-en">aref_of</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">frameOf</span> <span class="pl-en">r</span><span class="pl-c1">)</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">frameOf_aref</span> <span class="pl-c1">(</span><span class="pl-en">aref_of</span> <span class="pl-en">r</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">aref_as_addr</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">aref</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-c1">GTot</span> <span class="pl-c1">pos</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">aref_as_addr_aref_of</span> <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">aref_as_addr</span> <span class="pl-c1">(</span><span class="pl-en">aref_of</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">as_addr</span> <span class="pl-en">r</span><span class="pl-c1">)</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">aref_as_addr</span> <span class="pl-c1">(</span><span class="pl-en">aref_of</span> <span class="pl-en">r</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">aref_is_mm</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">aref</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-c1">GTot</span> <span class="pl-c1">bool</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">is_mm_aref_of</span> <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">aref_is_mm</span> <span class="pl-c1">(</span><span class="pl-en">aref_of</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">is_mm</span> <span class="pl-en">r</span><span class="pl-c1">)</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">aref_is_mm</span> <span class="pl-c1">(</span><span class="pl-en">aref_of</span> <span class="pl-en">r</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@ <span class="pl-en">remove_unused_type_parameters</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">;</span><span class="pl-c1">1</span><span class="pl-c1">]]</span>
+<span class="pl-k">val</span> <span class="pl-en">aref_unused_in</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">aref</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">unused_in_aref_of</span> <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">aref_unused_in</span> <span class="pl-c1">(</span><span class="pl-en">aref_of</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">h</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">unused_in</span> <span class="pl-en">r</span> <span class="pl-en">h</span><span class="pl-c1">)</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">aref_unused_in</span> <span class="pl-c1">(</span><span class="pl-en">aref_of</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">h</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">contains_aref_unused_in</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">aref</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">contains</span> <span class="pl-en">h</span> <span class="pl-en">x</span> <span class="pl-c1">/\</span> <span class="pl-en">aref_unused_in</span> <span class="pl-en">y</span> <span class="pl-en">h</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">frameOf</span> <span class="pl-en">x</span> &lt;&gt; <span class="pl-en">frameOf_aref</span> <span class="pl-en">y</span> <span class="pl-c1">\/</span> <span class="pl-en">as_addr</span> <span class="pl-en">x</span> &lt;&gt; <span class="pl-en">aref_as_addr</span> <span class="pl-en">y</span><span class="pl-c1">))</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">contains</span> <span class="pl-en">h</span> <span class="pl-en">x</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">aref_unused_in</span> <span class="pl-en">y</span> <span class="pl-en">h</span><span class="pl-c1">)]</span></pre></div>
+<p>Elimination rule</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@ <span class="pl-en">remove_unused_type_parameters</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">;</span><span class="pl-c1">1</span><span class="pl-c1">;</span><span class="pl-c1">2</span><span class="pl-c1">;</span><span class="pl-c1">3</span><span class="pl-c1">]]</span>
+<span class="pl-k">val</span> <span class="pl-en">aref_live_at</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">aref</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">greference_of</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">aref</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">v</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Ghost</span> <span class="pl-c1">(</span><span class="pl-en">mreference</span> <span class="pl-en">v</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-en">h</span> <span class="pl-c1">.</span> <span class="pl-en">aref_live_at</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">v</span> <span class="pl-en">rel</span><span class="pl-c1">))</span>
+                            <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">reference_of</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">aref</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">v</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">mreference</span> <span class="pl-en">v</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">aref_live_at</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">v</span> <span class="pl-en">rel</span><span class="pl-c1">))</span>
+                           <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">aref_live_at</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">v</span> <span class="pl-en">rel</span> <span class="pl-c1">/\</span> <span class="pl-en">frameOf</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">frameOf_aref</span> <span class="pl-en">a</span> <span class="pl-c1">/\</span>
+                                <span class="pl-en">as_addr</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">aref_as_addr</span> <span class="pl-en">a</span> <span class="pl-c1">/\</span> <span class="pl-en">is_mm</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">aref_is_mm</span> <span class="pl-en">a</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">aref_live_at_aref_of</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mreference</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">aref_live_at</span> <span class="pl-en">h</span> <span class="pl-c1">(</span><span class="pl-en">aref_of</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">t</span> <span class="pl-en">rel</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">contains</span> <span class="pl-en">h</span> <span class="pl-en">r</span><span class="pl-c1">)</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">aref_live_at</span> <span class="pl-en">h</span> <span class="pl-c1">(</span><span class="pl-en">aref_of</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">contains_greference_of</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">aref</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-en">h'</span> <span class="pl-c1">.</span> <span class="pl-en">aref_live_at</span> <span class="pl-en">h'</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">((</span><span class="pl-k">exists</span> <span class="pl-en">h'</span> <span class="pl-c1">.</span> <span class="pl-en">aref_live_at</span> <span class="pl-en">h'</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-en">contains</span> <span class="pl-en">h</span> <span class="pl-c1">(</span><span class="pl-en">greference_of</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">aref_live_at</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)))</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPatOr</span> <span class="pl-c1">[</span>
+             <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">contains</span> <span class="pl-en">h</span> <span class="pl-c1">(</span><span class="pl-en">greference_of</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">))];</span>
+             <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">aref_live_at</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)];</span>
+         <span class="pl-c1">]]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">aref_of_greference_of</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">aref</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">v</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-en">h'</span> <span class="pl-c1">.</span> <span class="pl-en">aref_live_at</span> <span class="pl-en">h'</span> <span class="pl-en">a</span> <span class="pl-en">v</span> <span class="pl-en">rel</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">((</span><span class="pl-k">exists</span> <span class="pl-en">h'</span> <span class="pl-c1">.</span> <span class="pl-en">aref_live_at</span> <span class="pl-en">h'</span> <span class="pl-en">a</span> <span class="pl-en">v</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">aref_of</span> <span class="pl-c1">(</span><span class="pl-en">greference_of</span> <span class="pl-en">a</span> <span class="pl-en">v</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">aref_of</span> <span class="pl-c1">(</span><span class="pl-en">greference_of</span> <span class="pl-en">a</span> <span class="pl-en">v</span> <span class="pl-en">rel</span><span class="pl-c1">))]</span></pre></div>
+<p>Operators lowered to rref</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">frameOf_greference_of</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">aref</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-en">h</span> <span class="pl-c1">.</span> <span class="pl-en">aref_live_at</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">((</span><span class="pl-k">exists</span> <span class="pl-en">h</span> <span class="pl-c1">.</span> <span class="pl-en">aref_live_at</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">frameOf</span> <span class="pl-c1">(</span><span class="pl-en">greference_of</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">frameOf_aref</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">frameOf</span> <span class="pl-c1">(</span><span class="pl-en">greference_of</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">as_addr_greference_of</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">aref</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-en">h</span> <span class="pl-c1">.</span> <span class="pl-en">aref_live_at</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">((</span><span class="pl-k">exists</span> <span class="pl-en">h</span> <span class="pl-c1">.</span> <span class="pl-en">aref_live_at</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">as_addr</span> <span class="pl-c1">(</span><span class="pl-en">greference_of</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">aref_as_addr</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">as_addr</span> <span class="pl-c1">(</span><span class="pl-en">greference_of</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">is_mm_greference_of</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">aref</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-en">h</span> <span class="pl-c1">.</span> <span class="pl-en">aref_live_at</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">((</span><span class="pl-k">exists</span> <span class="pl-en">h</span> <span class="pl-c1">.</span> <span class="pl-en">aref_live_at</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">is_mm</span> <span class="pl-c1">(</span><span class="pl-en">greference_of</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">aref_is_mm</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">is_mm</span> <span class="pl-c1">(</span><span class="pl-en">greference_of</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">unused_in_greference_of</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">aref</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-en">h</span> <span class="pl-c1">.</span> <span class="pl-en">aref_live_at</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">((</span><span class="pl-k">exists</span> <span class="pl-en">h</span> <span class="pl-c1">.</span> <span class="pl-en">aref_live_at</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-en">unused_in</span> <span class="pl-c1">(</span><span class="pl-en">greference_of</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-en">h</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">aref_unused_in</span> <span class="pl-en">a</span> <span class="pl-en">h</span><span class="pl-c1">)))</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">unused_in</span> <span class="pl-c1">(</span><span class="pl-en">greference_of</span> <span class="pl-en">a</span> <span class="pl-en">t</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-en">h</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sel_reference_of</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">aref</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">:</span> <span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">aref_live_at</span> <span class="pl-en">h1</span> <span class="pl-en">a</span> <span class="pl-en">v</span> <span class="pl-en">rel</span> <span class="pl-c1">/\</span> <span class="pl-en">aref_live_at</span> <span class="pl-en">h2</span> <span class="pl-en">a</span> <span class="pl-en">v</span> <span class="pl-en">rel</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">aref_live_at</span> <span class="pl-en">h2</span> <span class="pl-en">a</span> <span class="pl-en">v</span> <span class="pl-en">rel</span> <span class="pl-c1">/\</span> <span class="pl-en">sel</span> <span class="pl-en">h1</span> <span class="pl-c1">(</span><span class="pl-en">reference_of</span> <span class="pl-en">h2</span> <span class="pl-en">a</span> <span class="pl-en">v</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">sel</span> <span class="pl-en">h1</span> <span class="pl-c1">(</span><span class="pl-en">greference_of</span> <span class="pl-en">a</span> <span class="pl-en">v</span> <span class="pl-en">rel</span><span class="pl-c1">)))</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-en">h1</span> <span class="pl-c1">(</span><span class="pl-en">reference_of</span> <span class="pl-en">h2</span> <span class="pl-en">a</span> <span class="pl-en">v</span> <span class="pl-en">rel</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">upd_reference_of</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">aref</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">v</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">aref_live_at</span> <span class="pl-en">h1</span> <span class="pl-en">a</span> <span class="pl-en">v</span> <span class="pl-en">rel</span> <span class="pl-c1">/\</span> <span class="pl-en">aref_live_at</span> <span class="pl-en">h2</span> <span class="pl-en">a</span> <span class="pl-en">v</span> <span class="pl-en">rel</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">aref_live_at</span> <span class="pl-en">h1</span> <span class="pl-en">a</span> <span class="pl-en">v</span> <span class="pl-en">rel</span> <span class="pl-c1">/\</span> <span class="pl-en">aref_live_at</span> <span class="pl-en">h2</span> <span class="pl-en">a</span> <span class="pl-en">v</span> <span class="pl-en">rel</span> <span class="pl-c1">/\</span>
+                <span class="pl-en">upd</span> <span class="pl-en">h1</span> <span class="pl-c1">(</span><span class="pl-en">reference_of</span> <span class="pl-en">h2</span> <span class="pl-en">a</span> <span class="pl-en">v</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">upd</span> <span class="pl-en">h1</span> <span class="pl-c1">(</span><span class="pl-en">greference_of</span> <span class="pl-en">a</span> <span class="pl-en">v</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">h1</span> <span class="pl-c1">(</span><span class="pl-en">reference_of</span> <span class="pl-en">h2</span> <span class="pl-en">a</span> <span class="pl-en">v</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-en">x</span><span class="pl-c1">)]</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Monotonic.Map.html b/docs/FStar.Monotonic.Map.html
index 4af9be7..80b2a1a 100644
--- a/docs/FStar.Monotonic.Map.html
+++ b/docs/FStar.Monotonic.Map.html
@@ -1,16 +1,114 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Monotonic.Map</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.monotonic.map">module FStar.Monotonic.Map</h1>
-<p>fsdoc: no-summary-found</p>
+<h1>
+<a id="user-content-fstarmonotonicmap" class="anchor" href="#fstarmonotonicmap" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Monotonic.Map</h1>
 <p>A library for monotonic references to partial, dependent maps, with a whole-map invariant</p>
+<ul>
+<li>
+<p>Opens module <a href="FStar.HyperStack.html">FStar.HyperStack</a></p>
+</li>
+<li>
+<p>Opens module <a href="FStar.HyperStack.ST.html">FStar.HyperStack.ST</a></p>
+</li>
+<li>
+<p>Aliases module <a href="FStar.HyperStack.html"> FStar.HyperStack</a> as <code>HS  </code></p>
+</li>
+<li>
+<p>Aliases module <a href="FStar.HyperStack.ST.html"> FStar.HyperStack.ST</a> as <code>HST </code></p>
+</li>
+</ul>
+<p>Partial, dependent maps</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">map'</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">option</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">)))</span></pre></div>
+<p>Partial, dependent maps, with a whole-map invariant</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">map</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">inv</span><span class="pl-c1">:</span><span class="pl-en">map'</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">map'</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">{</span><span class="pl-en">inv</span> <span class="pl-en">m</span><span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">upd</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">map'</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">map'</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">if</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">z</span> <span class="pl-k">then</span> <span class="pl-c1">Some</span> <span class="pl-en">y</span> <span class="pl-k">else</span> <span class="pl-en">m</span> <span class="pl-en">z</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">sel</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">map'</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">option</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-en">m</span> <span class="pl-en">x</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">grows_aux</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">#</span><span class="pl-en">inv</span> <span class="pl-c1">:</span><span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">inv</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">m1</span> <span class="pl-en">m2</span><span class="pl-c1">:</span><span class="pl-en">map</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">inv</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.{:pattern</span> <span class="pl-c1">(</span><span class="pl-c1">Some</span><span class="pl-c1">?</span> <span class="pl-c1">(</span><span class="pl-en">m1</span> <span class="pl-en">x</span><span class="pl-c1">))}</span>
+      <span class="pl-c1">Some</span><span class="pl-c1">?</span> <span class="pl-c1">(</span><span class="pl-en">m1</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-c1">Some</span><span class="pl-c1">?</span> <span class="pl-c1">(</span><span class="pl-en">m2</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-c1">Some</span><span class="pl-c1">?.</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">m1</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">Some</span><span class="pl-c1">?.</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">m2</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-s"><span class="pl-pds">"</span>opaque_to_smt<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">grows</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">#</span><span class="pl-en">inv</span> <span class="pl-c1">=</span> <span class="pl-en">grows_aux</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">#</span><span class="pl-en">inv</span></pre></div>
+<p>Monotone, partial, dependent maps, with a whole-map invariant</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">t</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">inv</span> <span class="pl-c1">=</span> <span class="pl-en">m_rref</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">inv</span><span class="pl-c1">)</span> <span class="pl-en">grows</span>  <span class="pl-c">//maybe grows can include the inv?</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">empty_map</span> <span class="pl-en">a</span> <span class="pl-en">b</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">map'</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">None</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">rid</span> <span class="pl-c1">=</span> <span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">erid</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">alloc</span> <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">#</span><span class="pl-en">inv</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">ST</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">inv</span><span class="pl-c1">)</span>
+       <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">inv</span> <span class="pl-c1">(</span><span class="pl-en">empty_map</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">region_contains_pred</span> <span class="pl-en">r</span><span class="pl-c1">)))</span>
+       <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-en">x</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">inv</span> <span class="pl-c1">(</span><span class="pl-en">empty_map</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">ralloc_post</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">empty_map</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">h0</span> <span class="pl-en">x</span> <span class="pl-en">h1</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-en">ralloc</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">empty_map</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">defined</span> <span class="pl-c1">#</span><span class="pl-en">r</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">#</span><span class="pl-en">inv</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">inv</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span>
+  <span class="pl-c1">=</span> <span class="pl-c1">Some</span><span class="pl-c1">?</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">contains</span> <span class="pl-c1">#</span><span class="pl-en">r</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">#</span><span class="pl-en">inv</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">inv</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span>
+  <span class="pl-c1">=</span> <span class="pl-c1">Some</span><span class="pl-c1">?</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-c1">Some</span><span class="pl-c1">?.</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">y</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">value</span> <span class="pl-c1">#</span><span class="pl-en">r</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">#</span><span class="pl-en">inv</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">inv</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">{</span><span class="pl-en">defined</span> <span class="pl-en">m</span> <span class="pl-en">x</span> <span class="pl-en">h</span><span class="pl-c1">})</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">{</span><span class="pl-en">contains</span> <span class="pl-en">m</span> <span class="pl-en">x</span> <span class="pl-en">r</span> <span class="pl-en">h</span><span class="pl-c1">})</span>
+  <span class="pl-c1">=</span> <span class="pl-c1">Some</span><span class="pl-c1">?.</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">fresh</span> <span class="pl-c1">#</span><span class="pl-en">r</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">#</span><span class="pl-en">inv</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">inv</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-smi">HS.</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span>
+  <span class="pl-c1">=</span> <span class="pl-c1">None</span><span class="pl-c1">?</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">contains_stable</span> <span class="pl-c1">#</span><span class="pl-en">r</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">#</span><span class="pl-en">inv</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">inv</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">stable_on_t</span> <span class="pl-en">m</span> <span class="pl-c1">(</span><span class="pl-en">contains</span> <span class="pl-en">m</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">=</span> <span class="pl-en">reveal_opaque</span> <span class="pl-c1">(`</span>%<span class="pl-en">grows</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">grows</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">#</span><span class="pl-en">inv</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">extend</span> <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">inv</span><span class="pl-c1">:(</span><span class="pl-en">map'</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0))</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">inv</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">ST</span> <span class="pl-c1">unit</span>
+      <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">let</span> <span class="pl-en">cur</span> <span class="pl-c1">=</span> <span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">m</span> <span class="pl-k">in</span> <span class="pl-en">inv</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">cur</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">sel</span> <span class="pl-en">cur</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-c1">None</span><span class="pl-c1">))</span>
+      <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-en">u</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-k">let</span> <span class="pl-en">cur</span> <span class="pl-c1">=</span> <span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h0</span> <span class="pl-en">m</span> <span class="pl-k">in</span>
+      <span class="pl-k">let</span> <span class="pl-en">hsref</span> <span class="pl-c1">=</span> <span class="pl-en">m</span> <span class="pl-k">in</span>
+            <span class="pl-smi">HS.</span><span class="pl-en">contains</span> <span class="pl-en">h1</span> <span class="pl-en">m</span>
+            <span class="pl-c1">/\</span> <span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">singleton</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span>
+            <span class="pl-c1">/\</span> <span class="pl-en">modifies_ref</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">singleton</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">as_addr</span> <span class="pl-en">hsref</span><span class="pl-c1">))</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span>
+            <span class="pl-c1">/\</span> <span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h1</span> <span class="pl-en">m</span> <span class="pl-c1">==</span> <span class="pl-en">upd</span> <span class="pl-en">cur</span> <span class="pl-en">x</span> <span class="pl-en">y</span>
+            <span class="pl-c1">/\</span> <span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">defined</span> <span class="pl-en">m</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+            <span class="pl-c1">/\</span> <span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">contains</span> <span class="pl-en">m</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">=</span> <span class="pl-en">recall</span> <span class="pl-en">m</span><span class="pl-c1">;</span>
+    <span class="pl-en">reveal_opaque</span> <span class="pl-c1">(`</span>%<span class="pl-en">grows</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">grows</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">#</span><span class="pl-en">inv</span><span class="pl-c1">);</span>
+    <span class="pl-k">let</span> <span class="pl-en">cur</span> <span class="pl-c1">=</span> !<span class="pl-en">m</span> <span class="pl-k">in</span>
+    <span class="pl-en">m</span> <span class="pl-c1">:=</span> <span class="pl-en">upd</span> <span class="pl-en">cur</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">;</span>
+    <span class="pl-en">contains_stable</span> <span class="pl-en">m</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">;</span>
+    <span class="pl-en">mr_witness</span> <span class="pl-en">m</span> <span class="pl-c1">(</span><span class="pl-en">defined</span> <span class="pl-en">m</span> <span class="pl-en">x</span><span class="pl-c1">);</span>
+    <span class="pl-en">mr_witness</span> <span class="pl-en">m</span> <span class="pl-c1">(</span><span class="pl-en">contains</span> <span class="pl-en">m</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lookup</span> <span class="pl-c1">#</span><span class="pl-en">r</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">#</span><span class="pl-en">inv</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">inv</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">ST</span> <span class="pl-c1">(</span><span class="pl-en">option</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+       <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span>
+       <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-en">y</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span>
+       <span class="pl-en">h0</span><span class="pl-c1">==</span><span class="pl-en">h1</span> <span class="pl-c1">/\</span>
+       <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h1</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-en">x</span> <span class="pl-c1">/\</span>
+       <span class="pl-c1">(</span><span class="pl-c1">None</span><span class="pl-c1">?</span> <span class="pl-en">y</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">fresh</span> <span class="pl-en">m</span> <span class="pl-en">x</span> <span class="pl-en">h1</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+       <span class="pl-c1">(</span><span class="pl-c1">Some</span><span class="pl-c1">?</span> <span class="pl-en">y</span> <span class="pl-c1">==&gt;</span>
+         <span class="pl-en">defined</span> <span class="pl-en">m</span> <span class="pl-en">x</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span>
+         <span class="pl-en">contains</span> <span class="pl-en">m</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-c1">Some</span><span class="pl-c1">?.</span><span class="pl-en">v</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span>
+         <span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">defined</span> <span class="pl-en">m</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+         <span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">contains</span> <span class="pl-en">m</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-c1">Some</span><span class="pl-c1">?.</span><span class="pl-en">v</span> <span class="pl-en">y</span><span class="pl-c1">)))))</span>
+<span class="pl-c1">=</span> <span class="pl-en">reveal_opaque</span> <span class="pl-c1">(`</span>%<span class="pl-en">grows</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">grows</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">#</span><span class="pl-en">inv</span><span class="pl-c1">);</span>
+  <span class="pl-k">let</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">sel</span> !<span class="pl-en">m</span> <span class="pl-en">x</span> <span class="pl-k">in</span>
+  <span class="pl-k">match</span> <span class="pl-en">y</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-en">contains_stable</span> <span class="pl-en">m</span> <span class="pl-en">x</span> <span class="pl-en">b</span><span class="pl-c1">;</span>
+        <span class="pl-en">mr_witness</span> <span class="pl-en">m</span> <span class="pl-c1">(</span><span class="pl-en">defined</span> <span class="pl-en">m</span> <span class="pl-en">x</span><span class="pl-c1">);</span>
+        <span class="pl-en">mr_witness</span> <span class="pl-en">m</span> <span class="pl-c1">(</span><span class="pl-en">contains</span> <span class="pl-en">m</span> <span class="pl-en">x</span> <span class="pl-en">b</span><span class="pl-c1">);</span>
+        <span class="pl-en">y</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Monotonic.Pure.html b/docs/FStar.Monotonic.Pure.html
new file mode 100644
index 0000000..9c6c52b
--- /dev/null
+++ b/docs/FStar.Monotonic.Pure.html
@@ -0,0 +1,59 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+  <title>FStar.Monotonic.Pure</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
+</head>
+<body>
+<p>Copyright 2019 Microsoft Research</p>
+<p>Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at</p>
+<pre><code>http://www.apache.org/licenses/LICENSE-2.0
+</code></pre>
+<p>Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.</p>
+<h1>
+<a id="user-content-fstarmonotonicpure" class="anchor" href="#fstarmonotonicpure" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Monotonic.Pure</h1>
+<ul>
+<li>This module provides utilities to intro and elim the monotonicity</li>
+<li>property of pure wps</li>
+<li>
+</li>
+<li>Since pure_wp_monotonic predicate is marked opaque_to_smt in prims,</li>
+<li>reasoning with it requires explicit coercions</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">is_monotonic</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp</span><span class="pl-c1">:</span><span class="pl-en">pure_wp'</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span></pre></div>
+<ul>
+<li>Once we support using tactics in ulib/,</li>
+<li>this would be written as: Prims.pure_wp_monotonic0,</li>
+<li>with a postprocessing tactic to norm it</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">q</span><span class="pl-c1">:</span><span class="pl-en">pure_post</span> <span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">q</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-c1">(</span><span class="pl-en">wp</span> <span class="pl-en">p</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">wp</span> <span class="pl-en">q</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">elim_pure_wp_monotonicity</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp</span><span class="pl-c1">:</span><span class="pl-en">pure_wp</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">is_monotonic</span> <span class="pl-en">wp</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-en">reveal_opaque</span> <span class="pl-c1">(`</span>%<span class="pl-en">pure_wp_monotonic</span><span class="pl-c1">)</span> <span class="pl-en">pure_wp_monotonic</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">elim_pure_wp_monotonicity_forall</span> <span class="pl-c1">(</span><span class="pl-c1">_</span><span class="pl-c1">:unit)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp</span><span class="pl-c1">:</span><span class="pl-en">pure_wp</span> <span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-en">is_monotonic</span> <span class="pl-en">wp</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-en">reveal_opaque</span> <span class="pl-c1">(`</span>%<span class="pl-en">pure_wp_monotonic</span><span class="pl-c1">)</span> <span class="pl-en">pure_wp_monotonic</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">intro_pure_wp_monotonicity</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp</span><span class="pl-c1">:</span><span class="pl-en">pure_wp'</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+      <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">is_monotonic</span> <span class="pl-en">wp</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">pure_wp_monotonic</span> <span class="pl-en">a</span> <span class="pl-en">wp</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-en">reveal_opaque</span> <span class="pl-c1">(`</span>%<span class="pl-en">pure_wp_monotonic</span><span class="pl-c1">)</span> <span class="pl-en">pure_wp_monotonic</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">as_pure_wp</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp</span><span class="pl-c1">:</span><span class="pl-en">pure_wp'</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">pure_wp</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">is_monotonic</span> <span class="pl-en">wp</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-k">fun</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-en">wp</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-en">intro_pure_wp_monotonicity</span> <span class="pl-en">wp</span><span class="pl-c1">;</span>
+    <span class="pl-en">wp</span></pre></div>
+
+</body>
+</html>
diff --git a/docs/FStar.Monotonic.Seq.html b/docs/FStar.Monotonic.Seq.html
index a24a6f0..520bf3a 100644
--- a/docs/FStar.Monotonic.Seq.html
+++ b/docs/FStar.Monotonic.Seq.html
@@ -1,57 +1,398 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Monotonic.Seq</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.monotonic.seq">module FStar.Monotonic.Seq</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((write_at_end (#a:Type) (#i:rid) (r:m_rref i (<span class="dt">seq</span> a) grows) (x:a)):(ST <span class="dt">unit</span> ((requires ((<span class="kw">fun</span> h -&gt; True)))) ((ensures ((<span class="kw">fun</span> h0 _ h1 -&gt; /\(/\(/\(/\(contains h1 r, modifies_one i h0 h1), modifies_ref i (Set<span class="kw">.</span>singleton (HS<span class="kw">.</span>as_addr r)) h0 h1), ==(HS<span class="kw">.</span>sel h1 r, Seq<span class="kw">.</span>snoc (HS<span class="kw">.</span>sel h0 r) x)), witnessed (at_least (Seq<span class="kw">.</span>length (HS<span class="kw">.</span>sel h0 r)) x r)))))))):recall r; <span class="kw">let</span>  s0 = !(r) <span class="kw">in</span> <span class="kw">let</span>  n = Seq<span class="kw">.</span>length s0 <span class="kw">in</span> :=(r, Seq<span class="kw">.</span>snoc s0 x); at_least_is_stable n x r; Seq<span class="kw">.</span>contains_snoc s0 x; mr_witness r (at_least n x r)</code></pre></div>
+<h1>
+<a id="user-content-fstarmonotonicseq" class="anchor" href="#fstarmonotonicseq" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Monotonic.Seq</h1>
+<ul>
+<li>
+<p>Opens module <a href="FStar.Seq.html">FStar.Seq</a></p>
+</li>
+<li>
+<p>Opens module <a href="FStar.Classical.html">FStar.Classical</a></p>
+</li>
+<li>
+<p>Aliases module <a href="FStar.HyperStack.html"> FStar.HyperStack</a> as <code>HS   </code></p>
+</li>
+<li>
+<p>Aliases module <a href="FStar.HyperStack.ST.html"> FStar.HyperStack.ST</a> as <code>HST  </code></p>
+</li>
+<li>
+<p>Opens module <a href="FStar.HyperStack.html">FStar.HyperStack</a></p>
+</li>
+<li>
+<p>Opens module <a href="FStar.HyperStack.ST.html">FStar.HyperStack.ST</a></p>
+</li>
+<li>
+<p>Aliases module <a href="FStar.Seq.html"> FStar.Seq</a> as <code>Seq </code>
+2016-11-22: The following is meant to override the fact that the
+enclosing namespace of the current module (here FStar.Monotonic) is
+automatically opened, which makes Seq resolve into
+FStar.Monotonic.Seq instead of FStar.Seq.</p>
+</li>
+</ul>
+<p>//////////////////////////////////////////////////////////////////////////////</p>
+<ul>
+<li>12/08</li>
+<li>AR: writing this in terms of length and index</li>
+<li>
+<pre><code>earlier it was written in terms of an exists s3. Seq.equal (append s1 s3) s2
+</code></pre>
+</li>
+<li>
+<pre><code>that meant going through many hoops to prove simple things like transitivity of grows
+</code></pre>
+</li>
+<li>
+<pre><code>so far this seems to work better.
+</code></pre>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">grows_aux</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">:</span><span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">length</span> <span class="pl-en">s1</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s2</span> <span class="pl-c1">/\</span>
+    <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat).{:pattern</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-en">s1</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">\/</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-en">s2</span> <span class="pl-en">i</span><span class="pl-c1">)}</span> <span class="pl-en">i</span> &lt; <span class="pl-en">length</span> <span class="pl-en">s1</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">index</span> <span class="pl-en">s1</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-en">index</span> <span class="pl-en">s2</span> <span class="pl-en">i</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-s"><span class="pl-pds">"</span>opaque_to_smt<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">grows</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">grows_aux</span> <span class="pl-c1">#</span><span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">rid</span> <span class="pl-c1">=</span> <span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">erid</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">snoc</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-smi">'a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-smi">Seq.</span><span class="pl-en">append</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">create</span> <span class="pl-c1">1</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lemma_snoc_extends</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">grows</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">snoc</span> <span class="pl-en">s</span> <span class="pl-en">x</span><span class="pl-c1">)))</span>
+      <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">grows</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">snoc</span> <span class="pl-en">s</span> <span class="pl-en">x</span><span class="pl-c1">))]</span>
+  <span class="pl-c1">=</span> <span class="pl-en">reveal_opaque</span> <span class="pl-c1">(`</span>%<span class="pl-en">grows</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">grows</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">alloc_mref_seq</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">init</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">ST</span> <span class="pl-c1">(</span><span class="pl-en">m_rref</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">grows</span><span class="pl-c1">)</span>
+       <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">region_contains_pred</span> <span class="pl-en">r</span><span class="pl-c1">)))</span>
+       <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-en">m</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span>
+     <span class="pl-smi">HS.</span><span class="pl-en">contains</span> <span class="pl-en">h1</span> <span class="pl-en">m</span> <span class="pl-c1">/\</span>
+     <span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h1</span> <span class="pl-en">m</span> <span class="pl-c1">==</span> <span class="pl-en">init</span> <span class="pl-c1">/\</span>
+     <span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">ralloc_post</span> <span class="pl-en">r</span> <span class="pl-en">init</span> <span class="pl-en">h0</span> <span class="pl-en">m</span> <span class="pl-en">h1</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-en">ralloc</span> <span class="pl-en">r</span> <span class="pl-en">init</span></pre></div>
+<ul>
+<li>AR: changing rids below to rid which is eternal regions.</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">at_least</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">m_rref</span> <span class="pl-en">i</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">grows</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">r</span><span class="pl-c1">)</span> &gt; <span class="pl-en">n</span>
+  <span class="pl-c1">/\</span> <span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">n</span> <span class="pl-c1">==</span> <span class="pl-en">x</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">at_least_is_stable</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">m_rref</span> <span class="pl-en">i</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">grows</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">stable_on_t</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">at_least</span> <span class="pl-en">n</span> <span class="pl-en">x</span> <span class="pl-en">r</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-en">reveal_opaque</span> <span class="pl-c1">(`</span>%<span class="pl-en">grows</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">grows</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-write_at_end" class="anchor" href="#write_at_end" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>write_at_end</h4>
 <p>extending a stored sequence, witnessing its new entry for convenience.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> collect:Unidentified product: [(Unidentified product: [&#39;a] (Tot (<span class="dt">seq</span> &#39;b)))] Unidentified product: [s:<span class="dt">seq</span> &#39;a] (Tot (<span class="dt">seq</span> &#39;b) (decreases (Seq<span class="kw">.</span>length s)))</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">write_at_end</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">m_rref</span> <span class="pl-en">i</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">grows</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">ST</span> <span class="pl-c1">unit</span>
+       <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span>
+       <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-c1">_</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span>
+                   <span class="pl-en">contains</span> <span class="pl-en">h1</span> <span class="pl-en">r</span>
+             <span class="pl-c1">/\</span> <span class="pl-en">modifies_one</span> <span class="pl-en">i</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span>
+             <span class="pl-c1">/\</span> <span class="pl-en">modifies_ref</span> <span class="pl-en">i</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">singleton</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">as_addr</span> <span class="pl-en">r</span><span class="pl-c1">))</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span>
+             <span class="pl-c1">/\</span> <span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h1</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-smi">Seq.</span><span class="pl-en">snoc</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h0</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">x</span>
+             <span class="pl-c1">/\</span> <span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">at_least</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h0</span> <span class="pl-en">r</span><span class="pl-c1">))</span> <span class="pl-en">x</span> <span class="pl-en">r</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">=</span>
+    <span class="pl-en">recall</span> <span class="pl-en">r</span><span class="pl-c1">;</span>
+    <span class="pl-k">let</span> <span class="pl-en">s0</span> <span class="pl-c1">=</span> !<span class="pl-en">r</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s0</span> <span class="pl-k">in</span>
+    <span class="pl-en">r</span> <span class="pl-c1">:=</span> <span class="pl-smi">Seq.</span><span class="pl-en">snoc</span> <span class="pl-en">s0</span> <span class="pl-en">x</span><span class="pl-c1">;</span>
+    <span class="pl-en">at_least_is_stable</span> <span class="pl-en">n</span> <span class="pl-en">x</span> <span class="pl-en">r</span><span class="pl-c1">;</span>
+    <span class="pl-smi">Seq.</span><span class="pl-en">contains_snoc</span> <span class="pl-en">s0</span> <span class="pl-en">x</span><span class="pl-c1">;</span>
+    <span class="pl-en">mr_witness</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">at_least</span> <span class="pl-en">n</span> <span class="pl-en">x</span> <span class="pl-en">r</span><span class="pl-c1">)</span></pre></div>
+<p>//////////////////////////////////////////////////////////////////////////////
+Monotone sequences with a (stateless) invariant of the whole sequence
+//////////////////////////////////////////////////////////////////////////////</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">grows_p</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span> <span class="pl-c1">:</span><span class="pl-smi">Preorder.</span><span class="pl-en">preorder</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">p</span> <span class="pl-en">s</span><span class="pl-c1">})</span> <span class="pl-c1">=</span>
+  <span class="pl-k">fun</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">grows</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">i_seq</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span> <span class="pl-c1">=</span> <span class="pl-en">m_rref</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">p</span> <span class="pl-en">s</span><span class="pl-c1">})</span> <span class="pl-c1">(</span><span class="pl-en">grows_p</span> <span class="pl-en">p</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">alloc_mref_iseq</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">init</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">p</span> <span class="pl-en">init</span><span class="pl-c1">})</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">ST</span> <span class="pl-c1">(</span><span class="pl-en">i_seq</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-en">p</span><span class="pl-c1">)</span>
+       <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">region_contains_pred</span> <span class="pl-en">r</span><span class="pl-c1">)))</span>
+       <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-en">m</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">ralloc_post</span> <span class="pl-en">r</span> <span class="pl-en">init</span> <span class="pl-en">h0</span> <span class="pl-en">m</span> <span class="pl-en">h1</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-en">ralloc</span> <span class="pl-en">r</span> <span class="pl-en">init</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">i_at_least</span> <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">i_seq</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+        <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">m</span><span class="pl-c1">)</span> &gt; <span class="pl-en">n</span>
+      <span class="pl-c1">/\</span> <span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-en">n</span> <span class="pl-c1">==</span> <span class="pl-en">x</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">i_at_least_is_stable</span> <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">i_seq</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-en">p</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">stable_on_t</span> <span class="pl-en">m</span> <span class="pl-c1">(</span><span class="pl-en">i_at_least</span> <span class="pl-en">n</span> <span class="pl-en">x</span> <span class="pl-en">m</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-en">reveal_opaque</span> <span class="pl-c1">(`</span>%<span class="pl-en">grows</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">grows</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">int_at_most</span> <span class="pl-c1">#</span><span class="pl-en">r</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">is</span><span class="pl-c1">:</span><span class="pl-en">i_seq</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Type0</span> <span class="pl-c1">=</span>
+  <span class="pl-en">x</span> &lt; <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">is</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">int_at_most_is_stable</span> <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">is</span><span class="pl-c1">:</span><span class="pl-en">i_seq</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:int)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">stable_on_t</span> <span class="pl-en">is</span> <span class="pl-c1">(</span><span class="pl-en">int_at_most</span> <span class="pl-en">k</span> <span class="pl-en">is</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-en">reveal_opaque</span> <span class="pl-c1">(`</span>%<span class="pl-en">grows</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">grows</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">i_sel</span> <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">i_seq</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-en">p</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">p</span> <span class="pl-en">s</span><span class="pl-c1">})</span>
+  <span class="pl-c1">=</span> <span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">m</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">i_read</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-smi">Seq.</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">i_seq</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-en">p</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">ST</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">p</span> <span class="pl-en">s</span><span class="pl-c1">})</span>
+       <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span>
+       <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-en">x</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">h0</span><span class="pl-c1">==</span><span class="pl-en">h1</span> <span class="pl-c1">/\</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">i_sel</span> <span class="pl-en">h0</span> <span class="pl-en">m</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> !<span class="pl-en">m</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">i_contains</span> <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">i_seq</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span>
+  <span class="pl-c1">=</span> <span class="pl-smi">HS.</span><span class="pl-en">contains</span> <span class="pl-en">h</span> <span class="pl-en">m</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">i_write_at_end</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rgn</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">i_seq</span> <span class="pl-en">rgn</span> <span class="pl-en">a</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">ST</span> <span class="pl-c1">unit</span>
+       <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">snoc</span> <span class="pl-c1">(</span><span class="pl-en">i_sel</span> <span class="pl-en">h</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">x</span><span class="pl-c1">)))</span>
+       <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-c1">_</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span>
+                   <span class="pl-en">i_contains</span> <span class="pl-en">r</span> <span class="pl-en">h1</span>
+             <span class="pl-c1">/\</span> <span class="pl-en">modifies_one</span> <span class="pl-en">rgn</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span>
+             <span class="pl-c1">/\</span> <span class="pl-en">modifies_ref</span> <span class="pl-en">rgn</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">singleton</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">as_addr</span> <span class="pl-en">r</span><span class="pl-c1">))</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span>
+             <span class="pl-c1">/\</span> <span class="pl-en">i_sel</span> <span class="pl-en">h1</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-smi">Seq.</span><span class="pl-en">snoc</span> <span class="pl-c1">(</span><span class="pl-en">i_sel</span> <span class="pl-en">h0</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">x</span>
+             <span class="pl-c1">/\</span> <span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">i_at_least</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">i_sel</span> <span class="pl-en">h0</span> <span class="pl-en">r</span><span class="pl-c1">))</span> <span class="pl-en">x</span> <span class="pl-en">r</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">=</span>
+    <span class="pl-en">recall</span> <span class="pl-en">r</span><span class="pl-c1">;</span>
+    <span class="pl-k">let</span> <span class="pl-en">s0</span> <span class="pl-c1">=</span> !<span class="pl-en">r</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s0</span> <span class="pl-k">in</span>
+    <span class="pl-en">r</span> <span class="pl-c1">:=</span> <span class="pl-smi">Seq.</span><span class="pl-en">snoc</span> <span class="pl-en">s0</span> <span class="pl-en">x</span><span class="pl-c1">;</span>
+    <span class="pl-en">i_at_least_is_stable</span> <span class="pl-en">n</span> <span class="pl-en">x</span> <span class="pl-en">r</span><span class="pl-c1">;</span>
+    <span class="pl-en">contains_snoc</span> <span class="pl-en">s0</span> <span class="pl-en">x</span><span class="pl-c1">;</span>
+    <span class="pl-en">mr_witness</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">i_at_least</span> <span class="pl-en">n</span> <span class="pl-en">x</span> <span class="pl-en">r</span><span class="pl-c1">)</span></pre></div>
+<p>//////////////////////////////////////////////////////////////////////////////
+Testing invariant sequences
+//////////////////////////////////////////////////////////////////////////////</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">invariant</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-c1">nat)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">j</span><span class="pl-c1">:nat).</span> <span class="pl-en">i</span> &lt; <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">/\</span> <span class="pl-en">j</span> &lt; <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">/\</span> <span class="pl-en">i</span>&lt;&gt;<span class="pl-en">j</span>
+         <span class="pl-c1">==&gt;</span> <span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">i</span> &lt;&gt; <span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">j</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">test0</span><span class="pl-c1">:</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">m_rref</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-c1">nat)</span> <span class="pl-en">grows</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">k</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ST</span> <span class="pl-c1">unit</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">k</span> &lt; <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">a</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-en">result</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">test0</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-en">k</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">h0</span> <span class="pl-c1">=</span> <span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">get</span><span class="pl-c1">()</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h0</span> <span class="pl-en">a</span> <span class="pl-k">in</span>
+    <span class="pl-en">at_least_is_stable</span> <span class="pl-en">k</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h0</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">k</span><span class="pl-c1">)</span> <span class="pl-en">a</span><span class="pl-c1">;</span>
+    <span class="pl-smi">Seq.</span><span class="pl-en">contains_intro</span> <span class="pl-en">s</span> <span class="pl-en">k</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">k</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+  <span class="pl-en">mr_witness</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">at_least</span> <span class="pl-en">k</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h0</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">k</span><span class="pl-c1">)</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">itest</span><span class="pl-c1">:</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">rid</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">i_seq</span> <span class="pl-en">r</span> <span class="pl-c1">nat</span> <span class="pl-en">invariant</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">k</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ST</span> <span class="pl-c1">unit</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">k</span> &lt; <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">i_sel</span> <span class="pl-en">h</span> <span class="pl-en">a</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-en">result</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">itest</span> <span class="pl-en">r</span> <span class="pl-en">a</span> <span class="pl-en">k</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">h0</span> <span class="pl-c1">=</span> <span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">get</span><span class="pl-c1">()</span> <span class="pl-k">in</span>
+  <span class="pl-en">i_at_least_is_stable</span> <span class="pl-en">k</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">i_sel</span> <span class="pl-en">h0</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">k</span><span class="pl-c1">)</span> <span class="pl-en">a</span><span class="pl-c1">;</span>
+  <span class="pl-en">mr_witness</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">i_at_least</span> <span class="pl-en">k</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">i_sel</span> <span class="pl-en">h0</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">k</span><span class="pl-c1">)</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<p>//////////////////////////////////////////////////////////////////////////////
+Mapping functions over monotone sequences
+//////////////////////////////////////////////////////////////////////////////</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">un_snoc</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">{</span><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s</span> &gt; <span class="pl-c1">0</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span><span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">a</span> * <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">un_snoc</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">s</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">last</span> <span class="pl-c1">=</span> <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span> <span class="pl-k">in</span>
+  <span class="pl-smi">Seq.</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-c1">0</span> <span class="pl-en">last</span><span class="pl-c1">,</span> <span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">last</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">map</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-en">s</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-smi">Seq.</span><span class="pl-en">empty</span>
+  <span class="pl-k">else</span> <span class="pl-k">let</span> <span class="pl-en">prefix</span><span class="pl-c1">,</span> <span class="pl-en">last</span> <span class="pl-c1">=</span> <span class="pl-en">un_snoc</span> <span class="pl-en">s</span> <span class="pl-k">in</span>
+       <span class="pl-smi">Seq.</span><span class="pl-en">snoc</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-en">prefix</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">last</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">map_snoc</span><span class="pl-c1">:</span> <span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">snoc</span> <span class="pl-en">s</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-smi">Seq.</span><span class="pl-en">snoc</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">map_snoc</span> <span class="pl-en">f</span> <span class="pl-en">s</span> <span class="pl-en">a</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">prefix</span><span class="pl-c1">,</span> <span class="pl-en">last</span> <span class="pl-c1">=</span> <span class="pl-en">un_snoc</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">snoc</span> <span class="pl-en">s</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+  <span class="pl-en">cut</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">equal</span> <span class="pl-en">prefix</span> <span class="pl-en">s</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">op_At</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span> <span class="pl-c1">=</span> <span class="pl-smi">Seq.</span><span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">map_append</span><span class="pl-c1">:</span> <span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">s1</span>@<span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-en">s1</span> @ <span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-en">s2</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+<span class="pl-k">#reset-options</span> "<span class="pl-s">--z3rlimit 10 --initial_fuel 1 --max_fuel 1 --initial_ifuel 1 --max_ifuel 1</span>"
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">map_append</span> <span class="pl-en">f</span> <span class="pl-en">s_1</span> <span class="pl-en">s_2</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s_2</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span>
+  <span class="pl-k">then</span> <span class="pl-c1">(</span><span class="pl-en">cut</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-en">s_1</span>@<span class="pl-en">s_2</span><span class="pl-c1">)</span> <span class="pl-en">s_1</span><span class="pl-c1">);</span>
+        <span class="pl-en">cut</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-en">s_1</span> @ <span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-en">s_2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-en">s_1</span><span class="pl-c1">)))</span>
+  <span class="pl-k">else</span> <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-en">prefix_2</span><span class="pl-c1">,</span> <span class="pl-en">last</span> <span class="pl-c1">=</span> <span class="pl-en">un_snoc</span> <span class="pl-en">s_2</span> <span class="pl-k">in</span>
+        <span class="pl-k">let</span> <span class="pl-en">m_s_1</span> <span class="pl-c1">=</span> <span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-en">s_1</span> <span class="pl-k">in</span>
+      <span class="pl-k">let</span> <span class="pl-en">m_p_2</span> <span class="pl-c1">=</span> <span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-en">prefix_2</span> <span class="pl-k">in</span>
+      <span class="pl-k">let</span> <span class="pl-en">flast</span> <span class="pl-c1">=</span> <span class="pl-en">f</span> <span class="pl-en">last</span> <span class="pl-k">in</span>
+      <span class="pl-en">cut</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-en">s_1</span>@<span class="pl-en">s_2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">snoc</span> <span class="pl-c1">(</span><span class="pl-en">s_1</span>@<span class="pl-en">prefix_2</span><span class="pl-c1">)</span> <span class="pl-en">last</span><span class="pl-c1">));</span>         <span class="pl-c">//map f (s1@s2) = map f (snoc (s1@p) last)</span>
+      <span class="pl-en">map_snoc</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">append</span> <span class="pl-en">s_1</span> <span class="pl-en">prefix_2</span><span class="pl-c1">)</span> <span class="pl-en">last</span><span class="pl-c1">;</span>                       <span class="pl-c">//              = snoc (map f (s1@p)) (f last)</span>
+        <span class="pl-en">map_append</span> <span class="pl-en">f</span> <span class="pl-en">s_1</span> <span class="pl-en">prefix_2</span><span class="pl-c1">;</span>                                       <span class="pl-c">//              = snoc (map f s_1 @ map f p) (f last)</span>
+      <span class="pl-en">cut</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">snoc</span> <span class="pl-c1">(</span><span class="pl-en">m_s_1</span> @ <span class="pl-en">m_p_2</span><span class="pl-c1">)</span> <span class="pl-en">flast</span><span class="pl-c1">)</span>
+                 <span class="pl-c1">(</span><span class="pl-en">m_s_1</span> @ <span class="pl-smi">Seq.</span><span class="pl-en">snoc</span> <span class="pl-en">m_p_2</span> <span class="pl-en">flast</span><span class="pl-c1">));</span>                 <span class="pl-c">//              = map f s1 @ (snoc (map f p) (f last))</span>
+        <span class="pl-en">map_snoc</span> <span class="pl-en">f</span> <span class="pl-en">prefix_2</span> <span class="pl-en">last</span><span class="pl-c1">)</span>                                       <span class="pl-c">//              = map f s1 @ map f (snoc p last)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#reset-options</span> "<span class="pl-s">--z3rlimit 5</span>"</pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">map_length</span><span class="pl-c1">:</span> <span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s1</span> <span class="pl-c1">=</span> <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-en">s1</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">s1</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-en">s1</span><span class="pl-c1">))]</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">map_length</span> <span class="pl-en">f</span> <span class="pl-en">s1</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s1</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-c1">()</span>
+  <span class="pl-k">else</span> <span class="pl-k">let</span> <span class="pl-en">prefix</span><span class="pl-c1">,</span> <span class="pl-en">last</span> <span class="pl-c1">=</span> <span class="pl-en">un_snoc</span> <span class="pl-en">s1</span> <span class="pl-k">in</span>
+       <span class="pl-en">map_length</span> <span class="pl-en">f</span> <span class="pl-en">prefix</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">map_index</span><span class="pl-c1">:</span> <span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span>&lt;<span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">i</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">map_index</span> <span class="pl-en">f</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span>
+  <span class="pl-k">then</span> <span class="pl-c1">()</span>
+  <span class="pl-k">else</span> <span class="pl-k">let</span> <span class="pl-en">prefix</span><span class="pl-c1">,</span> <span class="pl-en">last</span> <span class="pl-c1">=</span> <span class="pl-en">un_snoc</span> <span class="pl-en">s</span> <span class="pl-k">in</span>
+       <span class="pl-en">map_index</span> <span class="pl-en">f</span> <span class="pl-en">prefix</span> <span class="pl-en">i</span></pre></div>
+<p>17-01-05 all the stuff above should go to Seq.Properties!</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">map_grows</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+          <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s3</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">grows</span> <span class="pl-en">s1</span> <span class="pl-en">s3</span>
+       <span class="pl-c1">==&gt;</span> <span class="pl-en">grows</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-en">s3</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-en">reveal_opaque</span> <span class="pl-c1">(`</span>%<span class="pl-en">grows</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">grows</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">);</span>
+    <span class="pl-en">reveal_opaque</span> <span class="pl-c1">(`</span>%<span class="pl-en">grows</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">grows</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">map_prefix</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+           <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">m_rref</span> <span class="pl-en">i</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">grows</span><span class="pl-c1">)</span>
+           <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+           <span class="pl-c1">(</span><span class="pl-en">bs</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+           <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">grows</span> <span class="pl-en">bs</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">r</span><span class="pl-c1">))</span></pre></div>
+<p>17-01-05  this applies to log_t's defined below.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">map_prefix_stable</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">m_rref</span> <span class="pl-en">i</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">grows</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">bs</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">stable_on_t</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">map_prefix</span> <span class="pl-en">r</span> <span class="pl-en">f</span> <span class="pl-en">bs</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-en">reveal_opaque</span> <span class="pl-c1">(`</span>%<span class="pl-en">grows</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">grows</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">);</span>
+    <span class="pl-en">reveal_opaque</span> <span class="pl-c1">(`</span>%<span class="pl-en">grows</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">grows</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">map_has_at_index</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+             <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">m_rref</span> <span class="pl-en">i</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">grows</span><span class="pl-c1">)</span>
+             <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+             <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">r</span> <span class="pl-k">in</span>
+    <span class="pl-en">n</span> &lt; <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s</span>
+  <span class="pl-c1">/\</span> <span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">n</span> <span class="pl-c1">==</span> <span class="pl-en">v</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">map_has_at_index_stable</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+                <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">m_rref</span> <span class="pl-en">i</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">grows</span><span class="pl-c1">)</span>
+                <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">stable_on_t</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">map_has_at_index</span> <span class="pl-en">r</span> <span class="pl-en">f</span> <span class="pl-en">n</span> <span class="pl-en">v</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-en">reveal_opaque</span> <span class="pl-c1">(`</span>%<span class="pl-en">grows</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">grows</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<p>//////////////////////////////////////////////////////////////////////////////
+Collecting monotone sequences
+//////////////////////////////////////////////////////////////////////////////</p>
+<h4>
+<a id="user-content-collect" class="anchor" href="#collect" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>collect</h4>
 <p>yields the concatenation of all sequences returned by f applied to the sequence elements</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">collect</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-smi">'b</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">collect</span> <span class="pl-en">f</span> <span class="pl-en">s</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-smi">Seq.</span><span class="pl-en">empty</span>
+  <span class="pl-k">else</span> <span class="pl-k">let</span> <span class="pl-en">prefix</span><span class="pl-c1">,</span> <span class="pl-en">last</span> <span class="pl-c1">=</span> <span class="pl-en">un_snoc</span> <span class="pl-en">s</span> <span class="pl-k">in</span>
+       <span class="pl-smi">Seq.</span><span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">collect</span> <span class="pl-en">f</span> <span class="pl-en">prefix</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">last</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">collect_snoc</span><span class="pl-c1">:</span> <span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-smi">'b</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">collect</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">snoc</span> <span class="pl-en">s</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-smi">Seq.</span><span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">collect</span> <span class="pl-en">f</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">collect_snoc</span> <span class="pl-en">f</span> <span class="pl-en">s</span> <span class="pl-en">a</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">prefix</span><span class="pl-c1">,</span> <span class="pl-en">last</span> <span class="pl-c1">=</span> <span class="pl-en">un_snoc</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">snoc</span> <span class="pl-en">s</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+  <span class="pl-en">cut</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">equal</span> <span class="pl-en">prefix</span> <span class="pl-en">s</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#reset-options</span> "<span class="pl-s">--z3rlimit 20 --initial_fuel 1 --max_fuel 1 --initial_ifuel 1 --max_ifuel 1</span>"</pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">collect_grows</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-smi">'b</span><span class="pl-c1">))</span>
+          <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">grows</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">grows</span> <span class="pl-c1">(</span><span class="pl-en">collect</span> <span class="pl-en">f</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">collect</span> <span class="pl-en">f</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-en">reveal_opaque</span> <span class="pl-c1">(`</span>%<span class="pl-en">grows</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">grows</span> <span class="pl-c1">#</span><span class="pl-smi">'a</span><span class="pl-c1">);</span>
+    <span class="pl-en">reveal_opaque</span> <span class="pl-c1">(`</span>%<span class="pl-en">grows</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">grows</span> <span class="pl-c1">#</span><span class="pl-smi">'b</span><span class="pl-c1">);</span>
+    <span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">collect_grows_aux</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-smi">'b</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span>
+      <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">grows</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">grows</span> <span class="pl-c1">(</span><span class="pl-en">collect</span> <span class="pl-en">f</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">collect</span> <span class="pl-en">f</span> <span class="pl-en">s2</span><span class="pl-c1">)))</span>
+             <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+      <span class="pl-c1">=</span> <span class="pl-k">if</span> <span class="pl-en">length</span> <span class="pl-en">s1</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s2</span> <span class="pl-k">then</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">equal</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span>
+        <span class="pl-k">else</span>
+          <span class="pl-k">let</span> <span class="pl-en">s2_prefix</span><span class="pl-c1">,</span> <span class="pl-en">s2_last</span> <span class="pl-c1">=</span> <span class="pl-en">un_snoc</span> <span class="pl-en">s2</span> <span class="pl-k">in</span>
+          <span class="pl-en">collect_grows_aux</span> <span class="pl-en">f</span> <span class="pl-en">s1</span> <span class="pl-en">s2_prefix</span>
+    <span class="pl-k">in</span>
+    <span class="pl-smi">Classical.</span><span class="pl-en">arrow_to_impl</span> <span class="pl-c1">#(</span><span class="pl-en">grows</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">#(</span><span class="pl-en">grows</span> <span class="pl-c1">(</span><span class="pl-en">collect</span> <span class="pl-en">f</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">collect</span> <span class="pl-en">f</span> <span class="pl-en">s2</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">collect_grows_aux</span> <span class="pl-en">f</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">collect_prefix</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+           <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">m_rref</span> <span class="pl-en">i</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">grows</span><span class="pl-c1">)</span>
+           <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+           <span class="pl-c1">(</span><span class="pl-en">bs</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+           <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">grows</span> <span class="pl-en">bs</span> <span class="pl-c1">(</span><span class="pl-en">collect</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">r</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">collect_prefix_stable</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">m_rref</span> <span class="pl-en">i</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">grows</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">bs</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">stable_on_t</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">collect_prefix</span> <span class="pl-en">r</span> <span class="pl-en">f</span> <span class="pl-en">bs</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-en">aux</span> <span class="pl-c1">:</span> <span class="pl-en">h0</span><span class="pl-c1">:</span><span class="pl-en">mem</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">h1</span><span class="pl-c1">:</span><span class="pl-en">mem</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+      <span class="pl-c1">(</span><span class="pl-en">collect_prefix</span> <span class="pl-en">r</span> <span class="pl-en">f</span> <span class="pl-en">bs</span> <span class="pl-en">h0</span>
+       <span class="pl-c1">/\</span> <span class="pl-en">grows</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h0</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h1</span> <span class="pl-en">r</span><span class="pl-c1">)</span>
+       <span class="pl-c1">==&gt;</span> <span class="pl-en">collect_prefix</span> <span class="pl-en">r</span> <span class="pl-en">f</span> <span class="pl-en">bs</span> <span class="pl-en">h1</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+      <span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-k">let</span> <span class="pl-en">s1</span> <span class="pl-c1">=</span> <span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h0</span> <span class="pl-en">r</span> <span class="pl-k">in</span>
+      <span class="pl-k">let</span> <span class="pl-en">s3</span> <span class="pl-c1">=</span> <span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h1</span> <span class="pl-en">r</span> <span class="pl-k">in</span>
+      <span class="pl-en">collect_grows</span> <span class="pl-en">f</span> <span class="pl-en">s1</span> <span class="pl-en">s3</span>
+    <span class="pl-k">in</span>
+    <span class="pl-en">forall_intro_2</span> <span class="pl-en">aux</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">collect_has_at_index</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+             <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">m_rref</span> <span class="pl-en">i</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">grows</span><span class="pl-c1">)</span>
+             <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+             <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">r</span> <span class="pl-k">in</span>
+    <span class="pl-en">n</span> &lt; <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">collect</span> <span class="pl-en">f</span> <span class="pl-en">s</span><span class="pl-c1">)</span>
+  <span class="pl-c1">/\</span> <span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">collect</span> <span class="pl-en">f</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">n</span> <span class="pl-c1">==</span> <span class="pl-en">v</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">collect_has_at_index_stable</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span>
+                <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">m_rref</span> <span class="pl-en">i</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">grows</span><span class="pl-c1">)</span>
+                <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">stable_on_t</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">collect_has_at_index</span> <span class="pl-en">r</span> <span class="pl-en">f</span> <span class="pl-en">n</span> <span class="pl-en">v</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-en">reveal_opaque</span> <span class="pl-c1">(`</span>%<span class="pl-en">grows</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">grows</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">);</span>
+    <span class="pl-smi">Classical.</span><span class="pl-en">forall_intro_2</span> <span class="pl-c1">(</span><span class="pl-en">collect_grows</span> <span class="pl-en">f</span><span class="pl-c1">)</span></pre></div>
+<p>//////////////////////////////////////////////////////////////////////////////
+Monotonic sequence numbers, bounded by the length of a log
+//////////////////////////////////////////////////////////////////////////////
+17-01-05 the simpler variant, with an historic name; consider using uniform names below.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">log_t</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-en">m_rref</span> <span class="pl-en">i</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">grows</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">increases</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:int)</span> <span class="pl-c1">=</span> <span class="pl-en">b2t</span> <span class="pl-c1">(</span><span class="pl-en">x</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">at_most_log_len</span> <span class="pl-c1">(#</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">log</span><span class="pl-c1">:</span><span class="pl-en">log_t</span> <span class="pl-en">l</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-en">mem</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span>
+    <span class="pl-c1">=</span> <span class="pl-k">fun</span> <span class="pl-en">h</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span> &lt;<span class="pl-c1">=</span> <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">log</span><span class="pl-c1">)</span></pre></div>
+<p>Note: we may want int seqn, instead of nat seqn
+because the handshake uses an initial value of -1</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">seqn_val</span> <span class="pl-c1">(#</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">log</span><span class="pl-c1">:</span><span class="pl-en">log_t</span> <span class="pl-en">l</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">max</span><span class="pl-c1">:nat)</span> <span class="pl-c1">=</span>
+     <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:nat{</span><span class="pl-en">x</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">max</span> <span class="pl-c1">/\</span> <span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">at_most_log_len</span> <span class="pl-en">x</span> <span class="pl-en">log</span><span class="pl-c1">)})</span> <span class="pl-c">//never more than the length of the log</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">seqn</span> <span class="pl-c1">(#</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">log</span><span class="pl-c1">:</span><span class="pl-en">log_t</span> <span class="pl-en">l</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">max</span><span class="pl-c1">:nat)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">m_rref</span> <span class="pl-en">i</span>  <span class="pl-c">//counter in region i</span>
+         <span class="pl-c1">(</span><span class="pl-en">seqn_val</span> <span class="pl-en">i</span> <span class="pl-en">log</span> <span class="pl-en">max</span><span class="pl-c1">)</span> <span class="pl-c">//never more than the length of the log</span>
+     <span class="pl-en">increases</span> <span class="pl-c">//increasing</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">at_most_log_len_stable</span> <span class="pl-c1">(#</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">log</span><span class="pl-c1">:</span><span class="pl-en">log_t</span> <span class="pl-en">l</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">stable_on_t</span> <span class="pl-en">log</span> <span class="pl-c1">(</span><span class="pl-en">at_most_log_len</span> <span class="pl-en">x</span> <span class="pl-en">log</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-en">reveal_opaque</span> <span class="pl-c1">(`</span>%<span class="pl-en">grows</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">grows</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">new_seqn</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">max</span><span class="pl-c1">:nat)</span>
+           <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">init</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">log</span><span class="pl-c1">:</span><span class="pl-en">log_t</span> <span class="pl-en">l</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">ST</span> <span class="pl-c1">(</span><span class="pl-en">seqn</span> <span class="pl-en">i</span> <span class="pl-en">log</span> <span class="pl-en">max</span><span class="pl-c1">)</span>
+       <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h</span> <span class="pl-c1">-&gt;</span>
+           <span class="pl-c1">HST</span><span class="pl-c1">.</span><span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">region_contains_pred</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+       <span class="pl-en">init</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">max</span> <span class="pl-c1">/\</span>
+       <span class="pl-en">init</span> &lt;<span class="pl-c1">=</span> <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">log</span><span class="pl-c1">)))</span>
+       <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-en">c</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span> <span class="pl-c">//17-01-05 unify with ralloc_post?</span>
+           <span class="pl-en">modifies_one</span> <span class="pl-en">i</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span>
+           <span class="pl-en">modifies_ref</span> <span class="pl-en">i</span> <span class="pl-smi">Set.</span><span class="pl-en">empty</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span>
+           <span class="pl-en">fresh_ref</span> <span class="pl-en">c</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span>
+           <span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h1</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">init</span> <span class="pl-c1">/\</span>
+           <span class="pl-smi">FStar.Map.</span><span class="pl-en">contains</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">get_hmap</span> <span class="pl-en">h1</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-en">reveal_opaque</span> <span class="pl-c1">(`</span>%<span class="pl-en">grows</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">grows</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">);</span>
+    <span class="pl-en">recall</span> <span class="pl-en">log</span><span class="pl-c1">;</span> <span class="pl-en">recall_region</span> <span class="pl-en">i</span><span class="pl-c1">;</span>
+    <span class="pl-en">mr_witness</span> <span class="pl-en">log</span> <span class="pl-c1">(</span><span class="pl-en">at_most_log_len</span> <span class="pl-en">init</span> <span class="pl-en">log</span><span class="pl-c1">);</span>
+    <span class="pl-en">ralloc</span> <span class="pl-en">i</span> <span class="pl-en">init</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">increment_seqn</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">max</span><span class="pl-c1">:nat)</span>
+               <span class="pl-c1">(#</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">log</span><span class="pl-c1">:</span><span class="pl-en">log_t</span> <span class="pl-en">l</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">($</span><span class="pl-en">c</span><span class="pl-c1">:</span><span class="pl-en">seqn</span> <span class="pl-en">i</span> <span class="pl-en">log</span> <span class="pl-en">max</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">ST</span> <span class="pl-c1">unit</span>
+       <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-k">let</span> <span class="pl-en">log</span> <span class="pl-c1">=</span> <span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">log</span> <span class="pl-k">in</span>
+      <span class="pl-k">let</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">c</span> <span class="pl-k">in</span>
+      <span class="pl-en">n</span> &lt; <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">log</span>  <span class="pl-c1">/\</span>
+      <span class="pl-en">n</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">max</span><span class="pl-c1">))</span>
+       <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-c1">_</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">modifies_one</span> <span class="pl-en">i</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span>
+      <span class="pl-en">modifies_ref</span> <span class="pl-en">i</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">singleton</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">as_addr</span> <span class="pl-en">c</span><span class="pl-c1">))</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span>
+      <span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h1</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h0</span> <span class="pl-en">c</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-en">reveal_opaque</span> <span class="pl-c1">(`</span>%<span class="pl-en">grows</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">grows</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">);</span>
+    <span class="pl-en">recall</span> <span class="pl-en">c</span><span class="pl-c1">;</span> <span class="pl-en">recall</span> <span class="pl-en">log</span><span class="pl-c1">;</span>
+    <span class="pl-k">let</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> !<span class="pl-en">c</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span> <span class="pl-k">in</span>
+    <span class="pl-en">mr_witness</span> <span class="pl-en">log</span> <span class="pl-c1">(</span><span class="pl-en">at_most_log_len</span> <span class="pl-en">n</span> <span class="pl-en">log</span><span class="pl-c1">);</span>
+    <span class="pl-en">c</span> <span class="pl-c1">:=</span> <span class="pl-en">n</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">testify_seqn</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">log</span><span class="pl-c1">:</span><span class="pl-en">log_t</span> <span class="pl-en">l</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">max</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">ctr</span><span class="pl-c1">:</span><span class="pl-en">seqn</span> <span class="pl-en">i</span> <span class="pl-en">log</span> <span class="pl-en">max</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">ST</span> <span class="pl-c1">unit</span>
+       <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span>
+       <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-c1">_</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span>
+       <span class="pl-en">h0</span><span class="pl-c1">==</span><span class="pl-en">h1</span> <span class="pl-c1">/\</span>
+       <span class="pl-en">at_most_log_len</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h1</span> <span class="pl-en">ctr</span><span class="pl-c1">)</span> <span class="pl-en">log</span> <span class="pl-en">h1</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> !<span class="pl-en">ctr</span> <span class="pl-k">in</span>
+    <span class="pl-en">testify</span> <span class="pl-c1">(</span><span class="pl-en">at_most_log_len</span> <span class="pl-en">n</span> <span class="pl-en">log</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">test</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">rid</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">log</span><span class="pl-c1">:</span><span class="pl-en">log_t</span> <span class="pl-en">l</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c">//(p:(nat -&gt; Type))</span>
+         <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">seqn</span> <span class="pl-en">i</span> <span class="pl-en">log</span> <span class="pl-c1">8</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">mem</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">r</span> <span class="pl-c1">=</span> <span class="pl-smi">Heap.</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-smi">FStar.Map.</span><span class="pl-en">sel</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">get_hmap</span> <span class="pl-en">h</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">HS.</span><span class="pl-en">as_ref</span> <span class="pl-en">r</span><span class="pl-c1">))</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Monotonic.Witnessed.html b/docs/FStar.Monotonic.Witnessed.html
index a9b0637..3f55596 100644
--- a/docs/FStar.Monotonic.Witnessed.html
+++ b/docs/FStar.Monotonic.Witnessed.html
@@ -1,16 +1,70 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Monotonic.Witnessed</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.monotonic.witnessed">module FStar.Monotonic.Witnessed</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarmonotonicwitnessed" class="anchor" href="#fstarmonotonicwitnessed" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Monotonic.Witnessed</h1>
+<ul>
+<li>Opens module <a href="FStar.Preorder.html">FStar.Preorder</a>
+</li>
+</ul>
+<p>A module that defines the 'witnessed' logical capability/modality
+that is the basis of reasoning about monotonic state in F*, as
+discussed in Ahman et al.'s POPL 2018 paper "Recalling a Witness:
+Foundations and Applications of Monotonic State". Compared to the
+POPL paper, where 'witnessed' and 'witnessed_weakening' were
+simply postulated as axioms, this module defines them on top of
+a more basic hybrid modal extension of F*'s reasoning logic (see
+the corresponding fst file). Also, compared to the POPL paper, this
+module proves many additional logical properties of 'witnessed'.</p>
+<p>Witnessed modality</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@ <span class="pl-en">remove_unused_type_parameters</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">;</span> <span class="pl-c1">1</span><span class="pl-c1">;</span> <span class="pl-c1">2</span><span class="pl-c1">]]</span>
+<span class="pl-k">val</span> <span class="pl-en">witnessed</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">state</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">state</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">state</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0</span></pre></div>
+<p>Weakening for the witnessed modality</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_witnessed_weakening</span> <span class="pl-c1">:#</span><span class="pl-en">state</span><span class="pl-c1">:Type</span>
+                               <span class="pl-c1">-&gt;</span> <span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">state</span>
+                               <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">state</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0)</span>
+                               <span class="pl-c1">-&gt;</span> <span class="pl-en">q</span><span class="pl-c1">:(</span><span class="pl-en">state</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0)</span>
+                               <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">s</span><span class="pl-c1">.</span> <span class="pl-en">p</span> <span class="pl-en">s</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">q</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+                                       <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">witnessed</span> <span class="pl-en">rel</span> <span class="pl-en">p</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">witnessed</span> <span class="pl-en">rel</span> <span class="pl-en">q</span><span class="pl-c1">))</span></pre></div>
+<p>Some logical properties of the witnessed modality</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_witnessed_constant</span> <span class="pl-c1">:#</span><span class="pl-en">state</span><span class="pl-c1">:Type</span>
+                              <span class="pl-c1">-&gt;</span> <span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">state</span>
+                              <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:Type0</span>
+                              <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">witnessed</span> <span class="pl-en">rel</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">p</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_witnessed_nested</span> <span class="pl-c1">:#</span><span class="pl-en">state</span><span class="pl-c1">:Type</span>
+                            <span class="pl-c1">-&gt;</span> <span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">state</span>
+                            <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">state</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0)</span>
+                            <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">witnessed</span> <span class="pl-en">rel</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">witnessed</span> <span class="pl-en">rel</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">witnessed</span> <span class="pl-en">rel</span> <span class="pl-en">p</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_witnessed_and</span> <span class="pl-c1">:#</span><span class="pl-en">state</span><span class="pl-c1">:Type</span>
+                         <span class="pl-c1">-&gt;</span> <span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">state</span>
+                         <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">state</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0)</span>
+                         <span class="pl-c1">-&gt;</span> <span class="pl-en">q</span><span class="pl-c1">:(</span><span class="pl-en">state</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0)</span>
+                         <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">witnessed</span> <span class="pl-en">rel</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">s</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-en">s</span> <span class="pl-c1">/\</span> <span class="pl-en">q</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">(</span><span class="pl-en">witnessed</span> <span class="pl-en">rel</span> <span class="pl-en">p</span> <span class="pl-c1">/\</span> <span class="pl-en">witnessed</span> <span class="pl-en">rel</span> <span class="pl-en">q</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_witnessed_or</span> <span class="pl-c1">:#</span><span class="pl-en">state</span><span class="pl-c1">:Type</span>
+                        <span class="pl-c1">-&gt;</span> <span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">state</span>
+                        <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">state</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0)</span>
+                        <span class="pl-c1">-&gt;</span> <span class="pl-en">q</span><span class="pl-c1">:(</span><span class="pl-en">state</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0)</span>
+                        <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">witnessed</span> <span class="pl-en">rel</span> <span class="pl-en">p</span> <span class="pl-c1">\/</span> <span class="pl-en">witnessed</span> <span class="pl-en">rel</span> <span class="pl-en">q</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">witnessed</span> <span class="pl-en">rel</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">s</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-en">s</span> <span class="pl-c1">\/</span> <span class="pl-en">q</span> <span class="pl-en">s</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_witnessed_impl</span> <span class="pl-c1">:#</span><span class="pl-en">state</span><span class="pl-c1">:Type</span>
+                          <span class="pl-c1">-&gt;</span> <span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">state</span>
+                          <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">state</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0)</span>
+                          <span class="pl-c1">-&gt;</span> <span class="pl-en">q</span><span class="pl-c1">:(</span><span class="pl-en">state</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0)</span>
+                          <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">witnessed</span> <span class="pl-en">rel</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">s</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-en">s</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">q</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">witnessed</span> <span class="pl-en">rel</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">witnessed</span> <span class="pl-en">rel</span> <span class="pl-en">q</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_witnessed_forall</span> <span class="pl-c1">:#</span><span class="pl-en">state</span><span class="pl-c1">:Type</span>
+                            <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">t</span><span class="pl-c1">:Type</span>
+                            <span class="pl-c1">-&gt;</span> <span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">state</span>
+                            <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">state</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0)</span>
+                            <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">witnessed</span> <span class="pl-en">rel</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">s</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">s</span><span class="pl-c1">))</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">witnessed</span> <span class="pl-en">rel</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_witnessed_exists</span> <span class="pl-c1">:#</span><span class="pl-en">state</span><span class="pl-c1">:Type</span>
+                            <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">t</span><span class="pl-c1">:Type</span>
+                            <span class="pl-c1">-&gt;</span> <span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">state</span>
+                            <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">state</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0)</span>
+                            <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-k">exists</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">witnessed</span> <span class="pl-en">rel</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">))</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">witnessed</span> <span class="pl-en">rel</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">s</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">exists</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">s</span><span class="pl-c1">))</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Mul.html b/docs/FStar.Mul.html
index f908268..67b1bf5 100644
--- a/docs/FStar.Mul.html
+++ b/docs/FStar.Mul.html
@@ -1,16 +1,16 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Mul</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.mul">module FStar.Mul</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarmul" class="anchor" href="#fstarmul" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Mul</h1>
+<p>If we're not doing anything with tuples,
+open this module to let '*' be multiplication</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Star</span> <span class="pl-c1">=</span> <span class="pl-smi">Prims.</span><span class="pl-en">op_Multiply</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Option.html b/docs/FStar.Option.html
index cd3703b..96c39b4 100644
--- a/docs/FStar.Option.html
+++ b/docs/FStar.Option.html
@@ -1,16 +1,46 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Option</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.option">module FStar.Option</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstaroption" class="anchor" href="#fstaroption" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Option</h1>
+<ul>
+<li>Opens module <a href="FStar.All.html">FStar.All</a>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">inline_for_extraction</span>
+<span class="pl-k">val</span> <span class="pl-en">isNone</span><span class="pl-c1">:</span> <span class="pl-en">option</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span>
+<span class="pl-k">inline_for_extraction</span>
+<span class="pl-k">let</span> <span class="pl-en">isNone</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">true</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">false</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">inline_for_extraction</span>
+<span class="pl-k">val</span> <span class="pl-en">isSome</span><span class="pl-c1">:</span> <span class="pl-en">option</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span>
+<span class="pl-k">inline_for_extraction</span>
+<span class="pl-k">let</span> <span class="pl-en">isSome</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">true</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">false</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">inline_for_extraction</span>
+<span class="pl-k">val</span> <span class="pl-en">map</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">option</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-c1">(</span><span class="pl-en">option</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span>
+<span class="pl-k">inline_for_extraction</span>
+<span class="pl-k">let</span> <span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Some</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">None</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">inline_for_extraction</span>
+<span class="pl-k">val</span> <span class="pl-en">mapTot</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">option</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">option</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span>
+<span class="pl-k">inline_for_extraction</span>
+<span class="pl-k">let</span> <span class="pl-en">mapTot</span> <span class="pl-en">f</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Some</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">None</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">inline_for_extraction</span>
+<span class="pl-k">val</span> <span class="pl-en">get</span><span class="pl-c1">:</span> <span class="pl-en">option</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ML</span> <span class="pl-smi">'a</span>
+<span class="pl-k">let</span> <span class="pl-en">get</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">failwith</span> <span class="pl-s"><span class="pl-pds">"</span>empty option<span class="pl-pds">"</span></span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.OrdSetProps.html b/docs/FStar.OrdSetProps.html
index 6939500..94d933f 100644
--- a/docs/FStar.OrdSetProps.html
+++ b/docs/FStar.OrdSetProps.html
@@ -1,16 +1,43 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.OrdSetProps</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.ordsetprops">module FStar.OrdSetProps</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarordsetprops" class="anchor" href="#fstarordsetprops" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.OrdSetProps</h1>
+<ul>
+<li>Opens module <a href="FStar.OrdSet.html">FStar.OrdSet</a>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">fold</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">cmp</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">ordset</span> <span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span>
+          <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">fold</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">#</span><span class="pl-en">f</span> <span class="pl-en">g</span> <span class="pl-en">s</span> <span class="pl-en">x</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-en">empty</span> <span class="pl-k">then</span> <span class="pl-en">x</span>
+  <span class="pl-k">else</span>
+    <span class="pl-k">let</span> <span class="pl-c1">Some</span> <span class="pl-en">e</span> <span class="pl-c1">=</span> <span class="pl-en">choose</span> <span class="pl-en">s</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">a_rest</span> <span class="pl-c1">=</span> <span class="pl-en">fold</span> <span class="pl-en">g</span> <span class="pl-c1">(</span><span class="pl-en">remove</span> <span class="pl-en">e</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">x</span> <span class="pl-k">in</span>
+    <span class="pl-en">g</span> <span class="pl-en">e</span> <span class="pl-en">a_rest</span></pre></div>
+<hr>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">insert</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(#</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">cmp</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">ordset</span> <span class="pl-en">a</span> <span class="pl-en">f</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">union</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">singleton</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-en">s</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">union'</span><span class="pl-c1">:#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">cmp</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">ordset</span> <span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">ordset</span> <span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">ordset</span> <span class="pl-en">a</span> <span class="pl-en">f</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">union'</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">#</span><span class="pl-en">f</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span> <span class="pl-c1">=</span> <span class="pl-en">fold</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">e</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">ordset</span> <span class="pl-en">a</span> <span class="pl-en">f</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">insert</span> <span class="pl-en">e</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">union_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">cmp</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">ordset</span> <span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">ordset</span> <span class="pl-en">a</span> <span class="pl-en">f</span>
+                 <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">True</span><span class="pl-c1">))</span>
+                    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">union</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">union'</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)))</span>
+                    <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-en">s1</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">union_lemma</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">#</span><span class="pl-en">f</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">s1</span> <span class="pl-c1">=</span> <span class="pl-en">empty</span> <span class="pl-k">then</span> <span class="pl-c1">()</span>
+  <span class="pl-k">else</span>
+    <span class="pl-en">union_lemma</span> <span class="pl-c1">(</span><span class="pl-en">remove</span> <span class="pl-c1">(</span><span class="pl-c1">Some</span><span class="pl-c1">?.</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">choose</span> <span class="pl-en">s1</span><span class="pl-c1">))</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-en">s2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">union_lemma'</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">cmp</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">ordset</span> <span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">ordset</span> <span class="pl-en">a</span> <span class="pl-en">f</span>
+                  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">True</span><span class="pl-c1">))</span>
+                     <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">union</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span> <span class="pl-c1">=</span> <span class="pl-en">union'</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">union_lemma'</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">#</span><span class="pl-en">f</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span> <span class="pl-c1">=</span>
+  <span class="pl-en">union_lemma</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">;</span>
+  <span class="pl-en">eq_lemma</span> <span class="pl-c1">(</span><span class="pl-en">union</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">union'</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Order.html b/docs/FStar.Order.html
index 7c6ecbf..966dad4 100644
--- a/docs/FStar.Order.html
+++ b/docs/FStar.Order.html
@@ -1,16 +1,61 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Order</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.order">module FStar.Order</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarorder" class="anchor" href="#fstarorder" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Order</h1>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">order</span> <span class="pl-c1">=</span> <span class="pl-c1">|</span> <span class="pl-c1">Lt</span> <span class="pl-c1">|</span> <span class="pl-c1">Eq</span> <span class="pl-c1">|</span> <span class="pl-c1">Gt</span></pre></div>
+<p>Some derived checks</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">ge</span> <span class="pl-c1">:</span> <span class="pl-en">order</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">bool</span>
+<span class="pl-k">let</span> <span class="pl-en">ge</span> <span class="pl-en">o</span> <span class="pl-c1">=</span> <span class="pl-en">o</span> &lt;&gt; <span class="pl-c1">Lt</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">le</span> <span class="pl-c1">:</span> <span class="pl-en">order</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">bool</span>
+<span class="pl-k">let</span> <span class="pl-en">le</span> <span class="pl-en">o</span> <span class="pl-c1">=</span> <span class="pl-en">o</span> &lt;&gt; <span class="pl-c1">Gt</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">ne</span> <span class="pl-c1">:</span> <span class="pl-en">order</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">bool</span>
+<span class="pl-k">let</span> <span class="pl-en">ne</span> <span class="pl-en">o</span> <span class="pl-c1">=</span> <span class="pl-en">o</span> &lt;&gt; <span class="pl-c1">Eq</span></pre></div>
+<p>Just for completeness and consistency...</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">gt</span> <span class="pl-c1">:</span> <span class="pl-en">order</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">bool</span>
+<span class="pl-k">let</span> <span class="pl-en">gt</span> <span class="pl-en">o</span> <span class="pl-c1">=</span> <span class="pl-en">o</span> <span class="pl-c1">=</span> <span class="pl-c1">Gt</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lt</span> <span class="pl-c1">:</span> <span class="pl-en">order</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">bool</span>
+<span class="pl-k">let</span> <span class="pl-en">lt</span> <span class="pl-en">o</span> <span class="pl-c1">=</span> <span class="pl-en">o</span> <span class="pl-c1">=</span> <span class="pl-c1">Lt</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">eq</span> <span class="pl-c1">:</span> <span class="pl-en">order</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">bool</span>
+<span class="pl-k">let</span> <span class="pl-en">eq</span> <span class="pl-en">o</span> <span class="pl-c1">=</span> <span class="pl-en">o</span> <span class="pl-c1">=</span> <span class="pl-c1">Eq</span></pre></div>
+<p>Lexicographical combination, thunked to be lazy</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lex</span> <span class="pl-c1">:</span> <span class="pl-en">order</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">order</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">order</span>
+<span class="pl-k">let</span> <span class="pl-en">lex</span> <span class="pl-en">o1</span> <span class="pl-en">o2</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">o1</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Lt</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Eq</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">o2</span> <span class="pl-c1">()</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Gt</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Gt</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">order_from_int</span> <span class="pl-c1">:</span> <span class="pl-c1">int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">order</span>
+<span class="pl-k">let</span> <span class="pl-en">order_from_int</span> <span class="pl-en">i</span> <span class="pl-c1">=</span>
+    <span class="pl-k">if</span> <span class="pl-en">i</span> &lt; <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-c1">Lt</span>
+    <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-c1">Eq</span>
+    <span class="pl-k">else</span> <span class="pl-c1">Gt</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">int_of_order</span> <span class="pl-c1">:</span> <span class="pl-en">order</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">int</span>
+<span class="pl-k">let</span> <span class="pl-en">int_of_order</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Lt</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(-</span><span class="pl-c1">1</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Eq</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">0</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Gt</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">1</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">compare_int</span> <span class="pl-c1">:</span> <span class="pl-c1">int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">order</span>
+<span class="pl-k">let</span> <span class="pl-en">compare_int</span> <span class="pl-en">i</span> <span class="pl-en">j</span> <span class="pl-c1">=</span> <span class="pl-en">order_from_int</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">-</span> <span class="pl-en">j</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">compare_list</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">order</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">order</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">compare_list</span> <span class="pl-en">f</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">l2</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[],</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Eq</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[],</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Gt</span>
+    <span class="pl-c1">|</span> <span class="pl-en">x</span><span class="pl-c1">::</span><span class="pl-en">xs</span><span class="pl-c1">,</span> <span class="pl-en">y</span><span class="pl-c1">::</span><span class="pl-en">ys</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">lex</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">compare_list</span> <span class="pl-en">f</span> <span class="pl-en">xs</span> <span class="pl-en">ys</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">compare_option</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">order</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">option</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">option</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">order</span>
+<span class="pl-k">let</span> <span class="pl-en">compare_option</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-en">y</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">None</span>   <span class="pl-c1">,</span> <span class="pl-c1">None</span>   <span class="pl-c1">-&gt;</span> <span class="pl-c1">Eq</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">None</span>   <span class="pl-c1">,</span> <span class="pl-c1">Some</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-c1">_</span> <span class="pl-c1">,</span> <span class="pl-c1">None</span>   <span class="pl-c1">-&gt;</span> <span class="pl-c1">Gt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">x</span> <span class="pl-c1">,</span> <span class="pl-c1">Some</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">y</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.PCM.html b/docs/FStar.PCM.html
new file mode 100644
index 0000000..ac5db3a
--- /dev/null
+++ b/docs/FStar.PCM.html
@@ -0,0 +1,248 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+  <title>FStar.PCM</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
+</head>
+<body>
+<h1>
+<a id="user-content-fstarpcm" class="anchor" href="#fstarpcm" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.PCM</h1>
+<p>Copyright 2020 Microsoft Research</p>
+<p>Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at</p>
+<pre><code>http://www.apache.org/licenses/LICENSE-2.0
+</code></pre>
+<p>Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.</p>
+<blockquote>
+<p>This module defines the partial commutative monoid (PCM) algebraic structure, as well as helper
+predicates and functions to manipulate PCMs.</p>
+</blockquote>
+<h2>
+<a id="user-content-base-definitions" class="anchor" href="#base-definitions" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Base definitions</h2>
+<h4>
+<a id="user-content-symrel" class="anchor" href="#symrel" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>symrel</h4>
+<p>A symmetric relation</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">symrel</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">c</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">prop</span><span class="pl-c1">)</span> <span class="pl-c1">{</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">.</span> <span class="pl-en">c</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">c</span> <span class="pl-en">y</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">}</span></pre></div>
+<h4>
+<a id="user-content-pcm" class="anchor" href="#pcm" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>pcm'</h4>
+<p><a href="#pcm'"><code>pcm'</code></a> is a magma, the base for the partial commutative monoid</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">noeq</span>
+<span class="pl-k">type</span> <span class="pl-en">pcm'</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">{</span>
+  <span class="pl-en">composable</span><span class="pl-c1">:</span> <span class="pl-en">symrel</span> <span class="pl-en">a</span><span class="pl-c1">;</span>
+  <span class="pl-en">op</span><span class="pl-c1">:</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">composable</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">;</span>
+  <span class="pl-en">one</span><span class="pl-c1">:</span><span class="pl-en">a</span>
+<span class="pl-c1">}</span></pre></div>
+<h4>
+<a id="user-content-lem_commutative" class="anchor" href="#lem_commutative" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lem_commutative</h4>
+<p>The type of a commutativity property</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lem_commutative</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">pcm'</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">composable</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">op</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">op</span> <span class="pl-en">y</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-lem_assoc_l" class="anchor" href="#lem_assoc_l" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lem_assoc_l</h4>
+<p>The type of a left-associativity property</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lem_assoc_l</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">pcm'</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">z</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">composable</span> <span class="pl-en">y</span> <span class="pl-en">z</span> <span class="pl-c1">/\</span> <span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">composable</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">op</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">)}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">composable</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">/\</span>
+         <span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">composable</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">op</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-en">z</span> <span class="pl-c1">/\</span>
+         <span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">op</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">op</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">op</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">op</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-en">z</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-lem_assoc_r" class="anchor" href="#lem_assoc_r" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lem_assoc_r</h4>
+<p>The type of a right-associativity property</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lem_assoc_r</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">pcm'</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">z</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">{</span><span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">composable</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">/\</span>
+       <span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">composable</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">op</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-en">z</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span>
+      <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">composable</span> <span class="pl-en">y</span> <span class="pl-en">z</span> <span class="pl-c1">/\</span>
+       <span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">composable</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">op</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+       <span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">op</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">op</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">op</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">op</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-en">z</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-lem_is_unit" class="anchor" href="#lem_is_unit" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lem_is_unit</h4>
+<p>The type of the property characterizing the unit element of the monoid</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lem_is_unit</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">pcm'</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">composable</span> <span class="pl-en">x</span> <span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">one</span> <span class="pl-c1">/\</span>
+         <span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">op</span> <span class="pl-en">x</span> <span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">one</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-pcm-1" class="anchor" href="#pcm-1" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>pcm</h4>
+<p>Main type describing partial commutative monoids</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">noeq</span>
+<span class="pl-k">type</span> <span class="pl-en">pcm</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">{</span>
+  <span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">pcm'</span> <span class="pl-en">a</span><span class="pl-c1">;</span>
+  <span class="pl-en">comm</span><span class="pl-c1">:</span><span class="pl-en">lem_commutative</span> <span class="pl-en">p</span><span class="pl-c1">;</span>
+  <span class="pl-en">assoc</span><span class="pl-c1">:</span> <span class="pl-en">lem_assoc_l</span> <span class="pl-en">p</span><span class="pl-c1">;</span>
+  <span class="pl-en">assoc_r</span><span class="pl-c1">:</span> <span class="pl-en">lem_assoc_r</span> <span class="pl-en">p</span><span class="pl-c1">;</span>
+  <span class="pl-en">is_unit</span><span class="pl-c1">:</span> <span class="pl-en">lem_is_unit</span> <span class="pl-en">p</span><span class="pl-c1">;</span>
+  <span class="pl-en">refine</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">prop</span>
+<span class="pl-c1">}</span></pre></div>
+<h2>
+<a id="user-content-derived-predicates" class="anchor" href="#derived-predicates" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Derived predicates</h2>
+<h4>
+<a id="user-content-composable" class="anchor" href="#composable" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>composable</h4>
+<p>Returns the composable predicate of the PCM</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">composable</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">pcm</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">composable</span> <span class="pl-en">x</span> <span class="pl-en">y</span></pre></div>
+<h4>
+<a id="user-content-op" class="anchor" href="#op" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>op</h4>
+<p>Calls the operation of the PCM</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">op</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">pcm</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">composable</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">})</span> <span class="pl-c1">=</span> <span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">op</span> <span class="pl-en">x</span> <span class="pl-en">y</span></pre></div>
+<h4>
+<a id="user-content-compatible" class="anchor" href="#compatible" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>compatible</h4>
+<p>Two elements <code>x</code> and <code>y</code> are compatible with respect to a PCM if their substraction
+is well-defined, e.g. if there exists an element <code>frame</code> such that <code>x * z = y</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">compatible</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">pcm</span><span class="pl-c1">:</span><span class="pl-en">pcm</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-c1">(</span><span class="pl-en">frame</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).</span>
+    <span class="pl-en">composable</span> <span class="pl-en">pcm</span> <span class="pl-en">x</span> <span class="pl-en">frame</span> <span class="pl-c1">/\</span> <span class="pl-en">op</span> <span class="pl-en">pcm</span> <span class="pl-en">frame</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">y</span>
+  <span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-compatible_refl" class="anchor" href="#compatible_refl" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>compatible_refl</h4>
+<p>Compatibility is reflexive</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">compatible_refl</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">pcm</span><span class="pl-c1">:</span><span class="pl-en">pcm</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">compatible</span> <span class="pl-en">pcm</span> <span class="pl-en">x</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span>
+  <span class="pl-en">pcm</span><span class="pl-c1">.</span><span class="pl-en">is_unit</span> <span class="pl-en">x</span><span class="pl-c1">;</span>
+  <span class="pl-en">pcm</span><span class="pl-c1">.</span><span class="pl-en">comm</span> <span class="pl-en">x</span> <span class="pl-en">pcm</span><span class="pl-c1">.</span><span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">one</span><span class="pl-c1">;</span>
+  <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">op</span> <span class="pl-en">pcm</span> <span class="pl-en">pcm</span><span class="pl-c1">.</span><span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">one</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-compatible_trans" class="anchor" href="#compatible_trans" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>compatible_trans</h4>
+<p>Compatibility is transitive</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">compatible_trans</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">pcm</span><span class="pl-c1">:</span><span class="pl-en">pcm</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">compatible</span> <span class="pl-en">pcm</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">/\</span> <span class="pl-en">compatible</span> <span class="pl-en">pcm</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">))</span>
+          <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">compatible</span> <span class="pl-en">pcm</span> <span class="pl-en">x</span> <span class="pl-en">z</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-smi">Classical.</span><span class="pl-en">forall_intro_3</span> <span class="pl-en">pcm</span><span class="pl-c1">.</span><span class="pl-en">assoc</span></pre></div>
+<h4>
+<a id="user-content-compatible_elim" class="anchor" href="#compatible_elim" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>compatible_elim</h4>
+<p>Helper function to get access to the existentially quantified frame between two compatible
+elements</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">compatible_elim</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">pcm</span><span class="pl-c1">:</span><span class="pl-en">pcm</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">goal</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">lemma</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">frame</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">composable</span> <span class="pl-en">pcm</span> <span class="pl-en">x</span> <span class="pl-en">frame</span> <span class="pl-c1">/\</span> <span class="pl-en">op</span> <span class="pl-en">pcm</span> <span class="pl-en">frame</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">y</span><span class="pl-c1">})</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">goal</span><span class="pl-c1">)</span>
+  <span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">compatible</span> <span class="pl-en">pcm</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">goal</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span>
+  <span class="pl-smi">Classical.</span><span class="pl-en">exists_elim</span>
+    <span class="pl-en">goal</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#(</span><span class="pl-k">fun</span> <span class="pl-en">frame</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">composable</span> <span class="pl-en">pcm</span> <span class="pl-en">x</span> <span class="pl-en">frame</span> <span class="pl-c1">/\</span> <span class="pl-en">op</span> <span class="pl-en">pcm</span> <span class="pl-en">frame</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">()</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">frame</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">lemma</span> <span class="pl-en">frame</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">compatible_intro</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">pcm</span><span class="pl-c1">:</span><span class="pl-en">pcm</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">frame</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">composable</span> <span class="pl-en">pcm</span> <span class="pl-en">x</span> <span class="pl-en">frame</span> <span class="pl-c1">/\</span> <span class="pl-en">op</span> <span class="pl-en">pcm</span> <span class="pl-en">frame</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">y</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">compatible</span> <span class="pl-en">pcm</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<h4>
+<a id="user-content-joinable" class="anchor" href="#joinable" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>joinable</h4>
+<p>Two elements are joinable when they can evolve to a common point.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">joinable</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">pcm</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">prop</span> <span class="pl-c1">=</span>
+  <span class="pl-k">exists</span> <span class="pl-en">z</span><span class="pl-c1">.</span> <span class="pl-en">compatible</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">z</span> <span class="pl-c1">/\</span> <span class="pl-en">compatible</span> <span class="pl-en">p</span> <span class="pl-en">y</span> <span class="pl-en">z</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">frame_compatible</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">pcm</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-smi">FStar.Ghost.</span><span class="pl-en">erased</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">frame</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-c1">{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">composable</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">frame</span><span class="pl-c1">)}</span>
+            <span class="pl-en">composable</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">frame</span> <span class="pl-c1">/\</span>
+            <span class="pl-en">v</span> <span class="pl-c1">==</span> <span class="pl-en">op</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">frame</span> <span class="pl-c1">==&gt;</span>
+            <span class="pl-en">composable</span> <span class="pl-en">p</span> <span class="pl-en">y</span> <span class="pl-en">frame</span> <span class="pl-c1">/\</span>
+            <span class="pl-en">v</span> <span class="pl-c1">==</span> <span class="pl-en">op</span> <span class="pl-en">p</span> <span class="pl-en">y</span> <span class="pl-en">frame</span><span class="pl-c1">)</span></pre></div>
+<ul>
+<li>Frame preserving updates from x to y</li>
+<li>
+<ul>
+<li>should preserve all frames,</li>
+</ul>
+</li>
+<li>
+<ul>
+<li>and a frame containing rest of the PCM value should continue to do so</li>
+</ul>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">frame_preserving_upd</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">pcm</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">{</span>
+    <span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">refine</span> <span class="pl-en">v</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">compatible</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">v</span>
+  <span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">v_new</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">{</span>
+    <span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">refine</span> <span class="pl-en">v_new</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">compatible</span> <span class="pl-en">p</span> <span class="pl-en">y</span> <span class="pl-en">v_new</span> <span class="pl-c1">/\</span>
+    <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">frame</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">composable</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">frame</span><span class="pl-c1">}).{:pattern</span> <span class="pl-en">composable</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">frame</span><span class="pl-c1">}</span>
+       <span class="pl-en">composable</span> <span class="pl-en">p</span> <span class="pl-en">y</span> <span class="pl-en">frame</span> <span class="pl-c1">/\</span>
+       <span class="pl-c1">(</span><span class="pl-en">op</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">frame</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">op</span> <span class="pl-en">p</span> <span class="pl-en">y</span> <span class="pl-en">frame</span> <span class="pl-c1">==</span> <span class="pl-en">v_new</span><span class="pl-c1">))}</span></pre></div>
+<ul>
+<li>A specific case of frame preserving updates when y is a refined value</li>
+<li>
+</li>
+<li>All the frames of x should compose with--and the composition should result in--y</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">frame_preserving</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">pcm</span><span class="pl-c1">:</span><span class="pl-en">pcm</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">frame</span><span class="pl-c1">.</span> <span class="pl-en">composable</span> <span class="pl-en">pcm</span> <span class="pl-en">frame</span> <span class="pl-en">x</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">composable</span> <span class="pl-en">pcm</span> <span class="pl-en">frame</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+    <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">frame</span><span class="pl-c1">.{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">composable</span> <span class="pl-en">pcm</span> <span class="pl-en">frame</span> <span class="pl-en">x</span><span class="pl-c1">)}</span> <span class="pl-en">composable</span> <span class="pl-en">pcm</span> <span class="pl-en">frame</span> <span class="pl-en">x</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">op</span> <span class="pl-en">pcm</span> <span class="pl-en">frame</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<ul>
+<li>As expected, given frame_preserving, we can construct a frame_preserving_update</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">frame_preserving_val_to_fp_upd</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">pcm</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-c1">Ghost</span><span class="pl-c1">.</span><span class="pl-en">erased</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">frame_preserving</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">v</span> <span class="pl-c1">/\</span> <span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">refine</span> <span class="pl-en">v</span><span class="pl-c1">})</span>
+  <span class="pl-c1">:</span> <span class="pl-en">frame_preserving_upd</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">v</span>
+  <span class="pl-c1">=</span> <span class="pl-smi">Classical.</span><span class="pl-en">forall_intro</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">comm</span> <span class="pl-en">v</span><span class="pl-c1">);</span>
+    <span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span></pre></div>
+<h4>
+<a id="user-content-exclusive" class="anchor" href="#exclusive" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>exclusive</h4>
+<p>The PCM <code>p</code> is exclusive to element <code>x</code> if the only element composable with <code>x</code> is <code>p.one</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">exclusive</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">pcm</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">frame</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-en">composable</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">frame</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">frame</span> <span class="pl-c1">==</span> <span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">one</span></pre></div>
+<h4>
+<a id="user-content-exclusive_is_frame_preserving" class="anchor" href="#exclusive_is_frame_preserving" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>exclusive_is_frame_preserving</h4>
+<p>A mutation from <code>x</code> to <code>p.one</code> is frame preserving if <code>p</code> is exclusive to <code>x</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">exclusive_is_frame_preserving</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">pcm</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">exclusive</span> <span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+          <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">frame_preserving</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">one</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">is_unit</span> <span class="pl-en">x</span><span class="pl-c1">;</span>
+    <span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">is_unit</span> <span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">one</span></pre></div>
+<p>Some sanity checks on the definition of frame preserving updates</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">no_op_is_frame_preserving</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">pcm</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-en">frame_preserving_upd</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">x</span>
+  <span class="pl-c1">=</span> <span class="pl-k">fun</span> <span class="pl-en">v</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">compose_frame_preserving_updates</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">pcm</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">frame_preserving_upd</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">g</span><span class="pl-c1">:</span><span class="pl-en">frame_preserving_upd</span> <span class="pl-en">p</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-en">frame_preserving_upd</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">z</span>
+  <span class="pl-c1">=</span> <span class="pl-k">fun</span> <span class="pl-en">v</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">g</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">v</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">frame_preserving_subframe</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">pcm</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">subframe</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">composable</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">subframe</span> <span class="pl-c1">/\</span> <span class="pl-en">composable</span> <span class="pl-en">p</span> <span class="pl-en">y</span> <span class="pl-en">subframe</span><span class="pl-c1">})</span>
+  <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">frame_preserving_upd</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-en">frame_preserving_upd</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-en">op</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">subframe</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">op</span> <span class="pl-en">p</span> <span class="pl-en">y</span> <span class="pl-en">subframe</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-k">fun</span> <span class="pl-en">v</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">compatible_elim</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-en">op</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">subframe</span><span class="pl-c1">)</span> <span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">compatible</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">frame</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">comm</span> <span class="pl-en">x</span> <span class="pl-en">subframe</span><span class="pl-c1">;</span>
+      <span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">assoc</span> <span class="pl-en">frame</span> <span class="pl-en">subframe</span> <span class="pl-en">x</span><span class="pl-c1">);</span>
+    <span class="pl-k">let</span> <span class="pl-en">w</span> <span class="pl-c1">=</span> <span class="pl-en">f</span> <span class="pl-en">v</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">aux</span> <span class="pl-c1">(</span><span class="pl-en">frame</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">composable</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-en">op</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">subframe</span><span class="pl-c1">)</span> <span class="pl-en">frame</span><span class="pl-c1">}):</span>
+      <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">composable</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-en">op</span> <span class="pl-en">p</span> <span class="pl-en">y</span> <span class="pl-en">subframe</span><span class="pl-c1">)</span> <span class="pl-en">frame</span> <span class="pl-c1">/\</span>
+             <span class="pl-c1">(</span><span class="pl-en">op</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-en">op</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">subframe</span><span class="pl-c1">)</span> <span class="pl-en">frame</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">op</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-en">op</span> <span class="pl-en">p</span> <span class="pl-en">y</span> <span class="pl-en">subframe</span><span class="pl-c1">)</span> <span class="pl-en">frame</span> <span class="pl-c1">==</span> <span class="pl-en">w</span><span class="pl-c1">))</span>
+             <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">composable</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-en">op</span> <span class="pl-en">p</span> <span class="pl-en">y</span> <span class="pl-en">subframe</span><span class="pl-c1">)</span> <span class="pl-en">frame</span><span class="pl-c1">)]</span>
+    <span class="pl-c1">=</span> <span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">assoc_r</span> <span class="pl-en">x</span> <span class="pl-en">subframe</span> <span class="pl-en">frame</span><span class="pl-c1">;</span>
+      <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">composable</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">op</span> <span class="pl-en">p</span> <span class="pl-en">subframe</span> <span class="pl-en">frame</span><span class="pl-c1">));</span>
+      <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">composable</span> <span class="pl-en">p</span> <span class="pl-en">y</span> <span class="pl-c1">(</span><span class="pl-en">op</span> <span class="pl-en">p</span> <span class="pl-en">subframe</span> <span class="pl-en">frame</span><span class="pl-c1">));</span>
+      <span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">assoc</span> <span class="pl-en">y</span> <span class="pl-en">subframe</span> <span class="pl-en">frame</span>
+    <span class="pl-k">in</span>
+    <span class="pl-en">compatible_elim</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-en">op</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">subframe</span><span class="pl-c1">)</span> <span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">compatible</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-en">op</span> <span class="pl-en">p</span> <span class="pl-en">y</span> <span class="pl-en">subframe</span><span class="pl-c1">)</span> <span class="pl-en">w</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">frame</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">aux</span> <span class="pl-en">frame</span><span class="pl-c1">;</span>
+      <span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">comm</span> <span class="pl-en">frame</span> <span class="pl-c1">(</span><span class="pl-en">op</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-en">subframe</span><span class="pl-c1">);</span>
+      <span class="pl-en">p</span><span class="pl-c1">.</span><span class="pl-en">comm</span> <span class="pl-c1">(</span><span class="pl-en">op</span> <span class="pl-en">p</span> <span class="pl-en">y</span> <span class="pl-en">subframe</span><span class="pl-c1">)</span> <span class="pl-en">frame</span><span class="pl-c1">);</span>
+    <span class="pl-en">w</span></pre></div>
+
+</body>
+</html>
diff --git a/docs/FStar.Pervasives.Native.html b/docs/FStar.Pervasives.Native.html
index 3b7ea5b..e837d30 100644
--- a/docs/FStar.Pervasives.Native.html
+++ b/docs/FStar.Pervasives.Native.html
@@ -1,16 +1,159 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Pervasives.Native</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.pervasives.native">module FStar.Pervasives.Native</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarpervasivesnative" class="anchor" href="#fstarpervasivesnative" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Pervasives.Native</h1>
+<p>This is a file from the core library, dependencies must be explicit</p>
+<ul>
+<li>Opens module <a href="Prims.html">Prims</a>
+</li>
+</ul>
+<blockquote>
+<p>This module is implicitly opened in the scope of all other modules.</p>
+<p>It provides several basic types in F* that enjoy some special
+status in extraction. For instance, the tuple type below is
+compiled to OCaml's tuple type, rather than to a F*-defined
+inductive type. See ulib/ml/FStar_Pervasives_Native.ml</p>
+</blockquote>
+<h4>
+<a id="user-content-option" class="anchor" href="#option" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>option</h4>
+<p><code>option a</code> represents either  <code>Some a</code>-value or a non-informative <code>None</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">option</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">:</span> <span class="pl-en">option</span> <span class="pl-en">a</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-c1">:</span> <span class="pl-en">v</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">option</span> <span class="pl-en">a</span></pre></div>
+<h2>
+<a id="user-content-tuples" class="anchor" href="#tuples" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Tuples</h2>
+<blockquote>
+<p>Aside from special support in extraction, the tuple types have
+special syntax in F*.</p>
+<p>For instance, rather than <code>tupleN a1 ... aN</code>,
+we usually write <code>a1 &amp; ... &amp; aN</code> or <code>a1 * ... * aN</code>.</p>
+<p>The latter notation is more common for those coming to F* from
+OCaml or F#. However, the <code>*</code> also clashes with the multiplication
+operator on integers define in FStar.Mul. For this reason, we now
+prefer to use the <code>&amp;</code> notation, though there are still many uses
+of <code>*</code> remaining.</p>
+<p>Tuple values are introduced using as <code>a1, ..., an</code>, rather than
+<code>MktupleN a1 ... aN</code>.</p>
+<p>We define tuples up to a fixed arity of 14. We have considered
+splitting this module into 14 different modules, one for each
+tuple type rather than eagerly including 14-tuples in the
+dependence graph of all programs.</p>
+</blockquote>
+<h4>
+<a id="user-content-tuple2" class="anchor" href="#tuple2" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>tuple2</h4>
+<p>Pairs: <code>tuple2 a b</code> is can be written either as <code>a * b</code>, for
+notation compatible with OCaml's. Or, better, as <code>a &amp; b</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">tuple2</span> <span class="pl-smi">'a</span> <span class="pl-smi">'b</span> <span class="pl-c1">=</span> <span class="pl-c1">|</span> <span class="pl-c1">Mktuple2</span> <span class="pl-c1">:</span> <span class="pl-en">_1</span><span class="pl-c1">:</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">_2</span><span class="pl-c1">:</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">tuple2</span> <span class="pl-smi">'a</span> <span class="pl-smi">'b</span></pre></div>
+<h4>
+<a id="user-content-fst" class="anchor" href="#fst" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>fst</h4>
+<p>The fst and snd projections on pairs are very common</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">fst</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">tuple2</span> <span class="pl-smi">'a</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-smi">'a</span> <span class="pl-c1">=</span> <span class="pl-c1">Mktuple2</span><span class="pl-c1">?.</span><span class="pl-en">_1</span> <span class="pl-en">x</span>
+<span class="pl-k">let</span> <span class="pl-en">snd</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">tuple2</span> <span class="pl-smi">'a</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-smi">'b</span> <span class="pl-c1">=</span> <span class="pl-c1">Mktuple2</span><span class="pl-c1">?.</span><span class="pl-en">_2</span> <span class="pl-en">x</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">tuple3</span> <span class="pl-smi">'a</span> <span class="pl-smi">'b</span> <span class="pl-smi">'c</span> <span class="pl-c1">=</span> <span class="pl-c1">|</span> <span class="pl-c1">Mktuple3</span> <span class="pl-c1">:</span> <span class="pl-en">_1</span><span class="pl-c1">:</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">_2</span><span class="pl-c1">:</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">_3</span><span class="pl-c1">:</span> <span class="pl-smi">'c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">tuple3</span> <span class="pl-smi">'a</span> <span class="pl-smi">'b</span> <span class="pl-smi">'c</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">tuple4</span> <span class="pl-smi">'a</span> <span class="pl-smi">'b</span> <span class="pl-smi">'c</span> <span class="pl-smi">'d</span> <span class="pl-c1">=</span> <span class="pl-c1">|</span> <span class="pl-c1">Mktuple4</span> <span class="pl-c1">:</span> <span class="pl-en">_1</span><span class="pl-c1">:</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">_2</span><span class="pl-c1">:</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">_3</span><span class="pl-c1">:</span> <span class="pl-smi">'c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">_4</span><span class="pl-c1">:</span> <span class="pl-smi">'d</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">tuple4</span> <span class="pl-smi">'a</span> <span class="pl-smi">'b</span> <span class="pl-smi">'c</span> <span class="pl-smi">'d</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">tuple5</span> <span class="pl-smi">'a</span> <span class="pl-smi">'b</span> <span class="pl-smi">'c</span> <span class="pl-smi">'d</span> <span class="pl-smi">'e</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Mktuple5</span> <span class="pl-c1">:</span> <span class="pl-en">_1</span><span class="pl-c1">:</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">_2</span><span class="pl-c1">:</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">_3</span><span class="pl-c1">:</span> <span class="pl-smi">'c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">_4</span><span class="pl-c1">:</span> <span class="pl-smi">'d</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">_5</span><span class="pl-c1">:</span> <span class="pl-smi">'e</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">tuple5</span> <span class="pl-smi">'a</span> <span class="pl-smi">'b</span> <span class="pl-smi">'c</span> <span class="pl-smi">'d</span> <span class="pl-smi">'e</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">tuple6</span> <span class="pl-smi">'a</span> <span class="pl-smi">'b</span> <span class="pl-smi">'c</span> <span class="pl-smi">'d</span> <span class="pl-smi">'e</span> <span class="pl-smi">'f</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Mktuple6</span> <span class="pl-c1">:</span> <span class="pl-en">_1</span><span class="pl-c1">:</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">_2</span><span class="pl-c1">:</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">_3</span><span class="pl-c1">:</span> <span class="pl-smi">'c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">_4</span><span class="pl-c1">:</span> <span class="pl-smi">'d</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">_5</span><span class="pl-c1">:</span> <span class="pl-smi">'e</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">_6</span><span class="pl-c1">:</span> <span class="pl-smi">'f</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">tuple6</span> <span class="pl-smi">'a</span> <span class="pl-smi">'b</span> <span class="pl-smi">'c</span> <span class="pl-smi">'d</span> <span class="pl-smi">'e</span> <span class="pl-smi">'f</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">tuple7</span> <span class="pl-smi">'a</span> <span class="pl-smi">'b</span> <span class="pl-smi">'c</span> <span class="pl-smi">'d</span> <span class="pl-smi">'e</span> <span class="pl-smi">'f</span> <span class="pl-smi">'g</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Mktuple7</span> <span class="pl-c1">:</span> <span class="pl-en">_1</span><span class="pl-c1">:</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">_2</span><span class="pl-c1">:</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">_3</span><span class="pl-c1">:</span> <span class="pl-smi">'c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">_4</span><span class="pl-c1">:</span> <span class="pl-smi">'d</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">_5</span><span class="pl-c1">:</span> <span class="pl-smi">'e</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">_6</span><span class="pl-c1">:</span> <span class="pl-smi">'f</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">_7</span><span class="pl-c1">:</span> <span class="pl-smi">'g</span>
+    <span class="pl-c1">-&gt;</span> <span class="pl-en">tuple7</span> <span class="pl-smi">'a</span> <span class="pl-smi">'b</span> <span class="pl-smi">'c</span> <span class="pl-smi">'d</span> <span class="pl-smi">'e</span> <span class="pl-smi">'f</span> <span class="pl-smi">'g</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">tuple8</span> <span class="pl-smi">'a</span> <span class="pl-smi">'b</span> <span class="pl-smi">'c</span> <span class="pl-smi">'d</span> <span class="pl-smi">'e</span> <span class="pl-smi">'f</span> <span class="pl-smi">'g</span> <span class="pl-smi">'h</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Mktuple8</span> <span class="pl-c1">:</span> <span class="pl-en">_1</span><span class="pl-c1">:</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">_2</span><span class="pl-c1">:</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">_3</span><span class="pl-c1">:</span> <span class="pl-smi">'c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">_4</span><span class="pl-c1">:</span> <span class="pl-smi">'d</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">_5</span><span class="pl-c1">:</span> <span class="pl-smi">'e</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">_6</span><span class="pl-c1">:</span> <span class="pl-smi">'f</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">_7</span><span class="pl-c1">:</span> <span class="pl-smi">'g</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">_8</span><span class="pl-c1">:</span> <span class="pl-smi">'h</span>
+    <span class="pl-c1">-&gt;</span> <span class="pl-en">tuple8</span> <span class="pl-smi">'a</span> <span class="pl-smi">'b</span> <span class="pl-smi">'c</span> <span class="pl-smi">'d</span> <span class="pl-smi">'e</span> <span class="pl-smi">'f</span> <span class="pl-smi">'g</span> <span class="pl-smi">'h</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">tuple9</span> <span class="pl-smi">'a</span> <span class="pl-smi">'b</span> <span class="pl-smi">'c</span> <span class="pl-smi">'d</span> <span class="pl-smi">'e</span> <span class="pl-smi">'f</span> <span class="pl-smi">'g</span> <span class="pl-smi">'h</span> <span class="pl-smi">'i</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Mktuple9</span> <span class="pl-c1">:</span>
+      <span class="pl-en">_1</span><span class="pl-c1">:</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_2</span><span class="pl-c1">:</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_3</span><span class="pl-c1">:</span> <span class="pl-smi">'c</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_4</span><span class="pl-c1">:</span> <span class="pl-smi">'d</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_5</span><span class="pl-c1">:</span> <span class="pl-smi">'e</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_6</span><span class="pl-c1">:</span> <span class="pl-smi">'f</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_7</span><span class="pl-c1">:</span> <span class="pl-smi">'g</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_8</span><span class="pl-c1">:</span> <span class="pl-smi">'h</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_9</span><span class="pl-c1">:</span> <span class="pl-smi">'i</span>
+    <span class="pl-c1">-&gt;</span> <span class="pl-en">tuple9</span> <span class="pl-smi">'a</span> <span class="pl-smi">'b</span> <span class="pl-smi">'c</span> <span class="pl-smi">'d</span> <span class="pl-smi">'e</span> <span class="pl-smi">'f</span> <span class="pl-smi">'g</span> <span class="pl-smi">'h</span> <span class="pl-smi">'i</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">tuple10</span> <span class="pl-smi">'a</span> <span class="pl-smi">'b</span> <span class="pl-smi">'c</span> <span class="pl-smi">'d</span> <span class="pl-smi">'e</span> <span class="pl-smi">'f</span> <span class="pl-smi">'g</span> <span class="pl-smi">'h</span> <span class="pl-smi">'i</span> <span class="pl-smi">'j</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Mktuple10</span> <span class="pl-c1">:</span>
+      <span class="pl-en">_1</span><span class="pl-c1">:</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_2</span><span class="pl-c1">:</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_3</span><span class="pl-c1">:</span> <span class="pl-smi">'c</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_4</span><span class="pl-c1">:</span> <span class="pl-smi">'d</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_5</span><span class="pl-c1">:</span> <span class="pl-smi">'e</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_6</span><span class="pl-c1">:</span> <span class="pl-smi">'f</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_7</span><span class="pl-c1">:</span> <span class="pl-smi">'g</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_8</span><span class="pl-c1">:</span> <span class="pl-smi">'h</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_9</span><span class="pl-c1">:</span> <span class="pl-smi">'i</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_10</span><span class="pl-c1">:</span> <span class="pl-smi">'j</span>
+    <span class="pl-c1">-&gt;</span> <span class="pl-en">tuple10</span> <span class="pl-smi">'a</span> <span class="pl-smi">'b</span> <span class="pl-smi">'c</span> <span class="pl-smi">'d</span> <span class="pl-smi">'e</span> <span class="pl-smi">'f</span> <span class="pl-smi">'g</span> <span class="pl-smi">'h</span> <span class="pl-smi">'i</span> <span class="pl-smi">'j</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">tuple11</span> <span class="pl-smi">'a</span> <span class="pl-smi">'b</span> <span class="pl-smi">'c</span> <span class="pl-smi">'d</span> <span class="pl-smi">'e</span> <span class="pl-smi">'f</span> <span class="pl-smi">'g</span> <span class="pl-smi">'h</span> <span class="pl-smi">'i</span> <span class="pl-smi">'j</span> <span class="pl-smi">'k</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Mktuple11</span> <span class="pl-c1">:</span>
+      <span class="pl-en">_1</span><span class="pl-c1">:</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_2</span><span class="pl-c1">:</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_3</span><span class="pl-c1">:</span> <span class="pl-smi">'c</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_4</span><span class="pl-c1">:</span> <span class="pl-smi">'d</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_5</span><span class="pl-c1">:</span> <span class="pl-smi">'e</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_6</span><span class="pl-c1">:</span> <span class="pl-smi">'f</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_7</span><span class="pl-c1">:</span> <span class="pl-smi">'g</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_8</span><span class="pl-c1">:</span> <span class="pl-smi">'h</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_9</span><span class="pl-c1">:</span> <span class="pl-smi">'i</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_10</span><span class="pl-c1">:</span> <span class="pl-smi">'j</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_11</span><span class="pl-c1">:</span> <span class="pl-smi">'k</span>
+    <span class="pl-c1">-&gt;</span> <span class="pl-en">tuple11</span> <span class="pl-smi">'a</span> <span class="pl-smi">'b</span> <span class="pl-smi">'c</span> <span class="pl-smi">'d</span> <span class="pl-smi">'e</span> <span class="pl-smi">'f</span> <span class="pl-smi">'g</span> <span class="pl-smi">'h</span> <span class="pl-smi">'i</span> <span class="pl-smi">'j</span> <span class="pl-smi">'k</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">tuple12</span> <span class="pl-smi">'a</span> <span class="pl-smi">'b</span> <span class="pl-smi">'c</span> <span class="pl-smi">'d</span> <span class="pl-smi">'e</span> <span class="pl-smi">'f</span> <span class="pl-smi">'g</span> <span class="pl-smi">'h</span> <span class="pl-smi">'i</span> <span class="pl-smi">'j</span> <span class="pl-smi">'k</span> <span class="pl-smi">'l</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Mktuple12</span> <span class="pl-c1">:</span>
+      <span class="pl-en">_1</span><span class="pl-c1">:</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_2</span><span class="pl-c1">:</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_3</span><span class="pl-c1">:</span> <span class="pl-smi">'c</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_4</span><span class="pl-c1">:</span> <span class="pl-smi">'d</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_5</span><span class="pl-c1">:</span> <span class="pl-smi">'e</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_6</span><span class="pl-c1">:</span> <span class="pl-smi">'f</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_7</span><span class="pl-c1">:</span> <span class="pl-smi">'g</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_8</span><span class="pl-c1">:</span> <span class="pl-smi">'h</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_9</span><span class="pl-c1">:</span> <span class="pl-smi">'i</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_10</span><span class="pl-c1">:</span> <span class="pl-smi">'j</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_11</span><span class="pl-c1">:</span> <span class="pl-smi">'k</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_12</span><span class="pl-c1">:</span> <span class="pl-smi">'l</span>
+    <span class="pl-c1">-&gt;</span> <span class="pl-en">tuple12</span> <span class="pl-smi">'a</span> <span class="pl-smi">'b</span> <span class="pl-smi">'c</span> <span class="pl-smi">'d</span> <span class="pl-smi">'e</span> <span class="pl-smi">'f</span> <span class="pl-smi">'g</span> <span class="pl-smi">'h</span> <span class="pl-smi">'i</span> <span class="pl-smi">'j</span> <span class="pl-smi">'k</span> <span class="pl-smi">'l</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">tuple13</span> <span class="pl-smi">'a</span> <span class="pl-smi">'b</span> <span class="pl-smi">'c</span> <span class="pl-smi">'d</span> <span class="pl-smi">'e</span> <span class="pl-smi">'f</span> <span class="pl-smi">'g</span> <span class="pl-smi">'h</span> <span class="pl-smi">'i</span> <span class="pl-smi">'j</span> <span class="pl-smi">'k</span> <span class="pl-smi">'l</span> <span class="pl-smi">'m</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Mktuple13</span> <span class="pl-c1">:</span>
+      <span class="pl-en">_1</span><span class="pl-c1">:</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_2</span><span class="pl-c1">:</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_3</span><span class="pl-c1">:</span> <span class="pl-smi">'c</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_4</span><span class="pl-c1">:</span> <span class="pl-smi">'d</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_5</span><span class="pl-c1">:</span> <span class="pl-smi">'e</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_6</span><span class="pl-c1">:</span> <span class="pl-smi">'f</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_7</span><span class="pl-c1">:</span> <span class="pl-smi">'g</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_8</span><span class="pl-c1">:</span> <span class="pl-smi">'h</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_9</span><span class="pl-c1">:</span> <span class="pl-smi">'i</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_10</span><span class="pl-c1">:</span> <span class="pl-smi">'j</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_11</span><span class="pl-c1">:</span> <span class="pl-smi">'k</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_12</span><span class="pl-c1">:</span> <span class="pl-smi">'l</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_13</span><span class="pl-c1">:</span> <span class="pl-smi">'m</span>
+    <span class="pl-c1">-&gt;</span> <span class="pl-en">tuple13</span> <span class="pl-smi">'a</span> <span class="pl-smi">'b</span> <span class="pl-smi">'c</span> <span class="pl-smi">'d</span> <span class="pl-smi">'e</span> <span class="pl-smi">'f</span> <span class="pl-smi">'g</span> <span class="pl-smi">'h</span> <span class="pl-smi">'i</span> <span class="pl-smi">'j</span> <span class="pl-smi">'k</span> <span class="pl-smi">'l</span> <span class="pl-smi">'m</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">tuple14</span> <span class="pl-smi">'a</span> <span class="pl-smi">'b</span> <span class="pl-smi">'c</span> <span class="pl-smi">'d</span> <span class="pl-smi">'e</span> <span class="pl-smi">'f</span> <span class="pl-smi">'g</span> <span class="pl-smi">'h</span> <span class="pl-smi">'i</span> <span class="pl-smi">'j</span> <span class="pl-smi">'k</span> <span class="pl-smi">'l</span> <span class="pl-smi">'m</span> <span class="pl-smi">'n</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Mktuple14</span> <span class="pl-c1">:</span>
+      <span class="pl-en">_1</span><span class="pl-c1">:</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_2</span><span class="pl-c1">:</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_3</span><span class="pl-c1">:</span> <span class="pl-smi">'c</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_4</span><span class="pl-c1">:</span> <span class="pl-smi">'d</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_5</span><span class="pl-c1">:</span> <span class="pl-smi">'e</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_6</span><span class="pl-c1">:</span> <span class="pl-smi">'f</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_7</span><span class="pl-c1">:</span> <span class="pl-smi">'g</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_8</span><span class="pl-c1">:</span> <span class="pl-smi">'h</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_9</span><span class="pl-c1">:</span> <span class="pl-smi">'i</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_10</span><span class="pl-c1">:</span> <span class="pl-smi">'j</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_11</span><span class="pl-c1">:</span> <span class="pl-smi">'k</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_12</span><span class="pl-c1">:</span> <span class="pl-smi">'l</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_13</span><span class="pl-c1">:</span> <span class="pl-smi">'m</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">_14</span><span class="pl-c1">:</span> <span class="pl-smi">'n</span>
+    <span class="pl-c1">-&gt;</span> <span class="pl-en">tuple14</span> <span class="pl-smi">'a</span> <span class="pl-smi">'b</span> <span class="pl-smi">'c</span> <span class="pl-smi">'d</span> <span class="pl-smi">'e</span> <span class="pl-smi">'f</span> <span class="pl-smi">'g</span> <span class="pl-smi">'h</span> <span class="pl-smi">'i</span> <span class="pl-smi">'j</span> <span class="pl-smi">'k</span> <span class="pl-smi">'l</span> <span class="pl-smi">'m</span> <span class="pl-smi">'n</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Pervasives.html b/docs/FStar.Pervasives.html
index ddac107..edbdc42 100644
--- a/docs/FStar.Pervasives.html
+++ b/docs/FStar.Pervasives.html
@@ -1,123 +1,1034 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Pervasives</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.pervasives">module FStar.Pervasives</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((expect_failure (errs:list <span class="dt">int</span>)):<span class="dt">unit</span>):()</code></pre></div>
-<p>When attached a top-level definition, the typechecker will succeed * if and only if checking the definition results in an error. The * error number list is actually OPTIONAL. If present, it will be * checked that the definition raises exactly those errors in the * specified multiplicity, but order does not matter.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((expect_lax_failure (errs:list <span class="dt">int</span>)):<span class="dt">unit</span>):()</code></pre></div>
-<p>When --lax is present, we the previous attribute since some definitions * only fail when verification is turned on. With this attribute, one can ensure * that a definition fails while lax-checking too. Same semantics as above, * but lax mode will be turned on for the definition.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> (tcdecltime:<span class="dt">unit</span>):()</code></pre></div>
-<p>Print the time it took to typecheck a top-level definition</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> (assume_strictly_positive:<span class="dt">unit</span>):()</code></pre></div>
-<ul>
-<li><strong>THIS ATTRIBUTE IS AN ESCAPE HATCH AND CAN BREAK SOUNDNESS</strong></li>
-<li><strong>USE WITH CARE</strong></li>
-<li>The positivity check for inductive types stops at abstraction</li>
-<li>boundaries. This results in spurious errors about positivity,</li>
-<li>e.g., when defining types like <code>type t = ref (option t)</code></li>
-<li>By adding this attribute to a declaration of a top-level name</li>
-<li>positivity checks on applications of that name are admitted.</li>
-<li>See, for instance, FStar.Monotonic.Heap.mref</li>
-<li>We plan to decorate binders of abstract types with polarities</li>
-<li>to allow us to check positivity across abstraction boundaries</li>
-<li>and will eventually remove this attribute.</li>
-</ul>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> (unifier_hint_injective:<span class="dt">unit</span>):()</code></pre></div>
+<h1>
+<a id="user-content-fstarpervasives" class="anchor" href="#fstarpervasives" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Pervasives</h1>
+<p>This is a file from the core library, dependencies must be explicit</p>
 <ul>
-<li>This attribute is to be used as a hint for the unifier.</li>
-<li>A function-typed symbol <code>t</code> marked with this attribute</li>
-<li>will be treated as being injective in all its arguments</li>
-<li>by the unifier.</li>
-<li>That is, given a problem <code>t a1..an =?= t b1..bn</code></li>
-<li>the unifier will solve it by proving <code>ai =?= bi</code> for</li>
-<li>all <code>i</code>, without trying to unfold the definition of <code>t</code>.</li>
-<li></li>
+<li>Opens module <a href="Prims.html">Prims</a>
+</li>
+<li>Includes module <a href="FStar.Pervasives.Native.html">FStar.Pervasives.Native</a>
+</li>
 </ul>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((strict_on_arguments (x:list <span class="dt">int</span>)):<span class="dt">unit</span>):()</code></pre></div>
+<blockquote>
+<p>This module is implicitly opened in the scope of all other
+modules.</p>
+<p>It provides several basic definitions in F* that are common to
+most programs. Broadly, these include:</p>
 <ul>
-<li>This attribute is used to control the evaluation order</li>
-<li>and unfolding strategy for certain definitions.</li>
-<li></li>
-<li>In particular, given</li>
-<li>[@(strict_on_arguments [1;2])]</li>
-<li>let f x0 (x1:list x0) (x1:option x0) = e</li>
-<li></li>
-<li>An application <code>f e0 e1 e2</code> is reduced by the normalizer by:</li>
-<li><ol style="list-style-type: decimal">
-<li>evaluating e0 ~&gt;* v0, e1 ~&gt;* v1, e2 ~&gt;* v2</li>
-</ol></li>
-<li></li>
-<li>2 a.</li>
-<li><pre><code>If, according to the positional arguments [1;2], </code></pre></li>
-<li><pre><code>if v1 and v2 have constant head symbols </code></pre></li>
-<li><pre><code>       (e.g., v1 = Cons _ _ _, and v2 = None _)</code></pre></li>
-<li><pre><code>then `f` is unfolded to `e` and reduced as</code></pre></li>
-<li><pre><code>  e[v0/x0][v1/x1][v2/x2]</code></pre></li>
-<li></li>
-<li>2 b.</li>
-<li></li>
-<li>Otherwise, <code>f</code> is not unfolded and the term is <code>f e0 e1 e2</code></li>
-<li>reduces to <code>f v0 v1 v2</code>.</li>
-<li></li>
+<li>
+<p>Utility types and functions, like <a href="#id"><code>id</code></a>, <a href="#either"><code>either</code></a>, dependent
+tuples, etc.</p>
+</li>
+<li>
+<p>Utility effect definitions, including <a href="#DIV"><code>DIV</code></a> for divergence,
+<a href="#EXN"><code>EXN</code></a> of exceptions, <a href="#STATE_h"><code>STATE_h</code></a> a template for state, and (the
+poorly named) <a href="#ALL_h"><code>ALL_h</code></a> which combines them all.</p>
+</li>
+<li>
+<p>Some utilities to control proofs, e.g., inversion of inductive
+type definitions.</p>
+</li>
+<li>
+<p>Built-in attributes that can be used to decorate definitions and
+trigger various kinds of special treatments for those
+definitions.</p>
+</li>
 </ul>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> (erasable:<span class="dt">unit</span>):()</code></pre></div>
+</blockquote>
+<h4>
+<a id="user-content-remove_unused_type_parameters" class="anchor" href="#remove_unused_type_parameters" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>remove_unused_type_parameters</h4>
+<p><a href="#remove_unused_type_parameters"><code>remove_unused_type_parameters</code></a></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">remove_unused_type_parameters</span> <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">unit</span></pre></div>
+<p>This attribute is used to decorate signatures in interfaces for
+type abbreviations, indicating that the 0-based positional
+parameters are unused in the definition and should be eliminated
+for extraction.</p>
+<p>This is important particularly for use with F# extraction, since
+F# does not accept type abbreviations with unused type parameters.</p>
+<p>See tests/bug-reports/RemoveUnusedTyparsIFace.A.fsti</p>
+<h4>
+<a id="user-content-pattern" class="anchor" href="#pattern" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>pattern</h4>
+<p>Values of type <a href="#pattern"><code>pattern</code></a> are used to tag <a href="#Lemma"><code>Lemma</code></a>s with SMT
+quantifier triggers</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">pattern</span> <span class="pl-c1">:</span> <span class="pl-c1">Type0</span> <span class="pl-c1">=</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-smt_pat" class="anchor" href="#smt_pat" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>smt_pat</h4>
+<p>The concrete syntax <code>SMTPat</code> desugars to <a href="#smt_pat"><code>smt_pat</code></a></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">smt_pat</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">pattern</span></pre></div>
+<h4>
+<a id="user-content-smt_pat_or" class="anchor" href="#smt_pat_or" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>smt_pat_or</h4>
+<p>The concrete syntax <code>SMTPatOr</code> desugars to <a href="#smt_pat_or"><code>smt_pat_or</code></a>. This is
+used to represent a disjunction of conjunctions of patterns.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">smt_pat_or</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-en">pattern</span><span class="pl-c1">))</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">pattern</span></pre></div>
+<p>Note, the typing discipline and syntax of patterns is laxer than
+it should be. Patterns like <code>SMTPatOr </code>SMTPatOr `...``` are
+expressible, but unsupported by F*</p>
+<p>TODO: We should tighten this up, perhaps just reusing the
+attribute mechanism for patterns.</p>
+<h4>
+<a id="user-content-lemma" class="anchor" href="#lemma" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Lemma</h4>
+<p><a href="#Lemma"><code>Lemma</code></a> is a very widely used effect abbreviation.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">effect</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">pre</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">post</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-en">pre</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">pats</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">pattern</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">Pure</span> <span class="pl-en">a</span> <span class="pl-en">pre</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">post</span> <span class="pl-c1">())</span></pre></div>
+<p>It stands for a unit-returning <code>Ghost</code> computation, whose main
+value is its logical payload in proving an implication between its
+pre- and postcondition.</p>
+<p><a href="#Lemma"><code>Lemma</code></a> is desugared specially. The valid forms are:</p>
+<p>Lemma (ensures post)
+Lemma post <code>SMTPat ...</code>
+Lemma (ensures post) <code>SMTPat ...</code>
+Lemma (ensures post) (decreases d)
+Lemma (ensures post) (decreases d) <code>SMTPat ...</code>
+Lemma (requires pre) (ensures post) (decreases d)
+Lemma (requires pre) (ensures post) <code>SMTPat ...</code>
+Lemma (requires pre) (ensures post) (decreases d) <code>SMTPat ...</code></p>
+<p>and</p>
+<p>Lemma post    (== Lemma (ensures post))</p>
+<p>the squash argument on the postcondition allows to assume the
+precondition for the <em>well-formedness</em> of the postcondition.</p>
+<h4>
+<a id="user-content-spinoff" class="anchor" href="#spinoff" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>spinoff</h4>
+<p>In the default mode of operation, all proofs in a verification
+condition are bundled into a single SMT query. Sub-terms marked
+with the <a href="#spinoff"><code>spinoff</code></a> below are the exception: each of them is
+spawned off into a separate SMT query</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">spinoff</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">:</span> <span class="pl-c1">Type0</span></pre></div>
+<h4>
+<a id="user-content-assert_spinoff" class="anchor" href="#assert_spinoff" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>assert_spinoff</h4>
+<p>Logically equivalent to assert, but spins off separate query</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">assert_spinoff</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">unit</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">spinoff</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-en">p</span><span class="pl-c1">)))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-id" class="anchor" href="#id" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>id</h4>
+<p>The polymorphic identity function</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">id</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">x</span></pre></div>
+<h4>
+<a id="user-content-trivial_pure_post" class="anchor" href="#trivial_pure_post" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>trivial_pure_post</h4>
+<p>Trivial postconditions for the <code>PURE</code> effect</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">trivial_pure_post</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">:</span> <span class="pl-en">pure_post</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span></pre></div>
+<h4>
+<a id="user-content-ambient" class="anchor" href="#ambient" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>ambient</h4>
+<p>Sometimes it is convenient to explicit introduce nullary symbols
+into the ambient context, so that SMT can appeal to their definitions
+even when they are no mentioned explicitly in the program, e.g., when
+needed for triggers.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@ <span class="pl-en">remove_unused_type_parameters</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">;</span> <span class="pl-c1">1</span><span class="pl-c1">;]]</span>
+<span class="pl-k">val</span> <span class="pl-en">ambient</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Type0</span></pre></div>
+<p>Use <code>intro_ambient t</code> for that.
+See, e.g., LowStar.Monotonic.Buffer.fst and its usage there for loc_none</p>
+<h4>
+<a id="user-content-intro_ambient" class="anchor" href="#intro_ambient" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>intro_ambient</h4>
+<p>cf. <a href="#ambient"><code>ambient</code></a>, above</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">intro_ambient</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">ambient</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<blockquote>
+<p>Controlling normalization</p>
+</blockquote>
+<h4>
+<a id="user-content-normalize_term" class="anchor" href="#normalize_term" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>normalize_term</h4>
+<p>In any invocation of the F* normalizer, every occurrence of
+<code>normalize_term e</code> is reduced to the full normal for of <code>e</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">normalize_term</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span></pre></div>
+<h4>
+<a id="user-content-normalize" class="anchor" href="#normalize" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>normalize</h4>
+<p>In any invocation of the F* normalizer, every occurrence of
+<code>normalize e</code> is reduced to the full normal for of <code>e</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">normalize</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">:</span> <span class="pl-c1">Type0</span></pre></div>
+<h4>
+<a id="user-content-norm_step" class="anchor" href="#norm_step" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>norm_step</h4>
+<p>Value of <a href="#norm_step"><code>norm_step</code></a> are used to enable specific normalization
+steps, controlling how the normalizer reduces terms.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">norm_step</span> <span class="pl-c1">:</span> <span class="pl-c1">Type0</span></pre></div>
+<h4>
+<a id="user-content-simplify" class="anchor" href="#simplify" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>simplify</h4>
+<p>Logical simplification, e.g., <code>P /\ True ~&gt; P</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">simplify</span> <span class="pl-c1">:</span> <span class="pl-en">norm_step</span></pre></div>
+<h4>
+<a id="user-content-weak" class="anchor" href="#weak" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>weak</h4>
+<p>Weak reduction: Do not reduce under binders</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">weak</span> <span class="pl-c1">:</span> <span class="pl-en">norm_step</span></pre></div>
+<h4>
+<a id="user-content-hnf" class="anchor" href="#hnf" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>hnf</h4>
+<p>Head normal form</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">hnf</span> <span class="pl-c1">:</span> <span class="pl-en">norm_step</span></pre></div>
+<h4>
+<a id="user-content-primops" class="anchor" href="#primops" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>primops</h4>
+<p>Reduce primitive operators, e.g., <code>1 + 1 ~&gt; 2</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">primops</span> <span class="pl-c1">:</span> <span class="pl-en">norm_step</span></pre></div>
+<h4>
+<a id="user-content-delta" class="anchor" href="#delta" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>delta</h4>
+<p>Unfold all non-recursive definitions</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">delta</span> <span class="pl-c1">:</span> <span class="pl-en">norm_step</span></pre></div>
+<h4>
+<a id="user-content-zeta" class="anchor" href="#zeta" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>zeta</h4>
+<p>Unroll recursive calls</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">zeta</span> <span class="pl-c1">:</span> <span class="pl-en">norm_step</span></pre></div>
+<p>Note: Since F*'s termination check is semantic rather than
+syntactically structural, recursive calls in inconsistent contexts,
+or recursive evaluation of open terms can diverge.</p>
+<p>When asking for the <a href="#zeta"><code>zeta</code></a> step, F* implements a heuristic to
+disable <a href="#zeta"><code>zeta</code></a> when reducing terms beneath a blocked match. This
+helps prevent some trivial looping behavior. However, it also
+means that with <a href="#zeta"><code>zeta</code></a> alone, your term may not reduce as much as
+you might want. See <a href="#zeta_full"><code>zeta_full</code></a> for that.</p>
+<h4>
+<a id="user-content-zeta_full" class="anchor" href="#zeta_full" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>zeta_full</h4>
+<p>Unroll recursive calls</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">zeta_full</span> <span class="pl-c1">:</span> <span class="pl-en">norm_step</span></pre></div>
+<p>Unlike <a href="#zeta"><code>zeta</code></a>, <a href="#zeta_full"><code>zeta_full</code></a> has no looping prevention
+heuristics. F* will try to unroll recursive functions as much as
+it can, potentially looping. Use with care.</p>
+<p>Note, <a href="#zeta_full"><code>zeta_full</code></a> implies <a href="#zeta"><code>zeta</code></a>.
+See <code>tests/micro-benchmarks/ReduceRecUnderMatch.fst</code> for an example.</p>
+<h4>
+<a id="user-content-iota" class="anchor" href="#iota" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>iota</h4>
+<p>Reduce case analysis (i.e., match)</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">iota</span> <span class="pl-c1">:</span> <span class="pl-en">norm_step</span></pre></div>
+<h4>
+<a id="user-content-nbe" class="anchor" href="#nbe" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>nbe</h4>
+<p>Use normalization-by-evaluation, instead of interpretation (experimental)</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">nbe</span> <span class="pl-c1">:</span> <span class="pl-en">norm_step</span></pre></div>
+<h4>
+<a id="user-content-reify_" class="anchor" href="#reify_" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>reify_</h4>
+<p>Reify effectful definitions into their representations</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">reify_</span> <span class="pl-c1">:</span> <span class="pl-en">norm_step</span></pre></div>
+<h4>
+<a id="user-content-delta_only" class="anchor" href="#delta_only" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>delta_only</h4>
+<p>Unlike <a href="#delta"><code>delta</code></a>, unfold definitions for only the names in the given
+list. Each string is a fully qualified name like <code>A.M.f</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">delta_only</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">string)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">norm_step</span></pre></div>
+<h4>
+<a id="user-content-delta_fully" class="anchor" href="#delta_fully" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>delta_fully</h4>
+<p>Unfold definitions for only the names in the given list, but
+unfold each definition encountered after unfolding as well.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">delta_fully</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">string)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">norm_step</span></pre></div>
+<p>For example, given</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">f0</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span>
+<span class="pl-k">let</span> <span class="pl-en">f1</span> <span class="pl-c1">=</span> <span class="pl-en">f0</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span></pre></div>
+<p><code>norm </code>delta_only <code>%f1</code> f1<code>will reduce to</code>f0 + 1<code>. </code>norm <code>delta_fully ``%f1`` f1</code> will reduce to <code>0 + 1</code>.</p>
+<p>Each string is a fully qualified name like <code>A.M.f</code>, typically
+constructed using a quotation, as in the example above.</p>
+<h4>
+<a id="user-content-delta_attr" class="anchor" href="#delta_attr" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>delta_attr</h4>
+<p>Rather than mention a symbol to unfold by name, it can be
+convenient to tag a collection of related symbols with a common
+attribute and then to ask the normalizer to reduce them all.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">delta_attr</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">string)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">norm_step</span></pre></div>
+<p>For example, given:</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">irreducible</span> <span class="pl-k">let</span> <span class="pl-en">my_attr</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span>
+
+<span class="pl-c1">`</span>@@<span class="pl-en">my_attr</span><span class="pl-c1">`</span>
+<span class="pl-k">let</span> <span class="pl-en">f0</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span>
+
+<span class="pl-c1">`</span>@@<span class="pl-en">my_attr</span><span class="pl-c1">`</span>
+<span class="pl-k">let</span> <span class="pl-en">f1</span> <span class="pl-c1">=</span> <span class="pl-en">f0</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span></pre></div>
+<p><code>FStarnorm [delta_attr [`%my_attr]] f1</code></p>
+<p>will reduce to <code>0 + 1</code>.</p>
+<h4>
+<a id="user-content-delta_qualifier" class="anchor" href="#delta_qualifier" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>delta_qualifier</h4>
+<p>For example, given:</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">delta_qualifier</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">string)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">norm_step</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">f0</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span>
+
+<span class="pl-k">inline_for_extraction</span>
+<span class="pl-k">let</span> <span class="pl-en">f1</span> <span class="pl-c1">=</span> <span class="pl-en">f0</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span>
+</pre></div>
+<p><code>FStarnorm [delta_qualifier ["unfold"; "inline_for_extraction"]] f1</code></p>
+<p>will reduce to <code>0 + 1</code>.</p>
+<h4>
+<a id="user-content-unmeta" class="anchor" href="#unmeta" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>unmeta</h4>
+<p>This step removes the some internal meta nodes during normalization</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">unmeta</span> <span class="pl-c1">:</span> <span class="pl-en">norm_step</span></pre></div>
+<p>In most cases you shouldn't need to use this step explicitly</p>
+<h4>
+<a id="user-content-norm" class="anchor" href="#norm" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>norm</h4>
+<p><code>norm s e</code> requests normalization of <code>e</code> with the reduction steps
+<code>s</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">norm</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">norm_step</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span></pre></div>
+<h4>
+<a id="user-content-assert_norm" class="anchor" href="#assert_norm" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>assert_norm</h4>
+<p><code>assert_norm p</code> reduces <code>p</code> as much as possible and then asks the
+SMT solver to prove the reduct, concluding <code>p</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-k">assert_norm</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">unit</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">normalize</span> <span class="pl-en">p</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-normalize_term_spec" class="anchor" href="#normalize_term_spec" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>normalize_term_spec</h4>
+<p>Sometimes it is convenient to introduce an equation between a term
+and its normal form in the context.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">normalize_term_spec</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">normalize_term</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-normalize_spec" class="anchor" href="#normalize_spec" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>normalize_spec</h4>
+<p>Like <a href="#normalize_term_spec"><code>normalize_term_spec</code></a>, but specialized to <code>Type0</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">normalize_spec</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">normalize</span> <span class="pl-en">a</span> <span class="pl-c1">==</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-norm_spec" class="anchor" href="#norm_spec" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>norm_spec</h4>
+<p>Like <a href="#normalize_term_spec"><code>normalize_term_spec</code></a>, but with specific normalization steps</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">norm_spec</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">norm_step</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">norm</span> <span class="pl-en">s</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-reveal_opaque" class="anchor" href="#reveal_opaque" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>reveal_opaque</h4>
+<p>Use the following to expose an <code>"opaque_to_smt"</code> definition to the
+solver as: <code>reveal_opaque (</code>%defn) defn`</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">reveal_opaque</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-c1">string)</span> <span class="pl-c1">=</span> <span class="pl-en">norm_spec</span> <span class="pl-c1">[</span><span class="pl-en">delta_only</span> <span class="pl-c1">[</span><span class="pl-en">s</span><span class="pl-c1">]]</span></pre></div>
+<p>Wrappers over pure wp combinators that return a pure_wp type
+(with monotonicity refinement)</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">pure_return</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">pure_wp</span> <span class="pl-en">a</span> <span class="pl-c1">=</span>
+  <span class="pl-en">reveal_opaque</span> <span class="pl-c1">(`</span>%<span class="pl-en">pure_wp_monotonic</span><span class="pl-c1">)</span> <span class="pl-en">pure_wp_monotonic</span><span class="pl-c1">;</span>
+  <span class="pl-en">pure_return0</span> <span class="pl-en">a</span> <span class="pl-en">x</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">pure_bind_wp</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp1</span><span class="pl-c1">:</span><span class="pl-en">pure_wp</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">wp2</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">pure_wp</span> <span class="pl-en">b</span><span class="pl-c1">)))</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">pure_wp</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">reveal_opaque</span> <span class="pl-c1">(`</span>%<span class="pl-en">pure_wp_monotonic</span><span class="pl-c1">)</span> <span class="pl-en">pure_wp_monotonic</span><span class="pl-c1">;</span>
+  <span class="pl-en">pure_bind_wp0</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">wp1</span> <span class="pl-en">wp2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">pure_if_then_else</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">p</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp_then</span> <span class="pl-en">wp_else</span><span class="pl-c1">:</span><span class="pl-en">pure_wp</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">pure_wp</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">reveal_opaque</span> <span class="pl-c1">(`</span>%<span class="pl-en">pure_wp_monotonic</span><span class="pl-c1">)</span> <span class="pl-en">pure_wp_monotonic</span><span class="pl-c1">;</span>
+  <span class="pl-en">pure_if_then_else0</span> <span class="pl-en">a</span> <span class="pl-en">p</span> <span class="pl-en">wp_then</span> <span class="pl-en">wp_else</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">pure_ite_wp</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp</span><span class="pl-c1">:</span><span class="pl-en">pure_wp</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">pure_wp</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">reveal_opaque</span> <span class="pl-c1">(`</span>%<span class="pl-en">pure_wp_monotonic</span><span class="pl-c1">)</span> <span class="pl-en">pure_wp_monotonic</span><span class="pl-c1">;</span>
+  <span class="pl-en">pure_ite_wp0</span> <span class="pl-en">a</span> <span class="pl-en">wp</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">pure_close_wp</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp</span><span class="pl-c1">:</span><span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">pure_wp</span> <span class="pl-en">a</span><span class="pl-c1">))</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">pure_wp</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">reveal_opaque</span> <span class="pl-c1">(`</span>%<span class="pl-en">pure_wp_monotonic</span><span class="pl-c1">)</span> <span class="pl-en">pure_wp_monotonic</span><span class="pl-c1">;</span>
+  <span class="pl-en">pure_close_wp0</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">wp</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">pure_null_wp</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">pure_wp</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">reveal_opaque</span> <span class="pl-c1">(`</span>%<span class="pl-en">pure_wp_monotonic</span><span class="pl-c1">)</span> <span class="pl-en">pure_wp_monotonic</span><span class="pl-c1">;</span>
+  <span class="pl-en">pure_null_wp0</span> <span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@ <span class="pl-s"><span class="pl-pds">"</span>opaque_to_smt<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">pure_assert_wp</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:Type)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">pure_wp</span> <span class="pl-c1">unit)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">reveal_opaque</span> <span class="pl-c1">(`</span>%<span class="pl-en">pure_wp_monotonic</span><span class="pl-c1">)</span> <span class="pl-en">pure_wp_monotonic</span><span class="pl-c1">;</span>
+  <span class="pl-en">pure_assert_wp0</span> <span class="pl-en">p</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@ <span class="pl-s"><span class="pl-pds">"</span>opaque_to_smt<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">pure_assume_wp</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:Type)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">pure_wp</span> <span class="pl-c1">unit)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">reveal_opaque</span> <span class="pl-c1">(`</span>%<span class="pl-en">pure_wp_monotonic</span><span class="pl-c1">)</span> <span class="pl-en">pure_wp_monotonic</span><span class="pl-c1">;</span>
+  <span class="pl-en">pure_assume_wp0</span> <span class="pl-en">p</span></pre></div>
+<blockquote>
+<p>The <a href="#DIV"><code>DIV</code></a> effect for divergent computations</p>
+<p>The wp-calculus for <a href="#DIV"><code>DIV</code></a> is same as that of <code>PURE</code></p>
+</blockquote>
+<h4>
+<a id="user-content-div" class="anchor" href="#div" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>DIV</h4>
+<p>The effect of divergence: from a specificational perspective it is
+identical to PURE, however the specs are given a partial
+correctness interpretation. Computations with the <a href="#DIV"><code>DIV</code></a> effect may
+not terminate.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">new_effect</span> <span class="pl-c1">{</span>
+  <span class="pl-c1">DIV</span> <span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">wp</span><span class="pl-c1">:</span><span class="pl-en">pure_wp</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Effect</span>
+  <span class="pl-k">with</span>
+    <span class="pl-en">return_wp</span> <span class="pl-c1">=</span> <span class="pl-en">pure_return</span>
+  <span class="pl-c1">;</span> <span class="pl-en">bind_wp</span> <span class="pl-c1">=</span> <span class="pl-en">pure_bind_wp</span>
+  <span class="pl-c1">;</span> <span class="pl-en">if_then_else</span> <span class="pl-c1">=</span> <span class="pl-en">pure_if_then_else</span>
+  <span class="pl-c1">;</span> <span class="pl-en">ite_wp</span> <span class="pl-c1">=</span> <span class="pl-en">pure_ite_wp</span>
+  <span class="pl-c1">;</span> <span class="pl-en">stronger</span> <span class="pl-c1">=</span> <span class="pl-en">pure_stronger</span>
+  <span class="pl-c1">;</span> <span class="pl-en">close_wp</span> <span class="pl-c1">=</span> <span class="pl-en">pure_close_wp</span>
+  <span class="pl-c1">;</span> <span class="pl-en">trivial</span> <span class="pl-c1">=</span> <span class="pl-en">pure_trivial</span>
+<span class="pl-c1">}</span></pre></div>
+<p><code>PURE</code> computations can be silently promoted for use in a <a href="#DIV"><code>DIV</code></a> context</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">sub_effect</span> <span class="pl-c1">PURE</span> <span class="pl-c1">~&gt;</span> <span class="pl-c1">DIV</span> <span class="pl-c1">{</span> <span class="pl-en">lift_wp</span> <span class="pl-c1">=</span> <span class="pl-en">purewp_id</span> <span class="pl-c1">}</span></pre></div>
+<h4>
+<a id="user-content-div_hoare_to_wp" class="anchor" href="#div_hoare_to_wp" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>div_hoare_to_wp</h4>
+<p><code>Div</code> is the Hoare-style counterpart of the wp-indexed <a href="#DIV"><code>DIV</code></a></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">div_hoare_to_wp</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">pre</span><span class="pl-c1">:</span><span class="pl-en">pure_pre</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">post</span><span class="pl-c1">:</span><span class="pl-en">pure_post'</span> <span class="pl-en">a</span> <span class="pl-en">pre</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">pure_wp</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">reveal_opaque</span> <span class="pl-c1">(`</span>%<span class="pl-en">pure_wp_monotonic</span><span class="pl-c1">)</span> <span class="pl-en">pure_wp_monotonic</span><span class="pl-c1">;</span>
+  <span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">pure_post</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">pre</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">a</span><span class="pl-c1">.</span> <span class="pl-en">post</span> <span class="pl-en">a</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">p</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">effect</span> <span class="pl-c1">Div</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">pre</span><span class="pl-c1">:</span> <span class="pl-en">pure_pre</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">post</span><span class="pl-c1">:</span> <span class="pl-en">pure_post'</span> <span class="pl-en">a</span> <span class="pl-en">pre</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">DIV</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">div_hoare_to_wp</span> <span class="pl-en">post</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-dv" class="anchor" href="#dv" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Dv</h4>
+<p><a href="#Dv"><code>Dv</code></a> is the instance of <a href="#DIV"><code>DIV</code></a> with trivial pre- and postconditions</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">effect</span> <span class="pl-c1">Dv</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">=</span> <span class="pl-c1">DIV</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">pure_null_wp</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-ext" class="anchor" href="#ext" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>EXT</h4>
+<p>We use the <a href="#EXT"><code>EXT</code></a> effect to underspecify external system calls
+as being impure but having no observable effect on the state</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">effect</span> <span class="pl-c1">EXT</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">=</span> <span class="pl-c1">Dv</span> <span class="pl-en">a</span></pre></div>
+<blockquote>
+<p>The <a href="#STATE_h"><code>STATE_h</code></a> effect template for stateful computations, generic
+in the type of the state.</p>
+<p>Note, <a href="#STATE_h"><code>STATE_h</code></a> is itself not a computation type in F*, since it
+is parameterized by the type of heap. However, instantiations of
+<a href="#STATE_h"><code>STATE_h</code></a> with specific types of the heap are computation
+types. See, e.g., <code>FStar.ST</code> for such instantiations.</p>
+<p>Weakest preconditions for stateful computations transform
+<a href="#st_post_h"><code>st_post_h</code></a> postconditions to <a href="#st_pre_h"><code>st_pre_h</code></a> preconditions. Both are
+parametric in the type of the state, here denoted by the
+<code>heap:Type</code> variable.</p>
+</blockquote>
+<h4>
+<a id="user-content-st_pre_h" class="anchor" href="#st_pre_h" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>st_pre_h</h4>
+<p>Preconditions are predicates on the <code>heap</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">st_pre_h</span> <span class="pl-c1">(</span><span class="pl-en">heap</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">=</span> <span class="pl-en">heap</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span></pre></div>
+<h4>
+<a id="user-content-st_post_h" class="anchor" href="#st_post_h" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>st_post_h'</h4>
+<p>Postconditions relate <code>a</code>-typed results to the final <code>heap</code>, here
+refined by some pure proposition <code>pre</code>, typically instantiated to
+the precondition applied to the initial <code>heap</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">st_post_h'</span> <span class="pl-c1">(</span><span class="pl-en">heap</span> <span class="pl-en">a</span> <span class="pl-en">pre</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">_</span><span class="pl-c1">:</span> <span class="pl-en">heap</span><span class="pl-c1">{</span><span class="pl-en">pre</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span></pre></div>
+<h4>
+<a id="user-content-st_post_h-1" class="anchor" href="#st_post_h-1" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>st_post_h</h4>
+<p>Postconditions without refinements</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">st_post_h</span> <span class="pl-c1">(</span><span class="pl-en">heap</span> <span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">=</span> <span class="pl-en">st_post_h'</span> <span class="pl-en">heap</span> <span class="pl-en">a</span> <span class="pl-c1">True</span></pre></div>
+<h4>
+<a id="user-content-st_wp_h" class="anchor" href="#st_wp_h" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>st_wp_h</h4>
+<p>The type of the main WP-transformer for stateful comptuations</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">st_wp_h</span> <span class="pl-c1">(</span><span class="pl-en">heap</span> <span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">=</span> <span class="pl-en">st_post_h</span> <span class="pl-en">heap</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">st_pre_h</span> <span class="pl-en">heap</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-st_return" class="anchor" href="#st_return" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>st_return</h4>
+<p>Returning a value does not transform the state</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">st_return</span> <span class="pl-c1">(</span><span class="pl-en">heap</span> <span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-en">st_post_h</span> <span class="pl-en">heap</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">p</span> <span class="pl-en">x</span></pre></div>
+<h4>
+<a id="user-content-st_bind_wp" class="anchor" href="#st_bind_wp" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>st_bind_wp</h4>
+<p>Sequential composition of stateful WPs</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">st_bind_wp</span>
+      <span class="pl-c1">(</span><span class="pl-en">heap</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+      <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+      <span class="pl-c1">(</span><span class="pl-en">wp1</span><span class="pl-c1">:</span> <span class="pl-en">st_wp_h</span> <span class="pl-en">heap</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">wp2</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">st_wp_h</span> <span class="pl-en">heap</span> <span class="pl-en">b</span><span class="pl-c1">)))</span>
+      <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-en">st_post_h</span> <span class="pl-en">heap</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">h0</span><span class="pl-c1">:</span> <span class="pl-en">heap</span><span class="pl-c1">)</span>
+     <span class="pl-c1">=</span> <span class="pl-en">wp1</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">a</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">wp2</span> <span class="pl-en">a</span> <span class="pl-en">p</span> <span class="pl-en">h1</span><span class="pl-c1">)</span> <span class="pl-en">h0</span></pre></div>
+<h4>
+<a id="user-content-st_if_then_else" class="anchor" href="#st_if_then_else" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>st_if_then_else</h4>
+<p>Branching for stateful WPs</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">st_if_then_else</span>
+      <span class="pl-c1">(</span><span class="pl-en">heap</span> <span class="pl-en">a</span> <span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+      <span class="pl-c1">(</span><span class="pl-en">wp_then</span> <span class="pl-en">wp_else</span><span class="pl-c1">:</span> <span class="pl-en">st_wp_h</span> <span class="pl-en">heap</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">post</span><span class="pl-c1">:</span> <span class="pl-en">st_post_h</span> <span class="pl-en">heap</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">h0</span><span class="pl-c1">:</span> <span class="pl-en">heap</span><span class="pl-c1">)</span>
+     <span class="pl-c1">=</span> <span class="pl-en">wp_then</span> <span class="pl-en">post</span> <span class="pl-en">h0</span> <span class="pl-c1">/\</span> <span class="pl-c1">(~</span><span class="pl-en">p</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">wp_else</span> <span class="pl-en">post</span> <span class="pl-en">h0</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-st_ite_wp" class="anchor" href="#st_ite_wp" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>st_ite_wp</h4>
+<p>As with <code>PURE</code> the <code>wp</code> combinator names the postcondition as
+<code>k</code> to avoid duplicating it.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">st_ite_wp</span> <span class="pl-c1">(</span><span class="pl-en">heap</span> <span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp</span><span class="pl-c1">:</span> <span class="pl-en">st_wp_h</span> <span class="pl-en">heap</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">post</span><span class="pl-c1">:</span> <span class="pl-en">st_post_h</span> <span class="pl-en">heap</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h0</span><span class="pl-c1">:</span> <span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:</span> <span class="pl-en">st_post_h</span> <span class="pl-en">heap</span> <span class="pl-en">a</span><span class="pl-c1">).</span>
+    <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-en">heap</span><span class="pl-c1">).</span> <span class="pl-c1">{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">guard_free</span> <span class="pl-c1">(</span><span class="pl-en">k</span> <span class="pl-en">x</span> <span class="pl-en">h</span><span class="pl-c1">))}</span> <span class="pl-en">post</span> <span class="pl-en">x</span> <span class="pl-en">h</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">k</span> <span class="pl-en">x</span> <span class="pl-en">h</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">wp</span> <span class="pl-en">k</span> <span class="pl-en">h0</span></pre></div>
+<h4>
+<a id="user-content-st_stronger" class="anchor" href="#st_stronger" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>st_stronger</h4>
+<p>Subsumption for stateful WPs</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">st_stronger</span> <span class="pl-c1">(</span><span class="pl-en">heap</span> <span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp1</span> <span class="pl-en">wp2</span><span class="pl-c1">:</span> <span class="pl-en">st_wp_h</span> <span class="pl-en">heap</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-en">st_post_h</span> <span class="pl-en">heap</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-en">heap</span><span class="pl-c1">).</span> <span class="pl-en">wp1</span> <span class="pl-en">p</span> <span class="pl-en">h</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">wp2</span> <span class="pl-en">p</span> <span class="pl-en">h</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-st_close_wp" class="anchor" href="#st_close_wp" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>st_close_wp</h4>
+<p>Closing the scope of a binder within a stateful WP</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">st_close_wp</span> <span class="pl-c1">(</span><span class="pl-en">heap</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">st_wp_h</span> <span class="pl-en">heap</span> <span class="pl-en">a</span><span class="pl-c1">)))</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-en">st_post_h</span> <span class="pl-en">heap</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">b</span><span class="pl-c1">).</span> <span class="pl-en">wp</span> <span class="pl-en">b</span> <span class="pl-en">p</span> <span class="pl-en">h</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-st_trivial" class="anchor" href="#st_trivial" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>st_trivial</h4>
+<p>Applying a stateful WP to a trivial postcondition</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">st_trivial</span> <span class="pl-c1">(</span><span class="pl-en">heap</span> <span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp</span><span class="pl-c1">:</span> <span class="pl-en">st_wp_h</span> <span class="pl-en">heap</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">h0</span><span class="pl-c1">.</span> <span class="pl-en">wp</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">r</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-en">h0</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-state_h" class="anchor" href="#state_h" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>STATE_h</h4>
+<p>Introducing a new effect template <a href="#STATE_h"><code>STATE_h</code></a></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">new_effect</span> <span class="pl-c1">{</span>
+  <span class="pl-c1">STATE_h</span> <span class="pl-c1">(</span><span class="pl-en">heap</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">:</span> <span class="pl-en">result</span><span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">wp</span><span class="pl-c1">:</span> <span class="pl-en">st_wp_h</span> <span class="pl-en">heap</span> <span class="pl-en">result</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Effect</span>
+  <span class="pl-k">with</span>
+    <span class="pl-en">return_wp</span> <span class="pl-c1">=</span> <span class="pl-en">st_return</span> <span class="pl-en">heap</span>
+  <span class="pl-c1">;</span> <span class="pl-en">bind_wp</span> <span class="pl-c1">=</span> <span class="pl-en">st_bind_wp</span> <span class="pl-en">heap</span>
+  <span class="pl-c1">;</span> <span class="pl-en">if_then_else</span> <span class="pl-c1">=</span> <span class="pl-en">st_if_then_else</span> <span class="pl-en">heap</span>
+  <span class="pl-c1">;</span> <span class="pl-en">ite_wp</span> <span class="pl-c1">=</span> <span class="pl-en">st_ite_wp</span> <span class="pl-en">heap</span>
+  <span class="pl-c1">;</span> <span class="pl-en">stronger</span> <span class="pl-c1">=</span> <span class="pl-en">st_stronger</span> <span class="pl-en">heap</span>
+  <span class="pl-c1">;</span> <span class="pl-en">close_wp</span> <span class="pl-c1">=</span> <span class="pl-en">st_close_wp</span> <span class="pl-en">heap</span>
+  <span class="pl-c1">;</span> <span class="pl-en">trivial</span> <span class="pl-c1">=</span> <span class="pl-en">st_trivial</span> <span class="pl-en">heap</span>
+<span class="pl-c1">}</span></pre></div>
+<blockquote>
+<p>The <a href="#EXN"><code>EXN</code></a> effect for computations that may raise exceptions or
+fatal errors</p>
+<p>Weakest preconditions for stateful computations transform
+<a href="#ex_post"><code>ex_post</code></a> postconditions (predicates on <a href="#result"><code>result</code></a>s) to <a href="#ex_pre"><code>ex_pre</code></a>
+precondition propositions.</p>
+</blockquote>
+<h4>
+<a id="user-content-result" class="anchor" href="#result" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>result</h4>
+<p>Normal results are represented using <code>V x</code>.
+Handleable exceptions are represented <code>E e</code>.
+Fatal errors are <code>Err msg</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">noeq</span>
+<span class="pl-k">type</span> <span class="pl-en">result</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">V</span> <span class="pl-c1">:</span> <span class="pl-en">v</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">result</span> <span class="pl-en">a</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">E</span> <span class="pl-c1">:</span> <span class="pl-en">e</span><span class="pl-c1">:</span> <span class="pl-en">exn</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">result</span> <span class="pl-en">a</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Err</span> <span class="pl-c1">:</span> <span class="pl-en">msg</span><span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">result</span> <span class="pl-en">a</span></pre></div>
+<h4>
+<a id="user-content-ex_pre" class="anchor" href="#ex_pre" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>ex_pre</h4>
+<p>Exceptional preconditions are just propositions</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">ex_pre</span> <span class="pl-c1">=</span> <span class="pl-c1">Type0</span></pre></div>
+<h4>
+<a id="user-content-ex_post" class="anchor" href="#ex_post" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>ex_post'</h4>
+<p>Postconditions on results refined by a precondition</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">ex_post'</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">pre</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">=</span> <span class="pl-c1">_</span><span class="pl-c1">:</span> <span class="pl-en">result</span> <span class="pl-en">a</span> <span class="pl-c1">{</span><span class="pl-en">pre</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span></pre></div>
+<h4>
+<a id="user-content-ex_post-1" class="anchor" href="#ex_post-1" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>ex_post</h4>
+<p>Postconditions on results</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">ex_post</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">=</span> <span class="pl-en">ex_post'</span> <span class="pl-en">a</span> <span class="pl-c1">True</span></pre></div>
+<h4>
+<a id="user-content-ex_wp" class="anchor" href="#ex_wp" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>ex_wp</h4>
+<p>Exceptions WP-predicate transformers</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">ex_wp</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">=</span> <span class="pl-en">ex_post</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-en">ex_pre</span></pre></div>
+<h4>
+<a id="user-content-ex_return" class="anchor" href="#ex_return" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>ex_return</h4>
+<p>Returning a value <code>x</code> normally promotes it to the <code>V x</code> result</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">ex_return</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-en">ex_post</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span> <span class="pl-c1">=</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-c1">V</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-ex_bind_wp" class="anchor" href="#ex_bind_wp" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>ex_bind_wp</h4>
+<p>Sequential composition of exception-raising code requires case analysing
+the result of the first computation before "running" the second one</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">ex_bind_wp</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp1</span><span class="pl-c1">:</span> <span class="pl-en">ex_wp</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">wp2</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">ex_wp</span> <span class="pl-en">b</span><span class="pl-c1">)))</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-en">ex_post</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span> <span class="pl-c1">=</span>
+  <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:</span> <span class="pl-en">ex_post</span> <span class="pl-en">b</span><span class="pl-c1">).</span>
+    <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">rb</span><span class="pl-c1">:</span> <span class="pl-en">result</span> <span class="pl-en">b</span><span class="pl-c1">).</span> <span class="pl-c1">{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">guard_free</span> <span class="pl-c1">(</span><span class="pl-en">k</span> <span class="pl-en">rb</span><span class="pl-c1">))}</span> <span class="pl-en">p</span> <span class="pl-en">rb</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">k</span> <span class="pl-en">rb</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">wp1</span> <span class="pl-c1">(</span><span class="pl-k">function</span>
+          <span class="pl-c1">|</span> <span class="pl-c1">V</span> <span class="pl-en">ra1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">wp2</span> <span class="pl-en">ra1</span> <span class="pl-en">k</span>
+          <span class="pl-c1">|</span> <span class="pl-c1">E</span> <span class="pl-en">e</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">k</span> <span class="pl-c1">(</span><span class="pl-c1">E</span> <span class="pl-en">e</span><span class="pl-c1">)</span>
+          <span class="pl-c1">|</span> <span class="pl-c1">Err</span> <span class="pl-en">m</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">k</span> <span class="pl-c1">(</span><span class="pl-c1">Err</span> <span class="pl-en">m</span><span class="pl-c1">)))</span></pre></div>
+<h4>
+<a id="user-content-ex_if_then_else" class="anchor" href="#ex_if_then_else" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>ex_if_then_else</h4>
+<p>As for other effects, branching in <a href="#ex_wp"><code>ex_wp</code></a> appears in two forms.
+First, a simple case analysis on <code>p</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">ex_if_then_else</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp_then</span> <span class="pl-en">wp_else</span><span class="pl-c1">:</span> <span class="pl-en">ex_wp</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">post</span><span class="pl-c1">:</span> <span class="pl-en">ex_post</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">wp_then</span> <span class="pl-en">post</span> <span class="pl-c1">/\</span> <span class="pl-c1">(~</span><span class="pl-en">p</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">wp_else</span> <span class="pl-en">post</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-ex_ite_wp" class="anchor" href="#ex_ite_wp" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>ex_ite_wp</h4>
+<p>Naming continuations for use with branching</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">ex_ite_wp</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp</span><span class="pl-c1">:</span> <span class="pl-en">ex_wp</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">post</span><span class="pl-c1">:</span> <span class="pl-en">ex_post</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:</span> <span class="pl-en">ex_post</span> <span class="pl-en">a</span><span class="pl-c1">).</span>
+    <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">rb</span><span class="pl-c1">:</span> <span class="pl-en">result</span> <span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-c1">{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">guard_free</span> <span class="pl-c1">(</span><span class="pl-en">k</span> <span class="pl-en">rb</span><span class="pl-c1">))}</span> <span class="pl-en">post</span> <span class="pl-en">rb</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">k</span> <span class="pl-en">rb</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">wp</span> <span class="pl-en">k</span></pre></div>
+<h4>
+<a id="user-content-ex_stronger" class="anchor" href="#ex_stronger" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>ex_stronger</h4>
+<p>Subsumption for exceptional WPs</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">ex_stronger</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp1</span> <span class="pl-en">wp2</span><span class="pl-c1">:</span> <span class="pl-en">ex_wp</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-en">ex_post</span> <span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-en">wp1</span> <span class="pl-en">p</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">wp2</span> <span class="pl-en">p</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-ex_close_wp" class="anchor" href="#ex_close_wp" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>ex_close_wp</h4>
+<p>Closing the scope of a binder for exceptional WPs</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">ex_close_wp</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">ex_wp</span> <span class="pl-en">a</span><span class="pl-c1">)))</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-en">ex_post</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">b</span><span class="pl-c1">).</span> <span class="pl-en">wp</span> <span class="pl-en">b</span> <span class="pl-en">p</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-ex_trivial" class="anchor" href="#ex_trivial" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>ex_trivial</h4>
+<p>Applying a computation with a trivial poscondition</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">ex_trivial</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp</span><span class="pl-c1">:</span> <span class="pl-en">ex_wp</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">wp</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-exn" class="anchor" href="#exn" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>EXN</h4>
+<p>Introduce a new effect for <a href="#EXN"><code>EXN</code></a></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">new_effect</span> <span class="pl-c1">{</span>
+  <span class="pl-c1">EXN</span> <span class="pl-c1">:</span> <span class="pl-en">result</span><span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">wp</span><span class="pl-c1">:</span> <span class="pl-en">ex_wp</span> <span class="pl-en">result</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Effect</span>
+  <span class="pl-k">with</span>
+    <span class="pl-en">return_wp</span> <span class="pl-c1">=</span> <span class="pl-en">ex_return</span>
+  <span class="pl-c1">;</span> <span class="pl-en">bind_wp</span> <span class="pl-c1">=</span> <span class="pl-en">ex_bind_wp</span>
+  <span class="pl-c1">;</span> <span class="pl-en">if_then_else</span> <span class="pl-c1">=</span> <span class="pl-en">ex_if_then_else</span>
+  <span class="pl-c1">;</span> <span class="pl-en">ite_wp</span> <span class="pl-c1">=</span> <span class="pl-en">ex_ite_wp</span>
+  <span class="pl-c1">;</span> <span class="pl-en">stronger</span> <span class="pl-c1">=</span> <span class="pl-en">ex_stronger</span>
+  <span class="pl-c1">;</span> <span class="pl-en">close_wp</span> <span class="pl-c1">=</span> <span class="pl-en">ex_close_wp</span>
+  <span class="pl-c1">;</span> <span class="pl-en">trivial</span> <span class="pl-c1">=</span> <span class="pl-en">ex_trivial</span>
+<span class="pl-c1">}</span></pre></div>
+<h4>
+<a id="user-content-exn-1" class="anchor" href="#exn-1" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Exn</h4>
+<p>A Hoare-style abbreviation for EXN</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">effect</span> <span class="pl-c1">Exn</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">pre</span><span class="pl-c1">:</span> <span class="pl-en">ex_pre</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">post</span><span class="pl-c1">:</span> <span class="pl-en">ex_post'</span> <span class="pl-en">a</span> <span class="pl-en">pre</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">EXN</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-en">ex_post</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">pre</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-en">result</span> <span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-en">post</span> <span class="pl-en">r</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">p</span> <span class="pl-en">r</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-lift_div_exn" class="anchor" href="#lift_div_exn" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lift_div_exn</h4>
+<p>We include divergence in exceptions.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">lift_div_exn</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp</span><span class="pl-c1">:</span> <span class="pl-en">pure_wp</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-en">ex_post</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">wp</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-c1">V</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+<span class="pl-en">sub_effect</span> <span class="pl-c1">DIV</span> <span class="pl-c1">~&gt;</span> <span class="pl-c1">EXN</span> <span class="pl-c1">{</span> <span class="pl-en">lift_wp</span> <span class="pl-c1">=</span> <span class="pl-en">lift_div_exn</span> <span class="pl-c1">}</span></pre></div>
+<p>NOTE: BE WARNED, CODE IN THE <a href="#EXN"><code>EXN</code></a> EFFECT IS ONLY CHECKED FOR
+PARTIAL CORRECTNESS</p>
+<h4>
+<a id="user-content-ex" class="anchor" href="#ex" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Ex</h4>
+<p>A variant of <a href="#Exn"><code>Exn</code></a> with trivial pre- and postconditions</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">effect</span> <span class="pl-c1">Ex</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">=</span> <span class="pl-c1">Exn</span> <span class="pl-en">a</span> <span class="pl-c1">True</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">v</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<p>The <a href="#ALL_h"><code>ALL_h</code></a> effect template for computations that may diverge,
+raise exceptions or fatal errors, and uses a generic state.</p>
+<p>Note, this effect is poorly named, particularly as F* has since
+gained many more user-defined effect. We no longer have an effect
+that includes all others.</p>
+<p>We might rename this in the future to something like <code>StExnDiv_h</code>.</p>
+<p>We layer state on top of exceptions, meaning that raising an
+exception does not discard the state.</p>
+<p>As with <a href="#STATE_h"><code>STATE_h</code></a>, <a href="#ALL_h"><code>ALL_h</code></a> is not a computation type, though its
+instantiation with a specific type of <code>heap</code> (in FStar.All) is.</p>
+</blockquote>
+<h4>
+<a id="user-content-all_pre_h" class="anchor" href="#all_pre_h" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>all_pre_h</h4>
+<p><a href="#all_pre_h"><code>all_pre_h</code></a> is a predicate on the initial state</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">all_pre_h</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">=</span> <span class="pl-en">h</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span></pre></div>
+<h4>
+<a id="user-content-all_post_h" class="anchor" href="#all_post_h" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>all_post_h'</h4>
+<p>Postconditions relate <a href="#result"><code>result</code></a>s to final <code>heap</code>s refined by a precondition</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">all_post_h'</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">pre</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">=</span> <span class="pl-en">result</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">_</span><span class="pl-c1">:</span> <span class="pl-en">h</span><span class="pl-c1">{</span><span class="pl-en">pre</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span></pre></div>
+<h4>
+<a id="user-content-all_post_h-1" class="anchor" href="#all_post_h-1" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>all_post_h</h4>
+<p>A variant of <a href="#all_post_h'"><code>all_post_h'</code></a> without the precondition refinement</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">all_post_h</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">=</span> <span class="pl-en">all_post_h'</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-c1">True</span></pre></div>
+<h4>
+<a id="user-content-all_wp_h" class="anchor" href="#all_wp_h" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>all_wp_h</h4>
+<p>WP predicate transformers for the <code>All_h</code> effect template</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">all_wp_h</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">=</span> <span class="pl-en">all_post_h</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">all_pre_h</span> <span class="pl-en">h</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-all_return" class="anchor" href="#all_return" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>all_return</h4>
+<p>Returning a value <code>x</code> normally promotes it to the <code>V x</code> result
+without touching the <code>heap</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">all_return</span> <span class="pl-c1">(</span><span class="pl-en">heap</span> <span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-en">all_post_h</span> <span class="pl-en">heap</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-c1">V</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-all_bind_wp" class="anchor" href="#all_bind_wp" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>all_bind_wp</h4>
+<p>Sequential composition for <a href="#ALL_h"><code>ALL_h</code></a> is like <a href="#EXN"><code>EXN</code></a>: case analysis of
+the exceptional result before "running" the continuation</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">all_bind_wp</span>
+      <span class="pl-c1">(</span><span class="pl-en">heap</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+      <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+      <span class="pl-c1">(</span><span class="pl-en">wp1</span><span class="pl-c1">:</span> <span class="pl-en">all_wp_h</span> <span class="pl-en">heap</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">wp2</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">all_wp_h</span> <span class="pl-en">heap</span> <span class="pl-en">b</span><span class="pl-c1">)))</span>
+      <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-en">all_post_h</span> <span class="pl-en">heap</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">h0</span><span class="pl-c1">:</span> <span class="pl-en">heap</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span> <span class="pl-c1">=</span>
+  <span class="pl-en">wp1</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">ra</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-c1">(</span><span class="pl-k">match</span> <span class="pl-en">ra</span> <span class="pl-k">with</span>
+          <span class="pl-c1">|</span> <span class="pl-c1">V</span> <span class="pl-en">v</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">wp2</span> <span class="pl-en">v</span> <span class="pl-en">p</span> <span class="pl-en">h1</span>
+          <span class="pl-c1">|</span> <span class="pl-c1">E</span> <span class="pl-en">e</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-c1">E</span> <span class="pl-en">e</span><span class="pl-c1">)</span> <span class="pl-en">h1</span>
+          <span class="pl-c1">|</span> <span class="pl-c1">Err</span> <span class="pl-en">msg</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-c1">Err</span> <span class="pl-en">msg</span><span class="pl-c1">)</span> <span class="pl-en">h1</span><span class="pl-c1">))</span>
+    <span class="pl-en">h0</span></pre></div>
+<h4>
+<a id="user-content-all_if_then_else" class="anchor" href="#all_if_then_else" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>all_if_then_else</h4>
+<p>Case analysis in <a href="#ALL_h"><code>ALL_h</code></a></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">all_if_then_else</span>
+      <span class="pl-c1">(</span><span class="pl-en">heap</span> <span class="pl-en">a</span> <span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+      <span class="pl-c1">(</span><span class="pl-en">wp_then</span> <span class="pl-en">wp_else</span><span class="pl-c1">:</span> <span class="pl-en">all_wp_h</span> <span class="pl-en">heap</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">post</span><span class="pl-c1">:</span> <span class="pl-en">all_post_h</span> <span class="pl-en">heap</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">h0</span><span class="pl-c1">:</span> <span class="pl-en">heap</span><span class="pl-c1">)</span>
+     <span class="pl-c1">=</span> <span class="pl-en">wp_then</span> <span class="pl-en">post</span> <span class="pl-en">h0</span> <span class="pl-c1">/\</span> <span class="pl-c1">(~</span><span class="pl-en">p</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">wp_else</span> <span class="pl-en">post</span> <span class="pl-en">h0</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-all_ite_wp" class="anchor" href="#all_ite_wp" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>all_ite_wp</h4>
+<p>Naming postcondition for better sharing in <a href="#ALL_h"><code>ALL_h</code></a></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">all_ite_wp</span> <span class="pl-c1">(</span><span class="pl-en">heap</span> <span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp</span><span class="pl-c1">:</span> <span class="pl-en">all_wp_h</span> <span class="pl-en">heap</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">post</span><span class="pl-c1">:</span> <span class="pl-en">all_post_h</span> <span class="pl-en">heap</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h0</span><span class="pl-c1">:</span> <span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:</span> <span class="pl-en">all_post_h</span> <span class="pl-en">heap</span> <span class="pl-en">a</span><span class="pl-c1">).</span>
+    <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">result</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-en">heap</span><span class="pl-c1">).</span> <span class="pl-c1">{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">guard_free</span> <span class="pl-c1">(</span><span class="pl-en">k</span> <span class="pl-en">x</span> <span class="pl-en">h</span><span class="pl-c1">))}</span> <span class="pl-en">post</span> <span class="pl-en">x</span> <span class="pl-en">h</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">k</span> <span class="pl-en">x</span> <span class="pl-en">h</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">wp</span> <span class="pl-en">k</span> <span class="pl-en">h0</span></pre></div>
+<h4>
+<a id="user-content-all_stronger" class="anchor" href="#all_stronger" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>all_stronger</h4>
+<p>Subsumption in <a href="#ALL_h"><code>ALL_h</code></a></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">all_stronger</span> <span class="pl-c1">(</span><span class="pl-en">heap</span> <span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp1</span> <span class="pl-en">wp2</span><span class="pl-c1">:</span> <span class="pl-en">all_wp_h</span> <span class="pl-en">heap</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-en">all_post_h</span> <span class="pl-en">heap</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-en">heap</span><span class="pl-c1">).</span> <span class="pl-en">wp1</span> <span class="pl-en">p</span> <span class="pl-en">h</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">wp2</span> <span class="pl-en">p</span> <span class="pl-en">h</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-all_close_wp" class="anchor" href="#all_close_wp" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>all_close_wp</h4>
+<p>Closing a binder in the scope of an <a href="#ALL_h"><code>ALL_h</code></a> wp</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">all_close_wp</span>
+      <span class="pl-c1">(</span><span class="pl-en">heap</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+      <span class="pl-c1">(</span><span class="pl-en">wp</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">all_wp_h</span> <span class="pl-en">heap</span> <span class="pl-en">a</span><span class="pl-c1">)))</span>
+      <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-en">all_post_h</span> <span class="pl-en">heap</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-en">heap</span><span class="pl-c1">)</span>
+     <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">b</span><span class="pl-c1">).</span> <span class="pl-en">wp</span> <span class="pl-en">b</span> <span class="pl-en">p</span> <span class="pl-en">h</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-all_trivial" class="anchor" href="#all_trivial" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>all_trivial</h4>
+<p>Applying an <a href="#ALL_h"><code>ALL_h</code></a> wp to a trivial postcondition</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">all_trivial</span> <span class="pl-c1">(</span><span class="pl-en">heap</span> <span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp</span><span class="pl-c1">:</span> <span class="pl-en">all_wp_h</span> <span class="pl-en">heap</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">h0</span><span class="pl-c1">:</span> <span class="pl-en">heap</span><span class="pl-c1">).</span> <span class="pl-en">wp</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">r</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-en">h0</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-all_h" class="anchor" href="#all_h" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>ALL_h</h4>
+<p>Introducing the <a href="#ALL_h"><code>ALL_h</code></a> effect template</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">new_effect</span> <span class="pl-c1">{</span>
+  <span class="pl-c1">ALL_h</span> <span class="pl-c1">(</span><span class="pl-en">heap</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">wp</span><span class="pl-c1">:</span> <span class="pl-en">all_wp_h</span> <span class="pl-en">heap</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Effect</span>
+  <span class="pl-k">with</span>
+    <span class="pl-en">return_wp</span> <span class="pl-c1">=</span> <span class="pl-en">all_return</span> <span class="pl-en">heap</span>
+  <span class="pl-c1">;</span> <span class="pl-en">bind_wp</span> <span class="pl-c1">=</span> <span class="pl-en">all_bind_wp</span> <span class="pl-en">heap</span>
+  <span class="pl-c1">;</span> <span class="pl-en">if_then_else</span> <span class="pl-c1">=</span> <span class="pl-en">all_if_then_else</span> <span class="pl-en">heap</span>
+  <span class="pl-c1">;</span> <span class="pl-en">ite_wp</span> <span class="pl-c1">=</span> <span class="pl-en">all_ite_wp</span> <span class="pl-en">heap</span>
+  <span class="pl-c1">;</span> <span class="pl-en">stronger</span> <span class="pl-c1">=</span> <span class="pl-en">all_stronger</span> <span class="pl-en">heap</span>
+  <span class="pl-c1">;</span> <span class="pl-en">close_wp</span> <span class="pl-c1">=</span> <span class="pl-en">all_close_wp</span> <span class="pl-en">heap</span>
+  <span class="pl-c1">;</span> <span class="pl-en">trivial</span> <span class="pl-c1">=</span> <span class="pl-en">all_trivial</span> <span class="pl-en">heap</span>
+<span class="pl-c1">}</span></pre></div>
+<h4>
+<a id="user-content-inversion" class="anchor" href="#inversion" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>inversion</h4>
+<p>Controlling inversions of inductive type</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@ <span class="pl-en">remove_unused_type_parameters</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">]]</span>
+<span class="pl-k">val</span> <span class="pl-en">inversion</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">:</span> <span class="pl-c1">Type0</span></pre></div>
+<p>Given a value of an inductive type <code>v:t</code>, where <code>t = A | B</code>, the SMT
+solver can only prove that <code>v=A \/ v=B</code> by <em>inverting</em> <code>t</code>. This
+inversion is controlled by the <code>ifuel</code> setting, which usually limits
+the recursion depth of the number of such inversions that the solver
+can perform.</p>
+<p>The <a href="#inversion"><code>inversion</code></a> predicate below is a way to circumvent the
+<code>ifuel</code>-based restrictions on inversion depth. In particular, if the
+<code>inversion t</code> is available in the SMT solver's context, it is free to
+invert <code>t</code> infinitely, regardless of the <code>ifuel</code> setting.</p>
+<p>Be careful using this, since it explicitly subverts the <code>ifuel</code>
+setting. If used unwisely, this can lead to very poor SMT solver
+performance.</p>
+<h4>
+<a id="user-content-allow_inversion" class="anchor" href="#allow_inversion" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>allow_inversion</h4>
+<p>To introduce <code>inversion t</code> in the SMT solver's context, call
+<code>allow_inverson t</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">allow_inversion</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">unit</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">inversion</span> <span class="pl-en">a</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-invertoption" class="anchor" href="#invertoption" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>invertOption</h4>
+<p>Since the <code>option</code> type is so common, we always allow inverting
+options, regardless of <code>ifuel</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">invertOption</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">option</span> <span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-c1">None</span><span class="pl-c1">?</span> <span class="pl-en">x</span> <span class="pl-c1">\/</span> <span class="pl-c1">Some</span><span class="pl-c1">?</span> <span class="pl-en">x</span><span class="pl-c1">))</span> <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">option</span> <span class="pl-en">a</span><span class="pl-c1">)]</span></pre></div>
+<h4>
+<a id="user-content-either" class="anchor" href="#either" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>either</h4>
+<p>Values of type <code>a</code> or type <code>b</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">either</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Inl</span> <span class="pl-c1">:</span> <span class="pl-en">v</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">either</span> <span class="pl-en">a</span> <span class="pl-en">b</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Inr</span> <span class="pl-c1">:</span> <span class="pl-en">v</span><span class="pl-c1">:</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">either</span> <span class="pl-en">a</span> <span class="pl-en">b</span></pre></div>
+<h4>
+<a id="user-content-dfst" class="anchor" href="#dfst" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>dfst</h4>
+<p>Projections for the components of a dependent pair</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">dfst</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-en">dtuple2</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span>
+  <span class="pl-c1">=</span> <span class="pl-c1">Mkdtuple2</span><span class="pl-c1">?.</span><span class="pl-en">_1</span> <span class="pl-en">t</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">dsnd</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-en">dtuple2</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span>  <span class="pl-c1">(</span><span class="pl-c1">Mkdtuple2</span><span class="pl-c1">?.</span><span class="pl-en">_1</span> <span class="pl-en">t</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-c1">Mkdtuple2</span><span class="pl-c1">?.</span><span class="pl-en">_2</span> <span class="pl-en">t</span></pre></div>
+<h4>
+<a id="user-content-dtuple3" class="anchor" href="#dtuple3" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>dtuple3</h4>
+<p>Dependent triples, with sugar <code>x:a &amp; y:b x &amp; c x y</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unopteq</span>
+<span class="pl-k">type</span> <span class="pl-en">dtuple3</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type))</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Mkdtuple3</span> <span class="pl-c1">:</span> <span class="pl-en">_1</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">_2</span><span class="pl-c1">:</span> <span class="pl-en">b</span> <span class="pl-en">_1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">_3</span><span class="pl-c1">:</span> <span class="pl-en">c</span> <span class="pl-en">_1</span> <span class="pl-en">_2</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">dtuple3</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span></pre></div>
+<h4>
+<a id="user-content-dtuple4" class="anchor" href="#dtuple4" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>dtuple4</h4>
+<p>Dependent quadruples, with sugar <code>x:a &amp; y:b x &amp; z:c x y &amp; d x y z</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unopteq</span>
+<span class="pl-k">type</span> <span class="pl-en">dtuple4</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type))</span>
+  <span class="pl-c1">(</span><span class="pl-en">d</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">z</span><span class="pl-c1">:</span> <span class="pl-en">c</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type))</span>
+  <span class="pl-c1">=</span> <span class="pl-c1">|</span> <span class="pl-c1">Mkdtuple4</span> <span class="pl-c1">:</span> <span class="pl-en">_1</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">_2</span><span class="pl-c1">:</span> <span class="pl-en">b</span> <span class="pl-en">_1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">_3</span><span class="pl-c1">:</span> <span class="pl-en">c</span> <span class="pl-en">_1</span> <span class="pl-en">_2</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">_4</span><span class="pl-c1">:</span> <span class="pl-en">d</span> <span class="pl-en">_1</span> <span class="pl-en">_2</span> <span class="pl-en">_3</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">dtuple4</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-en">d</span></pre></div>
+<h4>
+<a id="user-content-ignore" class="anchor" href="#ignore" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>ignore</h4>
+<p>Explicitly discarding a value</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">ignore</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<h4>
+<a id="user-content-false_elim" class="anchor" href="#false_elim" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>false_elim</h4>
+<p>In a context where <code>false</code> is provable, you can prove that any
+type <code>a</code> is inhabited.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">false_elim</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">u</span><span class="pl-c1">:</span> <span class="pl-c1">unit{</span><span class="pl-c1">False</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span></pre></div>
+<p>There are many proofs of this fact in F*. Here, in the implementation, we build an
+infinitely looping function, since the termination check succeeds
+in a <code>False</code> context.</p>
+<blockquote>
+<p>Attributes:</p>
+<p>An attribute is any F* term.</p>
+<p>Attributes are desugared and checked for being well-scoped. But,
+they are not type-checked.</p>
+<p>It is associated with a definition using the <code>@@attribute</code>
+notation, just preceding the definition.</p>
+</blockquote>
+<h4>
+<a id="user-content-__internal_ocaml_attributes" class="anchor" href="#__internal_ocaml_attributes" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>__internal_ocaml_attributes</h4>
+<p>We collect several internal ocaml attributes into a single
+inductive type.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">__internal_ocaml_attributes</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">PpxDerivingShow</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">PpxDerivingShowConstant</span> <span class="pl-en">of</span> <span class="pl-c1">string</span> <span class="pl-c"><span class="pl-c">(*</span> Generate [@@@ deriving show ] on the resulting OCaml type <span class="pl-c">*)</span></span>
+  <span class="pl-c1">|</span> <span class="pl-c1">PpxDerivingYoJson</span> <span class="pl-c"><span class="pl-c">(*</span> Similar, but for constant printers. <span class="pl-c">*)</span></span>
+  <span class="pl-c1">|</span> <span class="pl-c1">CInline</span> <span class="pl-c"><span class="pl-c">(*</span> Generate [@@@ deriving yojson ] on the resulting OCaml type <span class="pl-c">*)</span></span></pre></div>
+<p>This may be unnecessary. In the future, we are likely to flatten
+this definition into several definitions of abstract top-level
+names.</p>
+<p>An example:</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">`</span>@@ <span class="pl-c1">CInline</span> <span class="pl-c1">`</span> <span class="pl-k">let</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-smi">UInt32.</span><span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">+</span>%<span class="pl-c1">^</span> <span class="pl-c1">1</span><span class="pl-c1">)</span></pre></div>
+<p>is extracted to C by KReMLin to a C definition tagged with the
+<code>inline</code> qualifier.</p>
+<p>KreMLin-only: generates a C "inline" attribute on the resulting
+* function declaration.
+KreMLin-only: forces KreMLin to inline the function at call-site; this is
+* deprecated and the recommended way is now to use F*'s
+* <code>inline_for_extraction</code>, which now also works for stateful functions.
+KreMLin-only: instructs KreMLin to heap-allocate any value of this
+* data-type; this requires running with a conservative GC as the
+* allocations are not freed.
+KreMLin-only: attach a comment to the declaration. Note that using F*-doc
+* syntax automatically fills in this attribute.
+KreMLin-only: verbatim C code to be prepended to the declaration.
+* Multiple attributes are valid and accumulate, separated by newlines.
+KreMLin-only: indicates that the parameter with that name is to be marked
+* as C const.  This will be checked by the C compiler, not by KreMLin or F*.
+*
+* This is deprecated and doesn't work as intended. Use
+* LowStar.ConstBuffer.fst instead!
+KreMLin-only: for types that compile to struct types (records and
+* inductives), indicate that the header file should only contain a forward
+* declaration, which in turn forces the client to only ever use this type
+* through a pointer.
+KreMLin-only: for a top-level <code>let v = e</code>, compile as a macro</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Substitute</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Gc</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Comment</span> <span class="pl-en">of</span> <span class="pl-c1">string</span>
+<span class="pl-c1">|</span> <span class="pl-c1">CPrologue</span> <span class="pl-en">of</span> <span class="pl-c1">string</span>
+<span class="pl-c1">|</span> <span class="pl-c1">CEpilogue</span> <span class="pl-en">of</span> <span class="pl-c1">string</span>
+<span class="pl-c1">|</span> <span class="pl-c1">CConst</span> <span class="pl-en">of</span> <span class="pl-c1">string</span> <span class="pl-c"><span class="pl-c">(*</span> Ibid. <span class="pl-c">*)</span></span>
+<span class="pl-c1">|</span> <span class="pl-c1">CCConv</span> <span class="pl-en">of</span> <span class="pl-c1">string</span>
+<span class="pl-c1">|</span> <span class="pl-c1">CAbstractStruct</span> <span class="pl-c"><span class="pl-c">(*</span> A calling convention for C, one of stdcall, cdecl, fastcall <span class="pl-c">*)</span></span>
+<span class="pl-c1">|</span> <span class="pl-c1">CIfDef</span>
+<span class="pl-c1">|</span> <span class="pl-c1">CMacro</span> <span class="pl-c"><span class="pl-c">(*</span> KreMLin-only: on a given `val foo`, compile if foo with #ifdef. <span class="pl-c">*)</span></span></pre></div>
+<h4>
+<a id="user-content-inline_let" class="anchor" href="#inline_let" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>inline_let</h4>
+<p>The <a href="#inline_let"><code>inline_let</code></a> attribute on a local let-binding, instructs the
+extraction pipeline to inline the definition. This may be both to
+avoid generating unnecessary intermediate variables, and also to
+enable further partial evaluation. Note, use this with care, since
+inlining all lets can lead to an exponential blowup in code
+size.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">inline_let</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-rename_let" class="anchor" href="#rename_let" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>rename_let</h4>
+<p>The <a href="#rename_let"><code>rename_let</code></a> attribute support a form of metaprogramming for
+the names of let-bound variables used in extracted code.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">rename_let</span> <span class="pl-c1">(</span><span class="pl-en">new_name</span><span class="pl-c1">:</span> <span class="pl-c1">string)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">unit</span></pre></div>
+<p>This is useful, particularly in conjunction with partial
+evaluation, to ensure that names reflect their usage context.</p>
+<p>See tests/micro-benchmarks/Renaming*.fst</p>
+<h4>
+<a id="user-content-plugin" class="anchor" href="#plugin" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>plugin</h4>
+<p>The <a href="#plugin"><code>plugin</code></a> attribute is used in conjunction with native
+compilation of F* components, accelerating their reduction
+relative to the default strategy of just interpreting them.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">plugin</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">unit</span></pre></div>
+<p>See examples/native_tactics for several examples.</p>
+<h4>
+<a id="user-content-tcnorm" class="anchor" href="#tcnorm" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>tcnorm</h4>
+<p>An attribute to mark things that the typechecker should <em>first</em>
+elaborate and typecheck, but unfold before verification.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">tcnorm</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-must_erase_for_extraction" class="anchor" href="#must_erase_for_extraction" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>must_erase_for_extraction</h4>
+<p>We erase all ghost functions and unit-returning pure functions to
+<code>()</code> at extraction. This creates a small issue with abstract
+types. Consider a module that defines an abstract type <code>t</code> whose
+(internal) definition is <code>unit</code> and also defines <code>f: int -&gt; t</code>. <code>f</code>
+would be erased to be just <code>()</code> inside the module, while the
+client calls to <code>f</code> would not, since <code>t</code> is abstract. To get
+around this, when extracting interfaces, if we encounter an
+abstract type, we tag it with this attribute, so that
+extraction can treat it specially.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">must_erase_for_extraction</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span></pre></div>
+<p>Note, since the use of cross-module inlining (the <code>--cmi</code> option),
+this attribute is no longer necessary. We retain it for legacy,
+but will remove it in the future.</p>
+<h4>
+<a id="user-content-dm4f_bind_range" class="anchor" href="#dm4f_bind_range" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>dm4f_bind_range</h4>
+<p>This attribute is used with the Dijkstra Monads for Free
+construction to track position information in generated VCs</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">dm4f_bind_range</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-expect_failure" class="anchor" href="#expect_failure" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>expect_failure</h4>
+<p>When attached a top-level definition, the typechecker will succeed
+if and only if checking the definition results in an error. The
+error number list is actually OPTIONAL. If present, it will be
+checked that the definition raises exactly those errors in the
+specified multiplicity, but order does not matter.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">expect_failure</span> <span class="pl-c1">(</span><span class="pl-en">errs</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-expect_lax_failure" class="anchor" href="#expect_lax_failure" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>expect_lax_failure</h4>
+<p>When --lax is present, with the previous attribute since some
+definitions only fail when verification is turned on. With this
+attribute, one can ensure that a definition fails while lax-checking
+too. Same semantics as above, but lax mode will be turned on for the
+definition.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">expect_lax_failure</span> <span class="pl-c1">(</span><span class="pl-en">errs</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-tcdecltime" class="anchor" href="#tcdecltime" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>tcdecltime</h4>
+<p>Print the time it took to typecheck a top-level definition</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">tcdecltime</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-assume_strictly_positive" class="anchor" href="#assume_strictly_positive" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>assume_strictly_positive</h4>
+<p><strong>THIS ATTRIBUTE IS AN ESCAPE HATCH AND CAN BREAK SOUNDNESS</strong></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">assume_strictly_positive</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span></pre></div>
+<p><strong>USE WITH CARE</strong></p>
+<p>The positivity check for inductive types stops at abstraction
+boundaries. This results in spurious errors about positivity,
+e.g., when defining types like <code>type t = ref (option t)</code> By adding
+this attribute to a declaration of a top-level name positivity
+checks on applications of that name are admitted.  See, for
+instance, FStar.Monotonic.Heap.mref We plan to decorate binders of
+abstract types with polarities to allow us to check positivity
+across abstraction boundaries and will eventually remove this
+attribute.</p>
+<h4>
+<a id="user-content-unifier_hint_injective" class="anchor" href="#unifier_hint_injective" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>unifier_hint_injective</h4>
+<p>This attribute is to be used as a hint for the unifier.  A
+function-typed symbol <code>t</code> marked with this attribute will be treated
+as being injective in all its arguments by the unifier.  That is,
+given a problem <code>t a1..an =?= t b1..bn</code> the unifier will solve it by
+proving <code>ai =?= bi</code> for all <code>i</code>, without trying to unfold the
+definition of <code>t</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">unifier_hint_injective</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-strict_on_arguments" class="anchor" href="#strict_on_arguments" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>strict_on_arguments</h4>
+<p>This attribute is used to control the evaluation order
+and unfolding strategy for certain definitions.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">strict_on_arguments</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">unit</span></pre></div>
+<p>In particular, given
+<code>FStar `@@(strict_on_arguments `1;2`)` let f x0 (x1:list x0) (x1:option x0) = e </code></p>
+<p>An application <code>f e0 e1 e2</code> is reduced by the normalizer by:</p>
+<pre><code>1. evaluating `e0 ~&gt;* v0, e1 ~&gt;* v1, e2 ~&gt;* v2`
+
+2 a.
+   If, according to the positional arguments `1;2`,
+   if v1 and v2 have constant head symbols
+         (e.g., v1 = Cons _ _ _, and v2 = None _)
+  then `f` is unfolded to `e` and reduced as
+    ```FStare[v0/x0][v1/x1][v2/x2]```
+
+2 b.
+
+ Otherwise, `f` is not unfolded and the term is `f e0 e1 e2`
+ reduces to `f v0 v1 v2`.
+</code></pre>
+<h4>
+<a id="user-content-resolve_implicits" class="anchor" href="#resolve_implicits" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>resolve_implicits</h4>
 <ul>
-<li>This attribute can be added to an inductive type definition,</li>
-<li>indicating that it should be erased on extraction to <code>unit</code>.</li>
-<li></li>
-<li>However, any pattern matching on the inductive type results</li>
-<li>in a <code>Ghost</code> effect, ensuring that computationally relevant</li>
-<li>code cannot rely on the values of the erasable type.</li>
-<li></li>
-<li>See examples/micro-benchmarks/Erasable.fst, for examples.</li>
-<li>Also see https://github.com/FStarLang/FStar/issues/1844</li>
+<li>An attribute to tag a tactic designated to solve any</li>
+<li>unsolved implicit arguments remaining at the end of type inference.</li>
+<li>
+</li>
 </ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">resolve_implicits</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-erasable" class="anchor" href="#erasable" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>erasable</h4>
+<p>This attribute can be added to an inductive type definition,
+indicating that it should be erased on extraction to <code>unit</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">erasable</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span></pre></div>
+<p>However, any pattern matching on the inductive type results
+in a <code>Ghost</code> effect, ensuring that computationally relevant
+code cannot rely on the values of the erasable type.</p>
+<p>See tests/micro-benchmarks/Erasable.fst, for examples.  Also
+see <a href="https://github.com/FStarLang/FStar/issues/1844">https://github.com/FStarLang/FStar/issues/1844</a></p>
+<h4>
+<a id="user-content-allow_informative_binders" class="anchor" href="#allow_informative_binders" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>allow_informative_binders</h4>
+<p>THIS ATTRIBUTE CAN BREAK EXTRACTION SOUNDNESS, USE WITH CARE</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">allow_informative_binders</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span></pre></div>
+<p>Combinators for reifiable layered effects must have binders with
+non-informative types, since at extraction time, those binders are
+substituted with ().
+This attribute can be added to a layered effect definition to skip this
+check, i.e. adding it will allow informative binder types, but then
+the code should not be extracted</p>
+<h4>
+<a id="user-content-commute_nested_matches" class="anchor" href="#commute_nested_matches" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>commute_nested_matches</h4>
+<p><a href="#commute_nested_matches"><code>commute_nested_matches</code></a>
+This attribute can be used to decorate an inductive type <code>t</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">commute_nested_matches</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span></pre></div>
+<p>During normalization, if reduction is blocked on matching the
+constructors of <code>t</code> in the following sense:</p>
+<p>[
+match (match e0 with | P1 -&gt; e1 | ... | Pn -&gt; en) with
+| Q1 -&gt; f1 ... | Qm -&gt; fm
+]</p>
+<p>i.e., the outer match is stuck due to the inner match on <code>e0</code>
+being stuck, and if the head constructor the outer <code>Qi</code> patterns
+are the constructors of the decorated inductive type <code>t</code>, then,
+this is reduced to</p>
+<p>[
+match e0 with
+| P1 -&gt; (match e1 with | Q1 -&gt; f1 ... | Qm -&gt; fm)
+| ...
+| Pn -&gt; (match en with | Q1 -&gt; f1 ... | Qm -&gt; fm)
+]</p>
+<p>This is sometimes useful when partially evaluating code before
+extraction, particularly when aiming to obtain first-order code
+for KReMLin. However, this attribute should be used with care,
+since if after the rewriting the inner matches do not reduce, then
+this can cause an explosion in code size.</p>
+<p>See tests/micro-benchmarks/CommuteNestedMatches.fst
+and examples/layeredeffects/LowParseWriters.fsti</p>
+<h4>
+<a id="user-content-noextract_to" class="anchor" href="#noextract_to" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>noextract_to</h4>
+<p>This attribute controls extraction: it can be used to disable
+extraction of a given top-level definition into a specific backend,
+such as "OCaml". If any extracted code must call into an erased
+function, an error will be raised (code 340).</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">noextract_to</span> <span class="pl-c1">(</span><span class="pl-en">backend</span><span class="pl-c1">:string)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-normalize_for_extraction" class="anchor" href="#normalize_for_extraction" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>normalize_for_extraction</h4>
+<p>This attribute decorates a let binding, e.g.,</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">normalize_for_extraction</span> <span class="pl-c1">(</span><span class="pl-en">steps</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">norm_step</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">unit</span></pre></div>
+<p><code>@@normalize_for_extraction steps</code>
+let f = e</p>
+<p>The effect is that prior to extraction, F* will first reduce <code>e</code>
+using the normalization <code>steps</code>, and then proceed to extract it as
+usual.</p>
+<p>Almost the same behavior can be achieved by using a
+<code>postprocess_for_extraction_with t</code> attribute, which runs tactic
+<code>t</code> on the goal <code>e == ?u</code> and extracts the solution to <code>?u</code> in
+place of <code>e</code>. However, using a tactic to postprocess a term is
+more general than needed for some cases.</p>
+<p>In particular, if we intend to only normalize <code>e</code> before
+extraction (rather than applying some other form of equational
+reasoning), then using <a href="#normalize_for_extraction"><code>normalize_for_extraction</code></a> can be more
+efficient, for the following reason:</p>
+<p>Since we are reducing <code>e</code> just before extraction, F* can enable an
+otherwise non-user-facing normalization feature that allows all
+arguments marked <code>@@@erasable</code> to be erased to <code>()</code>---these terms
+will anyway be extracted to <code>()</code> so erasing them during
+normalization is a useful optimization.</p>
+<h4>
+<a id="user-content-ite_soundness_by" class="anchor" href="#ite_soundness_by" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>ite_soundness_by</h4>
+<p>A layered effect definition may optionally be annoated with
+(ite_soundness_by t) attribute, where t is another attribute
+When so, the implicits and the smt guard generated when
+checking the soundness of the if-then-else combinator, are
+dispatched to the tactic in scope that has the t attribute (in addition
+to the resolve_implicits attribute as usual)</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">ite_soundness_by</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span></pre></div>
+<p>See examples/layeredeffects/IteSoundess.fst for a few examples</p>
+<h4>
+<a id="user-content-strictly_positive" class="anchor" href="#strictly_positive" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>strictly_positive</h4>
+<p>A binder in a definition/declaration may optionally be annotated as strictly_positive
+When the let definition is used in a data constructor type in an inductive
+definition, this annotation is used to check the positivity of the inductive</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">strictly_positive</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span></pre></div>
+<p>Further F* checks that the binder is actually positive in the let definition</p>
+<p>See tests/micro-benchmarks/Positivity.fst and NegativeTests.Positivity.fst for a few examples</p>
+<h4>
+<a id="user-content-singleton" class="anchor" href="#singleton" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>singleton</h4>
+<p>Pure and ghost inner let bindings are now always inlined during
+the wp computation, if: the return type is not unit and the head
+symbol is not marked irreducible.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">singleton</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">})</span></pre></div>
+<p>To circumvent this behavior, singleton can be used.
+See the example usage in ulib/FStar.Algebra.Monoid.fst.</p>
+<h4>
+<a id="user-content-with_type" class="anchor" href="#with_type" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>with_type</h4>
+<p><code>with_type t e</code> is just an identity function, but it receives
+special treatment in the SMT encoding, where in addition to being
+an identity function, we have an SMT axiom:
+<code>forall t e.{:pattern (with_type t e)} has_type (with_type t e) t</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">with_type</span> <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">e</span><span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">t</span></pre></div>
+<h4>
+<a id="user-content-eqtype_as_type" class="anchor" href="#eqtype_as_type" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>eqtype_as_type</h4>
+<p>A weakening coercion from eqtype to Type.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">eqtype_as_type</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">=</span> <span class="pl-en">a</span></pre></div>
+<p>One of its uses is in types of layered effect combinators that
+are subjected to stricter typing discipline (no subtyping)</p>
+
 </body>
 </html>
diff --git a/docs/FStar.PredicateExtensionality.html b/docs/FStar.PredicateExtensionality.html
index c558cdc..0aa4e0e 100644
--- a/docs/FStar.PredicateExtensionality.html
+++ b/docs/FStar.PredicateExtensionality.html
@@ -1,16 +1,27 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.PredicateExtensionality</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.predicateextensionality">module FStar.PredicateExtensionality</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarpredicateextensionality" class="anchor" href="#fstarpredicateextensionality" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.PredicateExtensionality</h1>
+<ul>
+<li>Aliases module <a href="FStar.FunctionalExtensionality.html"> FStar.FunctionalExtensionality</a> as <code>F </code>
+</li>
+<li>Aliases module <a href="FStar.PropositionalExtensionality.html"> FStar.PropositionalExtensionality</a> as <code>P </code>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">predicate</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">prop</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">peq</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">p1</span><span class="pl-c1">:</span><span class="pl-en">predicate</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p2</span><span class="pl-c1">:</span><span class="pl-en">predicate</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-c1">(</span><span class="pl-en">p1</span> <span class="pl-en">x</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">p2</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">predicateExtensionality</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">p1</span> <span class="pl-en">p2</span><span class="pl-c1">:</span><span class="pl-en">predicate</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">peq</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">p1</span> <span class="pl-en">p2</span><span class="pl-c1">))</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">F.</span><span class="pl-en">on_domain</span> <span class="pl-en">a</span> <span class="pl-en">p1</span><span class="pl-c1">==</span><span class="pl-smi">F.</span><span class="pl-en">on_domain</span> <span class="pl-en">a</span> <span class="pl-en">p2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-smi">P.</span><span class="pl-en">axiom</span><span class="pl-c1">();</span>
+    <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-smi">F.</span><span class="pl-en">feq</span> <span class="pl-en">p1</span> <span class="pl-en">p2</span><span class="pl-c1">)</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Preorder.html b/docs/FStar.Preorder.html
index 51afe67..78313ab 100644
--- a/docs/FStar.Preorder.html
+++ b/docs/FStar.Preorder.html
@@ -1,16 +1,25 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Preorder</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.preorder">module FStar.Preorder</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarpreorder" class="anchor" href="#fstarpreorder" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Preorder</h1>
+<p>Preordered relations and stable predicates</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">relation</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">predicate</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">reflexive</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-en">rel</span> <span class="pl-en">x</span> <span class="pl-en">x</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">transitive</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">z</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-c1">(</span><span class="pl-en">rel</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">/\</span> <span class="pl-en">rel</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">rel</span> <span class="pl-en">x</span> <span class="pl-en">z</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">preorder_rel</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">reflexive</span> <span class="pl-en">rel</span> <span class="pl-c1">/\</span> <span class="pl-en">transitive</span> <span class="pl-en">rel</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">preorder</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">preorder_rel</span> <span class="pl-en">rel</span><span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">stable</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">predicate</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">preorder_rel</span> <span class="pl-en">rel</span><span class="pl-c1">})</span> <span class="pl-c1">=</span>
+  <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-c1">/\</span> <span class="pl-en">rel</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">p</span> <span class="pl-en">y</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Printf.html b/docs/FStar.Printf.html
index 69b173e..ceb96dc 100644
--- a/docs/FStar.Printf.html
+++ b/docs/FStar.Printf.html
@@ -1,16 +1,214 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Printf</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.printf">module FStar.Printf</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarprintf" class="anchor" href="#fstarprintf" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Printf</h1>
+<ul>
+<li>
+<p>A variable arity C-style printf</p>
+</li>
+<li>
+<p>See tests/micro-benchmarks/Test.Printf.fst for example usage</p>
+</li>
+<li>
+<p>Opens module <a href="FStar.Char.html">FStar.Char</a></p>
+</li>
+<li>
+<p>Opens module <a href="FStar.String.html">FStar.String</a></p>
+</li>
+<li>
+<p>Aliases module <a href="FStar.Integers.html"> FStar.Integers</a> as <code>I </code></p>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">noeq</span>
+<span class="pl-k">type</span> <span class="pl-en">extension</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">MkExtension</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">$</span><span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">string)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">extension</span></pre></div>
+<blockquote>
+<p><code>arg</code>: The format specifiers supported
+%b : bool
+%d : int
+%c : char
+%s : string
+%uy : U8.t
+%us : U16.t
+%ul : U32.t
+%uL : U64.t
+%y  : Int8.t
+%i  : Int16.t
+%l  : Int32.t
+%L  : Int64.t</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">noeq</span>
+<span class="pl-k">type</span> <span class="pl-en">arg</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Bool</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Int</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Char</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">String</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">U8</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">U16</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">U32</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">U64</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">I8</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">I16</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">I32</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">I64</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Extension</span> <span class="pl-en">of</span> <span class="pl-en">extension</span></pre></div>
+<blockquote>
+<p><code>arg_type</code>: Interpreting a <code>arg</code> tag as a type</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">arg_type</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">arg</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type0</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">a</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Bool</span>   <span class="pl-c1">-&gt;</span> <span class="pl-c1">bool</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Int</span>    <span class="pl-c1">-&gt;</span> <span class="pl-c1">int</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Char</span>   <span class="pl-c1">-&gt;</span> <span class="pl-en">char</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">String</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">string</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">U8</span>     <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt8.</span><span class="pl-en">t</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">U16</span>    <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt16.</span><span class="pl-en">t</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">U32</span>    <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt32.</span><span class="pl-en">t</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">U64</span>    <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt64.</span><span class="pl-en">t</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">I8</span>     <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int8.</span><span class="pl-en">t</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">I16</span>    <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int16.</span><span class="pl-en">t</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">I32</span>    <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int32.</span><span class="pl-en">t</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">I64</span>    <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int64.</span><span class="pl-en">t</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Extension</span> <span class="pl-c1">(</span><span class="pl-c1">MkExtension</span> <span class="pl-c1">#</span><span class="pl-en">t</span> <span class="pl-c1">_</span><span class="pl-c1">)</span>  <span class="pl-c1">-&gt;</span> <span class="pl-en">t</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">string_of_arg</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">arg</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">arg_type</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">a</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Bool</span>   <span class="pl-c1">-&gt;</span> <span class="pl-en">string_of_bool</span> <span class="pl-en">x</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Int</span>    <span class="pl-c1">-&gt;</span> <span class="pl-en">string_of_int</span> <span class="pl-en">x</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Char</span>   <span class="pl-c1">-&gt;</span> <span class="pl-en">string_of_char</span> <span class="pl-en">x</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">String</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">U8</span>     <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt8.</span><span class="pl-en">to_string</span> <span class="pl-en">x</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">U16</span>    <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt16.</span><span class="pl-en">to_string</span> <span class="pl-en">x</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">U32</span>    <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt32.</span><span class="pl-en">to_string</span> <span class="pl-en">x</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">U64</span>    <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt64.</span><span class="pl-en">to_string</span> <span class="pl-en">x</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">I8</span>     <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int8.</span><span class="pl-en">to_string</span> <span class="pl-en">x</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">I16</span>    <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int16.</span><span class="pl-en">to_string</span> <span class="pl-en">x</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">I32</span>    <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int32.</span><span class="pl-en">to_string</span> <span class="pl-en">x</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">I64</span>    <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Int64.</span><span class="pl-en">to_string</span> <span class="pl-en">x</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Extension</span> <span class="pl-c1">(</span><span class="pl-c1">MkExtension</span> <span class="pl-en">f</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span> <span class="pl-en">x</span></pre></div>
+<blockquote>
+<p><code>dir</code>: Internal to this module
+A 'directive"; used when parsing a format specifier</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">noeq</span>
+<span class="pl-k">type</span> <span class="pl-en">dir</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Lit</span> <span class="pl-en">of</span> <span class="pl-en">char</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Arg</span> <span class="pl-en">of</span> <span class="pl-en">arg</span></pre></div>
+<blockquote>
+<p><code>dir_type ds</code>: Interpreting a list directives as a pure function type</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">dir_type</span> <span class="pl-c1">(</span><span class="pl-en">ds</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">dir</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type0</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">ds</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">string</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Lit</span> <span class="pl-en">c</span> <span class="pl-c1">::</span> <span class="pl-en">ds'</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">dir_type</span> <span class="pl-en">ds'</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Arg</span> <span class="pl-en">a</span> <span class="pl-c1">::</span> <span class="pl-en">ds'</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">arg_type</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">dir_type</span> <span class="pl-en">ds'</span></pre></div>
+<blockquote>
+<p><code>string_of_dirs ds</code>:
+Interpreting a list of directives as its function,
+in a continuation-passing style</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">string_of_dirs</span>
+        <span class="pl-c1">(</span><span class="pl-en">ds</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">dir</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">string)</span>
+  <span class="pl-c1">:</span> <span class="pl-en">dir_type</span> <span class="pl-en">ds</span>
+  <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">ds</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">k</span> <span class="pl-s"><span class="pl-pds">"</span><span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Lit</span> <span class="pl-en">c</span> <span class="pl-c1">::</span> <span class="pl-en">ds'</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">string_of_dirs</span> <span class="pl-en">ds'</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">res</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">k</span> <span class="pl-c1">(</span><span class="pl-en">string_of_char</span> <span class="pl-en">c</span> <span class="pl-c1">^</span> <span class="pl-en">res</span><span class="pl-c1">))</span>
+      <span class="pl-c1">&lt;:</span> <span class="pl-en">normalize_term</span> <span class="pl-c1">(</span><span class="pl-en">dir_type</span> <span class="pl-en">ds'</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Arg</span> <span class="pl-en">a</span> <span class="pl-c1">::</span> <span class="pl-en">ds'</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-en">arg_type</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-en">string_of_dirs</span> <span class="pl-en">ds'</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">res</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">((</span><span class="pl-en">k</span> <span class="pl-s"><span class="pl-pds">"</span><span class="pl-pds">"</span></span><span class="pl-c1">)</span>
+                                     <span class="pl-c1">^</span> <span class="pl-en">string_of_arg</span> <span class="pl-en">x</span>
+                                     <span class="pl-c1">^</span> <span class="pl-en">res</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">extension_parser</span> <span class="pl-c1">=</span> <span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">char</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">option</span> <span class="pl-c1">(</span><span class="pl-en">extension</span> * <span class="pl-en">o</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">char</span><span class="pl-c1">{</span><span class="pl-en">o</span> &lt;&lt; <span class="pl-en">i</span><span class="pl-c1">})</span></pre></div>
+<blockquote>
+<p><code>parse_format s</code>:
+Parses a list of characters into a list of directives
+Or None, in case the format string is invalid</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">parse_format</span>
+      <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">char</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">parse_ext</span><span class="pl-c1">:</span> <span class="pl-en">extension_parser</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-en">option</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-en">dir</span><span class="pl-c1">)</span>
+    <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-en">add_dir</span> <span class="pl-c1">(</span><span class="pl-en">d</span><span class="pl-c1">:</span><span class="pl-en">dir</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ods</span> <span class="pl-c1">:</span> <span class="pl-en">option</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-en">dir</span><span class="pl-c1">))</span>
+        <span class="pl-c1">:</span> <span class="pl-en">option</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-en">dir</span><span class="pl-c1">)</span>
+        <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">ods</span> <span class="pl-k">with</span>
+          <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">None</span>
+          <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">ds</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Some</span> <span class="pl-c1">(</span><span class="pl-en">d</span><span class="pl-c1">::</span><span class="pl-en">ds</span><span class="pl-c1">)</span>
+      <span class="pl-k">in</span>
+      <span class="pl-k">match</span> <span class="pl-en">s</span> <span class="pl-k">with</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Some</span> <span class="pl-c1">[]</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">[</span><span class="pl-s">'<span class="pl-ii">%'] -&gt; None</span></span></pre></div>
+<p>Unsigned integers beging with '%u'</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-s">'<span class="pl-ii">%' :: 'u' :: s' -&gt; begin</span></span>
+<span class="pl-s"><span class="pl-ii">  match s' with</span></span>
+<span class="pl-s"><span class="pl-ii">  | 'y' :: s'' -&gt; add_dir (Arg U8) (parse_format s'' parse_ext)</span></span>
+<span class="pl-s"><span class="pl-ii">  | 's' :: s'' -&gt; add_dir (Arg U16) (parse_format s'' parse_ext)</span></span>
+<span class="pl-s"><span class="pl-ii">  | 'l' :: s'' -&gt; add_dir (Arg U32) (parse_format s'' parse_ext)</span></span>
+<span class="pl-s"><span class="pl-ii">  | 'L' :: s'' -&gt; add_dir (Arg U64) (parse_format s'' parse_ext)</span></span>
+<span class="pl-s"><span class="pl-ii">  | _ -&gt; None</span></span>
+<span class="pl-s"><span class="pl-ii">  end</span></span></pre></div>
+<p>User extensions begin with '%X'</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-s">'<span class="pl-ii">%' :: 'X' :: s' -&gt; begin</span></span>
+<span class="pl-s"><span class="pl-ii">  match parse_ext s' with</span></span>
+<span class="pl-s"><span class="pl-ii">  | Some (ext, rest) -&gt; add_dir (Arg (Extension ext)) (parse_format rest parse_ext)</span></span>
+<span class="pl-s"><span class="pl-ii">  | _ -&gt; None</span></span>
+<span class="pl-s"><span class="pl-ii"> end</span></span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-s">'<span class="pl-ii">%' :: c :: s' -&gt; begin</span></span>
+<span class="pl-s"><span class="pl-ii">  match c with</span></span>
+<span class="pl-s"><span class="pl-ii">  | '%' -&gt; add_dir (Lit '%')    (parse_format s' parse_ext)</span></span>
+<span class="pl-s"><span class="pl-ii">  | 'b' -&gt; add_dir (Arg Bool)   (parse_format s' parse_ext)</span></span>
+<span class="pl-s"><span class="pl-ii">  | 'd' -&gt; add_dir (Arg Int)    (parse_format s' parse_ext)</span></span>
+<span class="pl-s"><span class="pl-ii">  | 'c' -&gt; add_dir (Arg Char)   (parse_format s' parse_ext)</span></span>
+<span class="pl-s"><span class="pl-ii">  | 's' -&gt; add_dir (Arg String) (parse_format s' parse_ext)</span></span>
+<span class="pl-s"><span class="pl-ii">  | 'y' -&gt; add_dir (Arg I8)     (parse_format s' parse_ext)</span></span>
+<span class="pl-s"><span class="pl-ii">  | 'i' -&gt; add_dir (Arg I16)    (parse_format s' parse_ext)</span></span>
+<span class="pl-s"><span class="pl-ii">  | 'l' -&gt; add_dir (Arg I32)    (parse_format s' parse_ext)</span></span>
+<span class="pl-s"><span class="pl-ii">  | 'L' -&gt; add_dir (Arg I64)    (parse_format s' parse_ext)</span></span>
+<span class="pl-s"><span class="pl-ii">  | _   -&gt; None</span></span>
+<span class="pl-s"><span class="pl-ii">  end</span></span>
+<span class="pl-s"><span class="pl-ii">| c :: s' -&gt;</span></span>
+<span class="pl-s"><span class="pl-ii">  add_dir (Lit c) (parse_format s' parse_ext)</span></span></pre></div>
+<blockquote>
+<p><code>parse_format_string</code>: parses a format <code>string</code> into a list of directives</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">parse_format_string</span>
+    <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:string)</span>
+    <span class="pl-c1">(</span><span class="pl-en">parse_ext</span><span class="pl-c1">:</span><span class="pl-en">extension_parser</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-en">option</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-en">dir</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-en">parse_format</span> <span class="pl-c1">(</span><span class="pl-en">list_of_string</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">parse_ext</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">no_extensions</span> <span class="pl-c1">:</span> <span class="pl-en">extension_parser</span> <span class="pl-c1">=</span> <span class="pl-k">fun</span> <span class="pl-en">s</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">None</span></pre></div>
+<blockquote>
+<p><code>sprintf</code>: The main function of this module
+A variable arity string formatter
+Used as: <code>sprintf "format string" v1 ... vn</code></p>
+<pre><code>It's marked `inline_for_extraction`, meaning that we don't need
+any special support in our compilation targets to support sprintf
+
+`sprintf "Hello %s" "world"`
+ will just extract to `"Hello " ^ "world"`
+</code></pre>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">inline_for_extraction</span>
+<span class="pl-k">let</span> <span class="pl-en">sprintf</span>
+    <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:string{</span><span class="pl-en">normalize_term</span> <span class="pl-c1">(</span><span class="pl-en">b2t</span> <span class="pl-c1">(</span><span class="pl-c1">Some</span><span class="pl-c1">?</span> <span class="pl-c1">(</span><span class="pl-en">parse_format_string</span> <span class="pl-en">s</span> <span class="pl-en">no_extensions</span><span class="pl-c1">)))})</span>
+    <span class="pl-c1">:</span> <span class="pl-en">normalize_term</span> <span class="pl-c1">(</span><span class="pl-en">dir_type</span> <span class="pl-c1">(</span><span class="pl-c1">Some</span><span class="pl-c1">?.</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">parse_format_string</span> <span class="pl-en">s</span> <span class="pl-en">no_extensions</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">=</span> <span class="pl-en">normalize_term</span> <span class="pl-c1">(</span><span class="pl-en">string_of_dirs</span> <span class="pl-c1">(</span><span class="pl-c1">Some</span><span class="pl-c1">?.</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">parse_format_string</span> <span class="pl-en">s</span> <span class="pl-en">no_extensions</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">s</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">))</span></pre></div>
+<blockquote>
+<p><code>ext_sprintf</code>: An extensible version of sprintf</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">inline_for_extraction</span>
+<span class="pl-k">let</span> <span class="pl-en">ext_sprintf</span>
+    <span class="pl-c1">(</span><span class="pl-en">parse_ext</span><span class="pl-c1">:</span> <span class="pl-en">extension_parser</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:string{</span><span class="pl-en">normalize_term</span> <span class="pl-c1">(</span><span class="pl-en">b2t</span> <span class="pl-c1">(</span><span class="pl-c1">Some</span><span class="pl-c1">?</span> <span class="pl-c1">(</span><span class="pl-en">parse_format_string</span> <span class="pl-en">s</span> <span class="pl-en">parse_ext</span><span class="pl-c1">)))})</span>
+    <span class="pl-c1">:</span> <span class="pl-en">normalize_term</span> <span class="pl-c1">(</span><span class="pl-en">dir_type</span> <span class="pl-c1">(</span><span class="pl-c1">Some</span><span class="pl-c1">?.</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">parse_format_string</span> <span class="pl-en">s</span> <span class="pl-en">parse_ext</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">=</span> <span class="pl-en">normalize_term</span> <span class="pl-c1">(</span><span class="pl-en">string_of_dirs</span> <span class="pl-c1">(</span><span class="pl-c1">Some</span><span class="pl-c1">?.</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">parse_format_string</span> <span class="pl-en">s</span> <span class="pl-en">parse_ext</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">s</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">))</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.PropositionalExtensionality.html b/docs/FStar.PropositionalExtensionality.html
index 036ede0..4cd4a98 100644
--- a/docs/FStar.PropositionalExtensionality.html
+++ b/docs/FStar.PropositionalExtensionality.html
@@ -1,16 +1,43 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.PropositionalExtensionality</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.propositionalextensionality">module FStar.PropositionalExtensionality</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarpropositionalextensionality" class="anchor" href="#fstarpropositionalextensionality" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.PropositionalExtensionality</h1>
+<ul>
+<li>
+</li>
+<li>The propositional extensionality axiom asserts the equality of</li>
+<li>equisatisfiable propositions.</li>
+<li>
+</li>
+<li>The formulation of this axiom is (clearly) tied closely to the</li>
+<li>precise definition of <code>prop</code>.</li>
+<li>
+</li>
+<li>
+<code>Prims.prop</code> is defined as the type of all subtypes of <code>unit</code>,</li>
+<li>including, e.g., <code>squash t</code>, for all <code>t</code>.</li>
+<li>
+</li>
+<li>Note, we have considered several other plausible definitions of</li>
+<li>
+<code>prop</code>, but some of which are actually inconsistent with this</li>
+<li>axiom.  See, for instance,</li>
+<li>examples/paradoxes/PropositionalExtensionalityInconsistent.fst.</li>
+<li>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">assume</span>
+<span class="pl-k">val</span> <span class="pl-en">axiom</span> <span class="pl-c1">(</span><span class="pl-c1">_</span><span class="pl-c1">:unit)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">p1</span> <span class="pl-en">p2</span><span class="pl-c1">:</span><span class="pl-en">prop</span><span class="pl-c1">).</span> <span class="pl-c1">(</span><span class="pl-en">p1</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">p2</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">(</span><span class="pl-en">p1</span> <span class="pl-c1">==</span> <span class="pl-en">p2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">apply</span> <span class="pl-c1">(</span><span class="pl-en">p1</span> <span class="pl-en">p2</span><span class="pl-c1">:</span><span class="pl-en">prop</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">((</span><span class="pl-en">p1</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">p2</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">(</span><span class="pl-en">p1</span> <span class="pl-c1">==</span> <span class="pl-en">p2</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">=</span> <span class="pl-en">axiom</span> <span class="pl-c1">()</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Range.html b/docs/FStar.Range.html
index 8bf7fb5..58a0874 100644
--- a/docs/FStar.Range.html
+++ b/docs/FStar.Range.html
@@ -1,16 +1,15 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Range</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.range">module FStar.Range</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarrange" class="anchor" href="#fstarrange" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Range</h1>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">assume</span> <span class="pl-k">new</span> <span class="pl-k">type</span> <span class="pl-en">range</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">prims_to_fstar_range</span> <span class="pl-c1">:</span> <span class="pl-smi">Prims.</span><span class="pl-en">range</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">range</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Real.html b/docs/FStar.Real.html
index 99dc9e6..5baee82 100644
--- a/docs/FStar.Real.html
+++ b/docs/FStar.Real.html
@@ -1,16 +1,77 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Real</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.real">module FStar.Real</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarreal" class="anchor" href="#fstarreal" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Real</h1>
+<p>This module provides a signature for real arithmetic.</p>
+<p>Real number constants can be specific in floating point format with
+an 'R' suffix, e.g., 1.0R</p>
+<p>All these operations are mapped to the correspondings primitives
+in Z3's theory of real arithmetic.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">real</span> <span class="pl-c1">:</span> <span class="pl-c1">eqtype</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">of_int</span> <span class="pl-c1">:</span> <span class="pl-c1">int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">real</span></pre></div>
+<h4>
+<a id="user-content-of_string" class="anchor" href="#of_string" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>of_string</h4>
+<p>Used to extract real constants; this function is
+uninterpreted logically. i.e., 1.1R is extracted to
+<code>of_string "1.1"</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">of_string</span><span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">real</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-c1">(</span> <span class="pl-c1">+.</span> <span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">real</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">real</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">real</span>
+<span class="pl-k">val</span> <span class="pl-c1">(</span> <span class="pl-c1">-.</span> <span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">real</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">real</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">real</span>
+<span class="pl-k">val</span> <span class="pl-c1">(</span> *<span class="pl-c1">.</span> <span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">real</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">real</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">real</span>
+<span class="pl-k">val</span> <span class="pl-c1">(</span> /<span class="pl-c1">.</span> <span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">real</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">d</span><span class="pl-c1">:</span><span class="pl-en">real</span><span class="pl-c1">{</span><span class="pl-en">d</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">.</span>0R<span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">real</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-c1">(</span> &gt;<span class="pl-c1">.</span>  <span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">real</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">real</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span>
+<span class="pl-k">val</span> <span class="pl-c1">(</span> &gt;<span class="pl-c1">=.</span> <span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">real</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">real</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-c1">(</span> &lt;<span class="pl-c1">.</span>  <span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">real</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">real</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span>
+<span class="pl-k">val</span> <span class="pl-c1">(</span> &lt;<span class="pl-c1">=.</span> <span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">real</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">real</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#reset-options</span> "<span class="pl-s">--smtencoding.elim_box true --smtencoding.l_arith_repr native --smtencoding.nl_arith_repr native</span>"</pre></div>
+<p>Tests</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">zero</span> <span class="pl-c1">:</span> <span class="pl-en">real</span> <span class="pl-c1">=</span> <span class="pl-en">of_int</span> <span class="pl-c1">0</span>
+<span class="pl-k">let</span> <span class="pl-en">one</span> <span class="pl-c1">:</span> <span class="pl-en">real</span> <span class="pl-c1">=</span> <span class="pl-en">of_int</span> <span class="pl-c1">1</span>
+<span class="pl-k">let</span> <span class="pl-en">two</span> <span class="pl-c1">:</span> <span class="pl-en">real</span> <span class="pl-c1">=</span> <span class="pl-en">of_int</span> <span class="pl-c1">2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sqrt_2</span> <span class="pl-c1">:</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">real</span><span class="pl-c1">{</span><span class="pl-en">r</span> *<span class="pl-c1">.</span> <span class="pl-en">r</span> <span class="pl-c1">=</span> <span class="pl-en">two</span><span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">n_over_n2</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:</span><span class="pl-en">real</span><span class="pl-c1">{</span><span class="pl-en">n</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">.</span>0R <span class="pl-c1">/\</span> <span class="pl-en">n</span>*<span class="pl-c1">.</span><span class="pl-en">n</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">.</span>0R<span class="pl-c1">})</span> <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">n</span> /<span class="pl-c1">.</span> <span class="pl-c1">(</span><span class="pl-en">n</span> *<span class="pl-c1">.</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">1</span><span class="pl-c1">.</span>0R /<span class="pl-c1">.</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">test</span> <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">two</span> &gt;<span class="pl-c1">.</span> <span class="pl-en">one</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">test1</span> <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">one</span> <span class="pl-c1">=</span> <span class="pl-c1">1</span><span class="pl-c1">.</span>0R<span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">test_lt1</span> <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-c1">1</span><span class="pl-c1">.</span>0R &lt;<span class="pl-c1">.</span> <span class="pl-c1">2</span><span class="pl-c1">.</span>0R<span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">test_lt2</span> <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(~</span> <span class="pl-c1">(</span><span class="pl-c1">1</span><span class="pl-c1">.</span>0R &lt;<span class="pl-c1">.</span> <span class="pl-c1">1</span><span class="pl-c1">.</span>0R<span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">test_lt3</span> <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(~</span> <span class="pl-c1">(</span><span class="pl-c1">2</span><span class="pl-c1">.</span>0R &lt;<span class="pl-c1">.</span> <span class="pl-c1">1</span><span class="pl-c1">.</span>0R<span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">test_le1</span> <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-c1">1</span><span class="pl-c1">.</span>0R &lt;<span class="pl-c1">=.</span> <span class="pl-c1">2</span><span class="pl-c1">.</span>0R<span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">test_le2</span> <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-c1">1</span><span class="pl-c1">.</span>0R &lt;<span class="pl-c1">=.</span> <span class="pl-c1">1</span><span class="pl-c1">.</span>0R<span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">test_le3</span> <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(~</span> <span class="pl-c1">(</span><span class="pl-c1">2</span><span class="pl-c1">.</span>0R &lt;<span class="pl-c1">=.</span> <span class="pl-c1">1</span><span class="pl-c1">.</span>0R<span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">test_gt1</span> <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(~</span> <span class="pl-c1">(</span><span class="pl-c1">1</span><span class="pl-c1">.</span>0R &gt;<span class="pl-c1">.</span> <span class="pl-c1">2</span><span class="pl-c1">.</span>0R<span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">test_gt2</span> <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(~</span> <span class="pl-c1">(</span><span class="pl-c1">1</span><span class="pl-c1">.</span>0R &gt;<span class="pl-c1">.</span> <span class="pl-c1">1</span><span class="pl-c1">.</span>0R<span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">test_gt3</span> <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-c1">2</span><span class="pl-c1">.</span>0R &gt;<span class="pl-c1">.</span> <span class="pl-c1">1</span><span class="pl-c1">.</span>0R<span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">test_ge1</span> <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(~</span> <span class="pl-c1">(</span><span class="pl-c1">1</span><span class="pl-c1">.</span>0R &gt;<span class="pl-c1">=.</span> <span class="pl-c1">2</span><span class="pl-c1">.</span>0R<span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">test_ge2</span> <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-c1">1</span><span class="pl-c1">.</span>0R &gt;<span class="pl-c1">=.</span> <span class="pl-c1">1</span><span class="pl-c1">.</span>0R<span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">test_ge3</span> <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-c1">2</span><span class="pl-c1">.</span>0R &gt;<span class="pl-c1">=.</span> <span class="pl-c1">1</span><span class="pl-c1">.</span>0R<span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">test_add_eq</span> <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-c1">1</span><span class="pl-c1">.</span>0R <span class="pl-c1">+.</span> <span class="pl-c1">1</span><span class="pl-c1">.</span>0R <span class="pl-c1">=</span> <span class="pl-c1">2</span><span class="pl-c1">.</span>0R<span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">test_add_eq'</span> <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-c1">1</span><span class="pl-c1">.</span>0R <span class="pl-c1">+.</span> <span class="pl-c1">3</span><span class="pl-c1">.</span>0R <span class="pl-c1">=</span> <span class="pl-c1">4</span><span class="pl-c1">.</span>0R<span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">test_add_lt</span> <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-c1">1</span><span class="pl-c1">.</span>0R <span class="pl-c1">+.</span> <span class="pl-c1">1</span><span class="pl-c1">.</span>0R &lt;<span class="pl-c1">.</span> <span class="pl-c1">3</span><span class="pl-c1">.</span>0R<span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">test_mul_eq</span> <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-c1">2</span><span class="pl-c1">.</span>0R *<span class="pl-c1">.</span> <span class="pl-c1">2</span><span class="pl-c1">.</span>0R <span class="pl-c1">=</span> <span class="pl-c1">4</span><span class="pl-c1">.</span>0R<span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">test_mul_lt</span> <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-c1">2</span><span class="pl-c1">.</span>0R *<span class="pl-c1">.</span> <span class="pl-c1">2</span><span class="pl-c1">.</span>0R &lt;<span class="pl-c1">.</span> <span class="pl-c1">5</span><span class="pl-c1">.</span>0R<span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">test_div_eq</span> <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-c1">8</span><span class="pl-c1">.</span>0R /<span class="pl-c1">.</span> <span class="pl-c1">2</span><span class="pl-c1">.</span>0R <span class="pl-c1">=</span> <span class="pl-c1">4</span><span class="pl-c1">.</span>0R<span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">test_div_lt</span> <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-c1">8</span><span class="pl-c1">.</span>0R /<span class="pl-c1">.</span> <span class="pl-c1">2</span><span class="pl-c1">.</span>0R &lt;<span class="pl-c1">.</span> <span class="pl-c1">5</span><span class="pl-c1">.</span>0R<span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">test_sqrt_2_mul</span> <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">sqrt_2</span> *<span class="pl-c1">.</span> <span class="pl-en">sqrt_2</span> <span class="pl-c1">=</span> <span class="pl-c1">2</span><span class="pl-c1">.</span>0R<span class="pl-c1">)</span></pre></div>
+<p>let test_sqrt_2_add = assert (sqrt_2 +. sqrt_2 &gt;. 2.0R) // Fails</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">test_sqrt_2_scale</span> <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-c1">1</span><span class="pl-c1">.</span>0R /<span class="pl-c1">.</span> <span class="pl-en">sqrt_2</span> <span class="pl-c1">=</span> <span class="pl-en">sqrt_2</span> /<span class="pl-c1">.</span> <span class="pl-c1">2</span><span class="pl-c1">.</span>0R<span class="pl-c1">)</span></pre></div>
+<p>Common identities</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">add_id_l</span> <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">n</span><span class="pl-c1">.</span> <span class="pl-c1">0</span><span class="pl-c1">.</span>0R <span class="pl-c1">+.</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">add_id_r</span> <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">n</span><span class="pl-c1">.</span> <span class="pl-en">n</span> <span class="pl-c1">+.</span> <span class="pl-c1">0</span><span class="pl-c1">.</span>0R <span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mul_nil_l</span> <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">n</span><span class="pl-c1">.</span> <span class="pl-c1">0</span><span class="pl-c1">.</span>0R *<span class="pl-c1">.</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">.</span>0R<span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">mul_nil_r</span> <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">n</span><span class="pl-c1">.</span> <span class="pl-en">n</span> *<span class="pl-c1">.</span> <span class="pl-c1">0</span><span class="pl-c1">.</span>0R <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">.</span>0R<span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mul_id_l</span> <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">n</span><span class="pl-c1">.</span> <span class="pl-c1">1</span><span class="pl-c1">.</span>0R *<span class="pl-c1">.</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">mul_id_r</span> <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">n</span><span class="pl-c1">.</span> <span class="pl-en">n</span> *<span class="pl-c1">.</span> <span class="pl-c1">1</span><span class="pl-c1">.</span>0R <span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">add_comm</span> <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">.</span> <span class="pl-en">x</span> <span class="pl-c1">+.</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">y</span> <span class="pl-c1">+.</span><span class="pl-en">x</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">add_assoc</span> <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">.</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">+.</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">+.</span><span class="pl-en">z</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">+.</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">+.</span> <span class="pl-en">z</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mul_comm</span> <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">.</span> <span class="pl-en">x</span> *<span class="pl-c1">.</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">y</span> *<span class="pl-c1">.</span><span class="pl-en">x</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">mul_assoc</span> <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">.</span> <span class="pl-c1">(</span><span class="pl-en">x</span> *<span class="pl-c1">.</span> <span class="pl-en">y</span><span class="pl-c1">)</span> *<span class="pl-c1">.</span><span class="pl-en">z</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">x</span> *<span class="pl-c1">.</span> <span class="pl-en">y</span><span class="pl-c1">)</span> *<span class="pl-c1">.</span> <span class="pl-en">z</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">mul_dist</span> <span class="pl-c1">=</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">.</span> <span class="pl-en">x</span> *<span class="pl-c1">.</span> <span class="pl-c1">(</span><span class="pl-en">y</span> <span class="pl-c1">+.</span> <span class="pl-en">z</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">x</span> *<span class="pl-c1">.</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">+.</span> <span class="pl-c1">(</span><span class="pl-en">x</span> *<span class="pl-c1">.</span><span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Ref.html b/docs/FStar.Ref.html
index a3093d5..f0029ba 100644
--- a/docs/FStar.Ref.html
+++ b/docs/FStar.Ref.html
@@ -1,16 +1,65 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Ref</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.ref">module FStar.Ref</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarref" class="anchor" href="#fstarref" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Ref</h1>
+<p>wrapper over FStar.ST to provide operations over refs with default preorder</p>
+<ul>
+<li>
+<p>Includes module <a href="FStar.Heap.html">FStar.Heap</a></p>
+</li>
+<li>
+<p>Includes module <a href="FStar.ST.html">FStar.ST</a></p>
+</li>
+<li>
+<p>Opens module <a href="FStar.Heap.html">FStar.Heap</a></p>
+</li>
+<li>
+<p>Opens module <a href="FStar.ST.html">FStar.ST</a></p>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">sel</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">ref</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-en">a</span>
+  <span class="pl-c1">=</span> <span class="pl-smi">Heap.</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">r</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">upd</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">ref</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-c1">GTot</span> <span class="pl-en">heap</span>
+  <span class="pl-c1">=</span> <span class="pl-smi">Heap.</span><span class="pl-en">upd</span> <span class="pl-en">h</span> <span class="pl-en">r</span> <span class="pl-en">v</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">addr_of</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">ref</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">nat</span> <span class="pl-c1">=</span> <span class="pl-en">addr_of</span> <span class="pl-en">r</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">contains</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">ref</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span>
+  <span class="pl-c1">=</span> <span class="pl-smi">Heap.</span><span class="pl-en">contains</span> <span class="pl-en">h</span> <span class="pl-en">r</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">unused_in</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">ref</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span>
+  <span class="pl-c1">=</span> <span class="pl-smi">Heap.</span><span class="pl-en">unused_in</span> <span class="pl-en">r</span> <span class="pl-en">h</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">fresh</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">ref</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h0</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h1</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Type0</span>
+  <span class="pl-c1">=</span> <span class="pl-smi">Heap.</span><span class="pl-en">fresh</span> <span class="pl-en">r</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">only</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">ref</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span>
+  <span class="pl-c1">=</span> <span class="pl-smi">Heap.</span><span class="pl-en">only</span> <span class="pl-en">r</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">recall</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">ref</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">STATE</span> <span class="pl-c1">unit</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">p</span> <span class="pl-en">h</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">p</span> <span class="pl-c1">()</span> <span class="pl-en">h</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">recall</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-en">r</span> <span class="pl-c1">=</span> <span class="pl-en">recall</span> <span class="pl-en">r</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">alloc</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">init</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">ST</span> <span class="pl-c1">(</span><span class="pl-en">ref</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span>       <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-en">r</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fresh</span> <span class="pl-en">r</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span> <span class="pl-en">modifies</span> <span class="pl-smi">Set.</span><span class="pl-en">empty</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span> <span class="pl-en">sel</span> <span class="pl-en">h1</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-en">init</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">alloc</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-en">init</span> <span class="pl-c1">=</span> <span class="pl-en">alloc</span> <span class="pl-en">init</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">read</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">ref</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-c1">STATE</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">p</span> <span class="pl-en">h</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">h</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">read</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-en">r</span> <span class="pl-c1">=</span> <span class="pl-en">read</span> <span class="pl-en">r</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">write</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">ref</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">ST</span> <span class="pl-c1">unit</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-c1">_</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">h0</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span> <span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">only</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span> <span class="pl-en">equal_dom</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span> <span class="pl-en">sel</span> <span class="pl-en">h1</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-en">v</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">write</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-en">r</span> <span class="pl-en">v</span> <span class="pl-c1">=</span> <span class="pl-en">write</span> <span class="pl-en">r</span> <span class="pl-en">v</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">op_Bang</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">ref</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-c1">STATE</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">p</span> <span class="pl-en">h</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">h</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">op_Bang</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-en">r</span> <span class="pl-c1">=</span> <span class="pl-en">read</span> <span class="pl-en">r</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">op_Colon_Equals</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">ref</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">ST</span> <span class="pl-c1">unit</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-c1">_</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">h0</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span> <span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-en">only</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span> <span class="pl-en">equal_dom</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span> <span class="pl-en">sel</span> <span class="pl-en">h1</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-en">v</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">op_Colon_Equals</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-en">r</span> <span class="pl-en">v</span> <span class="pl-c1">=</span> <span class="pl-en">write</span> <span class="pl-en">r</span> <span class="pl-en">v</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Reflection.Arith.html b/docs/FStar.Reflection.Arith.html
index 75add2a..490a289 100644
--- a/docs/FStar.Reflection.Arith.html
+++ b/docs/FStar.Reflection.Arith.html
@@ -1,16 +1,242 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Reflection.Arith</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.reflection.arith">module FStar.Reflection.Arith</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarreflectionarith" class="anchor" href="#fstarreflectionarith" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Reflection.Arith</h1>
+<ul>
+<li>
+<p>Opens module <a href="FStar.Tactics.html">FStar.Tactics</a></p>
+</li>
+<li>
+<p>Opens module <a href="FStar.Reflection.html">FStar.Reflection</a></p>
+</li>
+<li>
+<p>Aliases module <a href="FStar.Order.html"> FStar.Order</a> as <code>O </code></p>
+</li>
+<li>
+<p>Simple decision procedure to decide if a term is an "arithmetic</p>
+</li>
+<li>
+<p>proposition", by which we mean a simple relation between two</p>
+</li>
+<li>
+<p>arithmetic expressions (each representing integers or naturals)</p>
+</li>
+<li>
+</li>
+<li>
+<p>Main use case: deciding, in a tactic, if a goal is an arithmetic</p>
+</li>
+<li>
+<p>expression and applying a custom decision procedure there (instead of</p>
+</li>
+<li>
+<p>feeding to the SMT solver)</p>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">noeq</span>
+<span class="pl-k">type</span> <span class="pl-en">expr</span> <span class="pl-c1">=</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Lit</span>     <span class="pl-c1">:</span> <span class="pl-c1">int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">expr</span></pre></div>
+<p>atom, contains both a numerical ID and the actual term encountered
+| Div   : expr -&gt; expr -&gt; expr // Add this one?</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Atom</span>    <span class="pl-c1">:</span> <span class="pl-c1">nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">expr</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Plus</span>    <span class="pl-c1">:</span> <span class="pl-en">expr</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">expr</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">expr</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Mult</span>    <span class="pl-c1">:</span> <span class="pl-en">expr</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">expr</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">expr</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Minus</span>   <span class="pl-c1">:</span> <span class="pl-en">expr</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">expr</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">expr</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Land</span>    <span class="pl-c1">:</span> <span class="pl-en">expr</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">expr</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">expr</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Lxor</span>    <span class="pl-c1">:</span> <span class="pl-en">expr</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">expr</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">expr</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Lor</span>     <span class="pl-c1">:</span> <span class="pl-en">expr</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">expr</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">expr</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Ladd</span>    <span class="pl-c1">:</span> <span class="pl-en">expr</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">expr</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">expr</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Lsub</span>    <span class="pl-c1">:</span> <span class="pl-en">expr</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">expr</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">expr</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Shl</span>     <span class="pl-c1">:</span> <span class="pl-en">expr</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">expr</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">expr</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Shr</span>     <span class="pl-c1">:</span> <span class="pl-en">expr</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">expr</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">expr</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Neg</span>     <span class="pl-c1">:</span> <span class="pl-en">expr</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">expr</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Udiv</span>    <span class="pl-c1">:</span> <span class="pl-en">expr</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">expr</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">expr</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Umod</span>    <span class="pl-c1">:</span> <span class="pl-en">expr</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">expr</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">expr</span>
+<span class="pl-c1">|</span> <span class="pl-c1">MulMod</span>  <span class="pl-c1">:</span> <span class="pl-en">expr</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">expr</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">expr</span>
+<span class="pl-c1">|</span> <span class="pl-c1">NatToBv</span> <span class="pl-c1">:</span> <span class="pl-en">expr</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">expr</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">noeq</span>
+<span class="pl-k">type</span> <span class="pl-en">connective</span> <span class="pl-c1">=</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">C_Lt</span> <span class="pl-c1">|</span> <span class="pl-c1">C_Eq</span> <span class="pl-c1">|</span> <span class="pl-c1">C_Gt</span> <span class="pl-c1">|</span> <span class="pl-c1">C_Ne</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">noeq</span>
+<span class="pl-k">type</span> <span class="pl-en">prop</span> <span class="pl-c1">=</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">CompProp</span> <span class="pl-c1">:</span> <span class="pl-en">expr</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">connective</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">expr</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">prop</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">AndProp</span>  <span class="pl-c1">:</span> <span class="pl-en">prop</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">prop</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">prop</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">OrProp</span>   <span class="pl-c1">:</span> <span class="pl-en">prop</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">prop</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">prop</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">NotProp</span>  <span class="pl-c1">:</span> <span class="pl-en">prop</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">prop</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lt</span> <span class="pl-en">e1</span> <span class="pl-en">e2</span> <span class="pl-c1">=</span> <span class="pl-c1">CompProp</span> <span class="pl-en">e1</span> <span class="pl-c1">C_Lt</span> <span class="pl-en">e2</span>
+<span class="pl-k">let</span> <span class="pl-en">le</span> <span class="pl-en">e1</span> <span class="pl-en">e2</span> <span class="pl-c1">=</span> <span class="pl-c1">CompProp</span> <span class="pl-en">e1</span> <span class="pl-c1">C_Lt</span> <span class="pl-c1">(</span><span class="pl-c1">Plus</span> <span class="pl-c1">(</span><span class="pl-c1">Lit</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">e2</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">eq</span> <span class="pl-en">e1</span> <span class="pl-en">e2</span> <span class="pl-c1">=</span> <span class="pl-c1">CompProp</span> <span class="pl-en">e1</span> <span class="pl-c1">C_Eq</span> <span class="pl-en">e2</span>
+<span class="pl-k">let</span> <span class="pl-en">ne</span> <span class="pl-en">e1</span> <span class="pl-en">e2</span> <span class="pl-c1">=</span> <span class="pl-c1">CompProp</span> <span class="pl-en">e1</span> <span class="pl-c1">C_Ne</span> <span class="pl-en">e2</span>
+<span class="pl-k">let</span> <span class="pl-en">gt</span> <span class="pl-en">e1</span> <span class="pl-en">e2</span> <span class="pl-c1">=</span> <span class="pl-c1">CompProp</span> <span class="pl-en">e1</span> <span class="pl-c1">C_Gt</span> <span class="pl-en">e2</span>
+<span class="pl-k">let</span> <span class="pl-en">ge</span> <span class="pl-en">e1</span> <span class="pl-en">e2</span> <span class="pl-c1">=</span> <span class="pl-c1">CompProp</span> <span class="pl-c1">(</span><span class="pl-c1">Plus</span> <span class="pl-c1">(</span><span class="pl-c1">Lit</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">e1</span><span class="pl-c1">)</span> <span class="pl-c1">C_Gt</span> <span class="pl-en">e2</span></pre></div>
+<p>Define a traversal monad! Makes exception handling and counter-keeping easy</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">st</span> <span class="pl-c1">=</span> <span class="pl-en">p</span><span class="pl-c1">:(nat</span> * <span class="pl-en">list</span> <span class="pl-en">term</span><span class="pl-c1">){</span><span class="pl-en">fst</span> <span class="pl-en">p</span> <span class="pl-c1">==</span> <span class="pl-smi">List.Tot.Base.</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">snd</span> <span class="pl-en">p</span><span class="pl-c1">)}</span>
+<span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">tm</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">st</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">either</span> <span class="pl-c1">string</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">st</span><span class="pl-c1">))</span>
+<span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">return</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">tm</span> <span class="pl-smi">'a</span> <span class="pl-c1">=</span> <span class="pl-k">fun</span> <span class="pl-en">i</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Inr</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-en">i</span><span class="pl-c1">)</span>
+<span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">bind</span> <span class="pl-c1">(</span><span class="pl-en">m</span> <span class="pl-c1">:</span> <span class="pl-en">tm</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-c1">:</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">tm</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">tm</span> <span class="pl-smi">'b</span> <span class="pl-c1">=</span>
+    <span class="pl-k">fun</span> <span class="pl-en">i</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">match</span> <span class="pl-en">m</span> <span class="pl-en">i</span> <span class="pl-k">with</span>
+             <span class="pl-c1">|</span> <span class="pl-c1">Inr</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">j</span>
+             <span class="pl-c1">|</span> <span class="pl-en">s</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Inl</span> <span class="pl-c1">(</span><span class="pl-c1">Inl</span><span class="pl-c1">?.</span><span class="pl-en">v</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c">// why? To have a catch-all pattern and thus an easy WP</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lift</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">tm</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lift</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">st</span> <span class="pl-c1">=</span>
+    <span class="pl-c1">Inr</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-en">st</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">liftM</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">tm</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">tm</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">liftM</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-c1">=</span>
+    <span class="pl-en">xx</span> <span class="pl-c1">&lt;--</span> <span class="pl-en">x</span><span class="pl-c1">;</span>
+    <span class="pl-en">return</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">xx</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">liftM2</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'c</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">tm</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">tm</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">tm</span> <span class="pl-smi">'c</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">liftM2</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">=</span>
+    <span class="pl-en">xx</span> <span class="pl-c1">&lt;--</span> <span class="pl-en">x</span><span class="pl-c1">;</span>
+    <span class="pl-en">yy</span> <span class="pl-c1">&lt;--</span> <span class="pl-en">y</span><span class="pl-c1">;</span>
+    <span class="pl-en">return</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">xx</span> <span class="pl-en">yy</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">liftM3</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'d</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">tm</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">tm</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">tm</span> <span class="pl-smi">'c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">tm</span> <span class="pl-smi">'d</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">liftM3</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-en">z</span> <span class="pl-c1">=</span>
+    <span class="pl-en">xx</span> <span class="pl-c1">&lt;--</span> <span class="pl-en">x</span><span class="pl-c1">;</span>
+    <span class="pl-en">yy</span> <span class="pl-c1">&lt;--</span> <span class="pl-en">y</span><span class="pl-c1">;</span>
+    <span class="pl-en">zz</span> <span class="pl-c1">&lt;--</span> <span class="pl-en">z</span><span class="pl-c1">;</span>
+    <span class="pl-en">return</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">xx</span> <span class="pl-en">yy</span> <span class="pl-en">zz</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">find_idx</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-c1">:</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">bool)</span> <span class="pl-c1">(</span><span class="pl-en">l</span> <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">option</span> <span class="pl-c1">((</span><span class="pl-en">n</span><span class="pl-c1">:nat{</span><span class="pl-en">n</span> &lt; <span class="pl-smi">List.Tot.Base.</span><span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">})</span> * <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">None</span>
+    <span class="pl-c1">|</span> <span class="pl-en">x</span><span class="pl-c1">::</span><span class="pl-en">xs</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">if</span> <span class="pl-en">f</span> <span class="pl-en">x</span>
+        <span class="pl-k">then</span> <span class="pl-c1">Some</span> <span class="pl-c1">(</span><span class="pl-c1">0</span><span class="pl-c1">,</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+        <span class="pl-k">else</span> <span class="pl-k">begin</span> <span class="pl-k">match</span> <span class="pl-en">find_idx</span> <span class="pl-en">f</span> <span class="pl-en">xs</span> <span class="pl-k">with</span>
+             <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">None</span>
+             <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">,</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Some</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">+</span><span class="pl-c1">1</span><span class="pl-c1">,</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+             <span class="pl-k">end</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">atom</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">tm</span> <span class="pl-en">expr</span> <span class="pl-c1">=</span> <span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">,</span> <span class="pl-en">atoms</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">match</span> <span class="pl-en">find_idx</span> <span class="pl-c1">(</span><span class="pl-en">term_eq</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-en">atoms</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Inr</span> <span class="pl-c1">(</span><span class="pl-c1">Atom</span> <span class="pl-en">n</span> <span class="pl-en">t</span><span class="pl-c1">,</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">,</span> <span class="pl-en">t</span><span class="pl-c1">::</span><span class="pl-en">atoms</span><span class="pl-c1">))</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">,</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Inr</span> <span class="pl-c1">(</span><span class="pl-c1">Atom</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span> <span class="pl-c1">-</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-en">t</span><span class="pl-c1">,</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">,</span> <span class="pl-en">atoms</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">fail</span> <span class="pl-c1">:</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">tm</span> <span class="pl-en">a</span>
+<span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">fail</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-k">fun</span> <span class="pl-en">i</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Inl</span> <span class="pl-en">s</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">refined_list_t</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0))</span> <span class="pl-c1">=</span> <span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">})</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">list_unref</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">refined_list_t</span> <span class="pl-en">p</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-smi">List.Tot.Base.</span><span class="pl-en">memP</span> <span class="pl-en">x</span> <span class="pl-en">l</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">list_unref</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-en">l</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+    <span class="pl-c1">|</span> <span class="pl-en">x</span><span class="pl-c1">::</span><span class="pl-en">xs</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span> <span class="pl-c1">::</span> <span class="pl-en">list_unref</span> <span class="pl-en">xs</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">collect_app_ref</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">((</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">{</span><span class="pl-en">h</span> <span class="pl-c1">==</span> <span class="pl-en">t</span> <span class="pl-c1">\/</span> <span class="pl-en">h</span> &lt;&lt; <span class="pl-en">t</span><span class="pl-c1">})</span> * <span class="pl-en">refined_list_t</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">argv</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fst</span> <span class="pl-en">a</span> &lt;&lt; <span class="pl-en">t</span><span class="pl-c1">))</span> <span class="pl-c1">=</span>
+  <span class="pl-en">collect_app_ref</span> <span class="pl-en">t</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">as_arith_expr</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">tm</span> <span class="pl-en">expr</span>
+<span class="pl-c1">#</span><span class="pl-en">push</span><span class="pl-c1">-</span><span class="pl-en">options</span> <span class="pl-s"><span class="pl-pds">"</span>--initial_fuel 4 --max_fuel 4<span class="pl-pds">"</span></span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">as_arith_expr</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">hd</span><span class="pl-c1">,</span> <span class="pl-en">tl</span> <span class="pl-c1">=</span> <span class="pl-en">collect_app_ref</span> <span class="pl-en">t</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">tl</span> <span class="pl-c1">=</span> <span class="pl-en">list_unref</span> <span class="pl-en">tl</span> <span class="pl-k">in</span> <span class="pl-c">//need to be careful to instantiate list_unref at the right type to allow SMT to unfold its recursive definition properly</span>
+    <span class="pl-k">match</span> <span class="pl-en">inspect_ln</span> <span class="pl-en">hd</span><span class="pl-c1">,</span> <span class="pl-en">tl</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-en">fv</span><span class="pl-c1">,</span> <span class="pl-c1">[(</span><span class="pl-en">e1</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Implicit</span><span class="pl-c1">);</span> <span class="pl-c1">(</span><span class="pl-en">e2</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">)</span> <span class="pl-c1">;</span> <span class="pl-c1">(</span><span class="pl-en">e3</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">)]</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-k">let</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">inspect_fv</span> <span class="pl-en">fv</span> <span class="pl-k">in</span>
+      <span class="pl-k">let</span> <span class="pl-en">e2'</span> <span class="pl-c1">=</span> <span class="pl-en">as_arith_expr</span> <span class="pl-en">e2</span> <span class="pl-k">in</span>
+      <span class="pl-k">let</span> <span class="pl-en">e3'</span> <span class="pl-c1">=</span> <span class="pl-en">as_arith_expr</span> <span class="pl-en">e3</span> <span class="pl-k">in</span>
+      <span class="pl-k">if</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">land_qn</span> <span class="pl-k">then</span> <span class="pl-en">liftM2</span> <span class="pl-c1">Land</span> <span class="pl-en">e2'</span> <span class="pl-en">e3'</span>
+      <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">lxor_qn</span> <span class="pl-k">then</span> <span class="pl-en">liftM2</span> <span class="pl-c1">Lxor</span> <span class="pl-en">e2'</span> <span class="pl-en">e3'</span>
+      <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">lor_qn</span> <span class="pl-k">then</span> <span class="pl-en">liftM2</span> <span class="pl-c1">Lor</span> <span class="pl-en">e2'</span> <span class="pl-en">e3'</span>
+      <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">shiftr_qn</span> <span class="pl-k">then</span> <span class="pl-en">liftM2</span> <span class="pl-c1">Shr</span> <span class="pl-en">e2'</span> <span class="pl-en">e3'</span>
+      <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">shiftl_qn</span> <span class="pl-k">then</span> <span class="pl-en">liftM2</span> <span class="pl-c1">Shl</span> <span class="pl-en">e2'</span> <span class="pl-en">e3'</span>
+      <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">udiv_qn</span> <span class="pl-k">then</span> <span class="pl-en">liftM2</span> <span class="pl-c1">Udiv</span> <span class="pl-en">e2'</span> <span class="pl-en">e3'</span>
+      <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">umod_qn</span> <span class="pl-k">then</span> <span class="pl-en">liftM2</span> <span class="pl-c1">Umod</span> <span class="pl-en">e2'</span> <span class="pl-en">e3'</span>
+      <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">mul_mod_qn</span> <span class="pl-k">then</span> <span class="pl-en">liftM2</span> <span class="pl-c1">MulMod</span> <span class="pl-en">e2'</span> <span class="pl-en">e3'</span>
+      <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">ladd_qn</span> <span class="pl-k">then</span> <span class="pl-en">liftM2</span> <span class="pl-c1">Ladd</span> <span class="pl-en">e2'</span> <span class="pl-en">e3'</span>
+      <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">lsub_qn</span> <span class="pl-k">then</span> <span class="pl-en">liftM2</span> <span class="pl-c1">Lsub</span> <span class="pl-en">e2'</span> <span class="pl-en">e3'</span>
+      <span class="pl-k">else</span> <span class="pl-en">atom</span> <span class="pl-en">t</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-en">fv</span><span class="pl-c1">,</span> <span class="pl-c1">[(</span><span class="pl-en">l</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">);</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">)]</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">let</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">inspect_fv</span> <span class="pl-en">fv</span> <span class="pl-k">in</span></pre></div>
+<p>Have to go through hoops to get F* to typecheck this.
+Maybe the do notation is twisting the terms somehow unexpected?</p>
+<div class="highlight highlight-source-fstar"><pre>        <span class="pl-k">let</span> <span class="pl-en">ll</span> <span class="pl-c1">=</span> <span class="pl-en">as_arith_expr</span> <span class="pl-en">l</span> <span class="pl-k">in</span>
+        <span class="pl-k">let</span> <span class="pl-en">rr</span> <span class="pl-c1">=</span> <span class="pl-en">as_arith_expr</span> <span class="pl-en">r</span> <span class="pl-k">in</span>
+        <span class="pl-k">if</span>      <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">add_qn</span>   <span class="pl-k">then</span> <span class="pl-en">liftM2</span> <span class="pl-c1">Plus</span> <span class="pl-en">ll</span> <span class="pl-en">rr</span>
+        <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">minus_qn</span> <span class="pl-k">then</span> <span class="pl-en">liftM2</span> <span class="pl-c1">Minus</span> <span class="pl-en">ll</span> <span class="pl-en">rr</span>
+        <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">mult_qn</span>  <span class="pl-k">then</span> <span class="pl-en">liftM2</span> <span class="pl-c1">Mult</span> <span class="pl-en">ll</span> <span class="pl-en">rr</span>
+        <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">mult'_qn</span> <span class="pl-k">then</span> <span class="pl-en">liftM2</span> <span class="pl-c1">Mult</span> <span class="pl-en">ll</span> <span class="pl-en">rr</span>
+        <span class="pl-k">else</span> <span class="pl-en">atom</span> <span class="pl-en">t</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-en">fv</span><span class="pl-c1">,</span> <span class="pl-c1">[(</span><span class="pl-en">l</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Implicit</span><span class="pl-c1">);</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">)]</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">let</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">inspect_fv</span> <span class="pl-en">fv</span> <span class="pl-k">in</span>
+        <span class="pl-k">let</span> <span class="pl-en">ll</span> <span class="pl-c1">=</span> <span class="pl-en">as_arith_expr</span> <span class="pl-en">l</span> <span class="pl-k">in</span>
+        <span class="pl-k">let</span> <span class="pl-en">rr</span> <span class="pl-c1">=</span> <span class="pl-en">as_arith_expr</span> <span class="pl-en">r</span> <span class="pl-k">in</span>
+        <span class="pl-k">if</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">nat_bv_qn</span> <span class="pl-k">then</span> <span class="pl-en">liftM</span> <span class="pl-c1">NatToBv</span> <span class="pl-en">rr</span>
+        <span class="pl-k">else</span> <span class="pl-en">atom</span> <span class="pl-en">t</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-en">fv</span><span class="pl-c1">,</span> <span class="pl-c1">[(</span><span class="pl-en">a</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">)]</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">let</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">inspect_fv</span> <span class="pl-en">fv</span> <span class="pl-k">in</span>
+        <span class="pl-k">let</span> <span class="pl-en">aa</span> <span class="pl-c1">=</span> <span class="pl-en">as_arith_expr</span> <span class="pl-en">a</span> <span class="pl-k">in</span>
+        <span class="pl-k">if</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">neg_qn</span> <span class="pl-k">then</span> <span class="pl-en">liftM</span> <span class="pl-c1">Neg</span> <span class="pl-en">aa</span>
+        <span class="pl-k">else</span> <span class="pl-en">atom</span> <span class="pl-en">t</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_Const</span> <span class="pl-c1">(</span><span class="pl-c1">C_Int</span> <span class="pl-en">i</span><span class="pl-c1">),</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-en">return</span> <span class="pl-c1">(</span><span class="pl-c1">Lit</span> <span class="pl-en">i</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-en">atom</span> <span class="pl-en">t</span>
+<span class="pl-c1">#</span><span class="pl-en">pop</span><span class="pl-c1">-</span><span class="pl-en">options</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">is_arith_expr</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">tm</span> <span class="pl-en">expr</span>
+<span class="pl-k">let</span> <span class="pl-en">is_arith_expr</span> <span class="pl-en">t</span> <span class="pl-c1">=</span>
+  <span class="pl-en">a</span> <span class="pl-c1">&lt;--</span> <span class="pl-en">as_arith_expr</span> <span class="pl-en">t</span> <span class="pl-c1">;</span>
+  <span class="pl-k">match</span> <span class="pl-en">a</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Atom</span> <span class="pl-c1">_</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">begin</span>
+    <span class="pl-k">let</span> <span class="pl-en">hd</span><span class="pl-c1">,</span> <span class="pl-en">tl</span> <span class="pl-c1">=</span> <span class="pl-en">collect_app_ref</span> <span class="pl-en">t</span> <span class="pl-k">in</span>
+    <span class="pl-k">match</span> <span class="pl-en">inspect_ln</span> <span class="pl-en">hd</span><span class="pl-c1">,</span> <span class="pl-en">tl</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">[]</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_BVar</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">[]</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_Var</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">return</span> <span class="pl-en">a</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-c1">(</span><span class="pl-s"><span class="pl-pds">"</span>not an arithmetic expression: (<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">t</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span><span class="pl-c1">)</span>
+  <span class="pl-k">end</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">return</span> <span class="pl-en">a</span></pre></div>
+<p>Cannot use this...
+val is_arith_prop : term -&gt; tm prop</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">is_arith_prop</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">st</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">either</span> <span class="pl-c1">string</span> <span class="pl-c1">(</span><span class="pl-en">prop</span> * <span class="pl-en">st</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">is_arith_prop</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-k">fun</span> <span class="pl-en">i</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-c1">&lt;--</span> <span class="pl-en">lift</span> <span class="pl-en">term_as_formula</span> <span class="pl-en">t</span><span class="pl-c1">;</span>
+    <span class="pl-k">match</span> <span class="pl-en">f</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Comp</span> <span class="pl-c1">(</span><span class="pl-c1">Eq</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-en">l</span> <span class="pl-en">r</span>     <span class="pl-c1">-&gt;</span> <span class="pl-en">liftM2</span> <span class="pl-en">eq</span> <span class="pl-c1">(</span><span class="pl-en">is_arith_expr</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">is_arith_expr</span> <span class="pl-en">r</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Comp</span> <span class="pl-c1">(</span><span class="pl-c1">BoolEq</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">liftM2</span> <span class="pl-en">eq</span> <span class="pl-c1">(</span><span class="pl-en">is_arith_expr</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">is_arith_expr</span> <span class="pl-en">r</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Comp</span> <span class="pl-c1">Lt</span> <span class="pl-en">l</span> <span class="pl-en">r</span>     <span class="pl-c1">-&gt;</span> <span class="pl-en">liftM2</span> <span class="pl-en">lt</span> <span class="pl-c1">(</span><span class="pl-en">is_arith_expr</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">is_arith_expr</span> <span class="pl-en">r</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Comp</span> <span class="pl-c1">Le</span> <span class="pl-en">l</span> <span class="pl-en">r</span>     <span class="pl-c1">-&gt;</span> <span class="pl-en">liftM2</span> <span class="pl-en">le</span> <span class="pl-c1">(</span><span class="pl-en">is_arith_expr</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">is_arith_expr</span> <span class="pl-en">r</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">And</span> <span class="pl-en">l</span> <span class="pl-en">r</span>         <span class="pl-c1">-&gt;</span> <span class="pl-en">liftM2</span> <span class="pl-c1">AndProp</span> <span class="pl-c1">(</span><span class="pl-en">is_arith_prop</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">is_arith_prop</span> <span class="pl-en">r</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Or</span> <span class="pl-en">l</span> <span class="pl-en">r</span>          <span class="pl-c1">-&gt;</span> <span class="pl-en">liftM2</span>  <span class="pl-c1">OrProp</span> <span class="pl-c1">(</span><span class="pl-en">is_arith_prop</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">is_arith_prop</span> <span class="pl-en">r</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span>               <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-c1">(</span><span class="pl-s"><span class="pl-pds">"</span>connector (<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">t</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span><span class="pl-c1">))</span> <span class="pl-en">i</span></pre></div>
+<p>Run the monadic computations, disregard the counter</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">run_tm</span> <span class="pl-c1">(</span><span class="pl-en">m</span> <span class="pl-c1">:</span> <span class="pl-en">tm</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">either</span> <span class="pl-c1">string</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">m</span> <span class="pl-c1">(</span><span class="pl-c1">0</span><span class="pl-c1">,</span> <span class="pl-c1">[])</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Inr</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Inr</span> <span class="pl-en">x</span>
+    <span class="pl-c1">|</span> <span class="pl-en">s</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Inl</span> <span class="pl-c1">(</span><span class="pl-c1">Inl</span><span class="pl-c1">?.</span><span class="pl-en">v</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c">// why? To have a catch-all pattern and thus an easy WP</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">expr_to_string</span> <span class="pl-c1">(</span><span class="pl-en">e</span><span class="pl-c1">:</span><span class="pl-en">expr</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">e</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Atom</span> <span class="pl-en">i</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>a<span class="pl-pds">"</span></span><span class="pl-c1">^(</span><span class="pl-en">string_of_int</span> <span class="pl-en">i</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Lit</span> <span class="pl-en">i</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">string_of_int</span> <span class="pl-en">i</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Plus</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>(<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">expr_to_string</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span> + <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">expr_to_string</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Minus</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>(<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">expr_to_string</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span> - <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">expr_to_string</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Mult</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>(<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">expr_to_string</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span> * <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">expr_to_string</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Neg</span> <span class="pl-en">l</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>(- <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">expr_to_string</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Land</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>(<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">expr_to_string</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span> &amp; <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">expr_to_string</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Lor</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>(<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">expr_to_string</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span> | <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">expr_to_string</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Lxor</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>(<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">expr_to_string</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span> ^ <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">expr_to_string</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Ladd</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>(<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">expr_to_string</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span> &gt;&gt; <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">expr_to_string</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Lsub</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>(<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">expr_to_string</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span> &gt;&gt; <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">expr_to_string</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Shl</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>(<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">expr_to_string</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span> &lt;&lt; <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">expr_to_string</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Shr</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>(<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">expr_to_string</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span> &gt;&gt; <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">expr_to_string</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">NatToBv</span> <span class="pl-en">l</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>(<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>to_vec <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">expr_to_string</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Udiv</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>(<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">expr_to_string</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span> / <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">expr_to_string</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Umod</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>(<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">expr_to_string</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span> % <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">expr_to_string</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">MulMod</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>(<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">expr_to_string</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span> ** <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">expr_to_string</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">compare_expr</span> <span class="pl-c1">(</span><span class="pl-en">e1</span> <span class="pl-en">e2</span> <span class="pl-c1">:</span> <span class="pl-en">expr</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-smi">O.</span><span class="pl-en">order</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">e1</span><span class="pl-c1">,</span> <span class="pl-en">e2</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Lit</span> <span class="pl-en">i</span><span class="pl-c1">,</span> <span class="pl-c1">Lit</span> <span class="pl-en">j</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">O.</span><span class="pl-en">compare_int</span> <span class="pl-en">i</span> <span class="pl-en">j</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Atom</span> <span class="pl-c1">_</span> <span class="pl-en">t</span><span class="pl-c1">,</span> <span class="pl-c1">Atom</span> <span class="pl-c1">_</span> <span class="pl-en">s</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">compare_term</span> <span class="pl-en">t</span> <span class="pl-en">s</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Plus</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">,</span> <span class="pl-c1">Plus</span> <span class="pl-en">r1</span> <span class="pl-en">r2</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Minus</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">,</span> <span class="pl-c1">Minus</span> <span class="pl-en">r1</span> <span class="pl-en">r2</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Mult</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">,</span> <span class="pl-c1">Mult</span> <span class="pl-en">r1</span> <span class="pl-en">r2</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">O.</span><span class="pl-en">lex</span> <span class="pl-c1">(</span><span class="pl-en">compare_expr</span> <span class="pl-en">l1</span> <span class="pl-en">r1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">compare_expr</span> <span class="pl-en">l2</span> <span class="pl-en">r2</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Neg</span> <span class="pl-en">e1</span><span class="pl-c1">,</span> <span class="pl-c1">Neg</span> <span class="pl-en">e2</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">compare_expr</span> <span class="pl-en">e1</span> <span class="pl-en">e2</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Lit</span> <span class="pl-c1">_</span><span class="pl-c1">,</span>    <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">O.</span><span class="pl-c1">Lt</span>    <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">Lit</span> <span class="pl-c1">_</span>    <span class="pl-c1">-&gt;</span> <span class="pl-smi">O.</span><span class="pl-c1">Gt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Atom</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">O.</span><span class="pl-c1">Lt</span>    <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">Atom</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">O.</span><span class="pl-c1">Gt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Plus</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">O.</span><span class="pl-c1">Lt</span>    <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">Plus</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">O.</span><span class="pl-c1">Gt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Mult</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">O.</span><span class="pl-c1">Lt</span>    <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">Mult</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">O.</span><span class="pl-c1">Gt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Neg</span> <span class="pl-c1">_</span><span class="pl-c1">,</span>    <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">O.</span><span class="pl-c1">Lt</span>    <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">Neg</span> <span class="pl-c1">_</span>    <span class="pl-c1">-&gt;</span> <span class="pl-smi">O.</span><span class="pl-c1">Gt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">O.</span><span class="pl-c1">Gt</span> <span class="pl-c">// don't care about this for now</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Reflection.Builtins.html b/docs/FStar.Reflection.Builtins.html
new file mode 100644
index 0000000..608ba5d
--- /dev/null
+++ b/docs/FStar.Reflection.Builtins.html
@@ -0,0 +1,92 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+  <title>FStar.Reflection.Builtins</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
+</head>
+<body>
+<h1>
+<a id="user-content-fstarreflectionbuiltins" class="anchor" href="#fstarreflectionbuiltins" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Reflection.Builtins</h1>
+<ul>
+<li>Opens module <a href="FStar.Order.html">FStar.Order</a>
+</li>
+<li>Opens module <a href="FStar.Reflection.Types.html">FStar.Reflection.Types</a>
+</li>
+<li>Opens module <a href="FStar.Reflection.Data.html">FStar.Reflection.Data</a>
+</li>
+</ul>
+<p>Views</p>
+<p>NOTE: You probably want inspect/pack from FStar.Tactics, which work</p>
+<ul>
+<li>over a fully named representation. If you use these, you have to</li>
+<li>work with de Bruijn indices (using Tv_BVar). The only reason these</li>
+<li>two exists is that they can be made Tot, and hence can be used in</li>
+<li>specifications.</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">inspect_ln</span>     <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">tv</span><span class="pl-c1">:</span><span class="pl-en">term_view</span><span class="pl-c1">{</span><span class="pl-en">smaller</span> <span class="pl-en">tv</span> <span class="pl-en">t</span><span class="pl-c1">}</span>
+<span class="pl-k">val</span> <span class="pl-en">pack_ln</span>        <span class="pl-c1">:</span> <span class="pl-en">term_view</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">term</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">pack_inspect_inv</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">pack_ln</span> <span class="pl-c1">(</span><span class="pl-en">inspect_ln</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+<span class="pl-k">val</span> <span class="pl-en">inspect_pack_inv</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">tv</span><span class="pl-c1">:</span><span class="pl-en">term_view</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">inspect_ln</span> <span class="pl-c1">(</span><span class="pl-en">pack_ln</span> <span class="pl-en">tv</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">tv</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">inspect_comp</span>   <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span><span class="pl-en">comp</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">cv</span><span class="pl-c1">:</span><span class="pl-en">comp_view</span><span class="pl-c1">{</span><span class="pl-en">smaller_comp</span> <span class="pl-en">cv</span> <span class="pl-en">c</span><span class="pl-c1">}</span>
+<span class="pl-k">val</span> <span class="pl-en">pack_comp</span>      <span class="pl-c1">:</span> <span class="pl-en">comp_view</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">comp</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">inspect_sigelt</span> <span class="pl-c1">:</span> <span class="pl-en">sigelt</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">sigelt_view</span>
+<span class="pl-k">val</span> <span class="pl-en">pack_sigelt</span>    <span class="pl-c1">:</span> <span class="pl-en">sigelt_view</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">sigelt</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">inspect_fv</span>     <span class="pl-c1">:</span> <span class="pl-en">fv</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">name</span>
+<span class="pl-k">val</span> <span class="pl-en">pack_fv</span>        <span class="pl-c1">:</span> <span class="pl-en">name</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fv</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">inspect_bv</span>     <span class="pl-c1">:</span> <span class="pl-en">bv</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">bv_view</span>
+<span class="pl-k">val</span> <span class="pl-en">pack_bv</span>        <span class="pl-c1">:</span> <span class="pl-en">bv_view</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">bv</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">inspect_lb</span>     <span class="pl-c1">:</span> <span class="pl-en">letbinding</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">lb_view</span>
+<span class="pl-k">val</span> <span class="pl-en">pack_lb</span>        <span class="pl-c1">:</span> <span class="pl-en">lb_view</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">letbinding</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">inspect_binder</span> <span class="pl-c1">:</span> <span class="pl-en">binder</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">bv</span> * <span class="pl-c1">(</span><span class="pl-en">aqualv</span> * <span class="pl-en">list</span> <span class="pl-en">term</span><span class="pl-c1">)</span>
+<span class="pl-k">val</span> <span class="pl-en">pack_binder</span>    <span class="pl-c1">:</span> <span class="pl-en">bv</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">aqualv</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">binder</span></pre></div>
+<p>These are equivalent to <code>String.concat "."</code>, <code>String.split </code>'.'``</p>
+<ul>
+<li>and <code>String.compare</code>. We're only taking them as primitives to break</li>
+<li>the dependency of Reflection/Tactics into * FStar.String, which</li>
+<li>pulls a LOT of modules.</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">implode_qn</span>     <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">string</span>
+<span class="pl-k">val</span> <span class="pl-en">explode_qn</span>     <span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-c1">string</span>
+<span class="pl-k">val</span> <span class="pl-en">compare_string</span> <span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">int</span></pre></div>
+<p>Primitives &amp; helpers</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lookup_typ</span>            <span class="pl-c1">:</span> <span class="pl-en">env</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">name</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">option</span> <span class="pl-en">sigelt</span>
+<span class="pl-k">val</span> <span class="pl-en">compare_bv</span>            <span class="pl-c1">:</span> <span class="pl-en">bv</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">bv</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">order</span>
+<span class="pl-k">val</span> <span class="pl-en">binders_of_env</span>        <span class="pl-c1">:</span> <span class="pl-en">env</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">binders</span>
+<span class="pl-k">val</span> <span class="pl-en">moduleof</span>              <span class="pl-c1">:</span> <span class="pl-en">env</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">name</span>
+<span class="pl-k">val</span> <span class="pl-en">is_free</span>               <span class="pl-c1">:</span> <span class="pl-en">bv</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">bool</span>
+<span class="pl-k">val</span> <span class="pl-en">free_bvs</span>              <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-en">bv</span>
+<span class="pl-k">val</span> <span class="pl-en">free_uvars</span>            <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-c1">int</span>
+<span class="pl-k">val</span> <span class="pl-en">lookup_attr</span>           <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">env</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-en">fv</span>
+<span class="pl-k">val</span> <span class="pl-en">all_defs_in_env</span>       <span class="pl-c1">:</span> <span class="pl-en">env</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-en">fv</span>
+<span class="pl-k">val</span> <span class="pl-en">defs_in_module</span>        <span class="pl-c1">:</span> <span class="pl-en">env</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">name</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-en">fv</span>
+<span class="pl-k">val</span> <span class="pl-en">term_eq</span>               <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">bool</span>
+<span class="pl-k">val</span> <span class="pl-en">term_to_string</span>        <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">string</span>
+<span class="pl-k">val</span> <span class="pl-en">comp_to_string</span>        <span class="pl-c1">:</span> <span class="pl-en">comp</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">string</span>
+<span class="pl-k">val</span> <span class="pl-en">env_open_modules</span>      <span class="pl-c1">:</span> <span class="pl-en">env</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-en">name</span></pre></div>
+<h4>
+<a id="user-content-push_binder" class="anchor" href="#push_binder" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>push_binder</h4>
+<p><a href="#push_binder"><code>push_binder</code></a> extends the environment with a single binder.
+This is useful as one traverses the syntax of a term,
+pushing binders as one traverses a binder in a lambda,
+match, etc.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">push_binder</span>           <span class="pl-c1">:</span> <span class="pl-en">env</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">binder</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">env</span></pre></div>
+<p>Attributes are terms, not to be confused with Prims.attribute</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sigelt_attrs</span>     <span class="pl-c1">:</span> <span class="pl-en">sigelt</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-en">term</span>
+<span class="pl-k">val</span> <span class="pl-en">set_sigelt_attrs</span> <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">sigelt</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">sigelt</span></pre></div>
+<p>Setting and reading qualifiers from sigelts</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sigelt_quals</span>     <span class="pl-c1">:</span> <span class="pl-en">sigelt</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-en">qualifier</span>
+<span class="pl-k">val</span> <span class="pl-en">set_sigelt_quals</span> <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">qualifier</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">sigelt</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">sigelt</span></pre></div>
+<p>Reading the vconfig under which a particular sigelt was typechecked</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sigelt_opts</span> <span class="pl-c1">:</span> <span class="pl-en">sigelt</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">option</span> <span class="pl-en">vconfig</span></pre></div>
+<p>Embed a vconfig as a term, for instance to use it with the check_with
+attribute</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">embed_vconfig</span> <span class="pl-c1">:</span> <span class="pl-en">vconfig</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">term</span></pre></div>
+<p>Marker to check a sigelt with a particular vconfig</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">irreducible</span>
+<span class="pl-k">let</span> <span class="pl-en">check_with</span> <span class="pl-c1">(</span><span class="pl-en">vcfg</span> <span class="pl-c1">:</span> <span class="pl-en">vconfig</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">subst</span> <span class="pl-c1">:</span> <span class="pl-en">bv</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">term</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">close_term</span> <span class="pl-c1">:</span> <span class="pl-en">binder</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">term</span></pre></div>
+
+</body>
+</html>
diff --git a/docs/FStar.Reflection.Const.html b/docs/FStar.Reflection.Const.html
index b561660..be0f16b 100644
--- a/docs/FStar.Reflection.Const.html
+++ b/docs/FStar.Reflection.Const.html
@@ -1,16 +1,66 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Reflection.Const</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.reflection.const">module FStar.Reflection.Const</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarreflectionconst" class="anchor" href="#fstarreflectionconst" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Reflection.Const</h1>
+<p>Common lids</p>
+<p>TODO: these are awful names
+TODO: _qn vs _lid</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">imp_qn</span>       <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>Prims<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>l_imp<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">and_qn</span>       <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>Prims<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>l_and<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">or_qn</span>        <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>Prims<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>l_or<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">not_qn</span>       <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>Prims<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>l_not<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">iff_qn</span>       <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>Prims<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>l_iff<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">eq2_qn</span>       <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>Prims<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>eq2<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">eq1_qn</span>       <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>Prims<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>eq<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">true_qn</span>      <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>Prims<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>l_True<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">false_qn</span>     <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>Prims<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>l_False<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">b2t_qn</span>       <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>Prims<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>b2t<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">forall_qn</span>    <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>Prims<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>l_Forall<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">exists_qn</span>    <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>Prims<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>l_Exists<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">squash_qn</span>    <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>Prims<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>squash<span class="pl-pds">"</span></span><span class="pl-c1">]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">bool_true_qn</span>  <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>Prims<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>true<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">bool_false_qn</span> <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>Prims<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>false<span class="pl-pds">"</span></span><span class="pl-c1">]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">int_lid</span>      <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>Prims<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>int<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">bool_lid</span>     <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>Prims<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>bool<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">unit_lid</span>     <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>Prims<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>unit<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">string_lid</span>   <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>Prims<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>string<span class="pl-pds">"</span></span><span class="pl-c1">]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">add_qn</span>       <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>Prims<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>op_Addition<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">neg_qn</span>       <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>Prims<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>op_Minus<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">minus_qn</span>     <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>Prims<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>op_Subtraction<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">mult_qn</span>      <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>Prims<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>op_Multiply<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">mult'_qn</span>     <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>FStar<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>Mul<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>op_Star<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">div_qn</span>       <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>Prims<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>op_Division<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">lt_qn</span>        <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>Prims<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>op_LessThan<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">lte_qn</span>       <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>Prims<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>op_LessThanOrEqual<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">gt_qn</span>        <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>Prims<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>op_GreaterThan<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">gte_qn</span>       <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>Prims<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>op_GreaterThanOrEqual<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">mod_qn</span>       <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>Prims<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>op_Modulus<span class="pl-pds">"</span></span><span class="pl-c1">]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">nil_qn</span>       <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>Prims<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>Nil<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">cons_qn</span>      <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>Prims<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>Cons<span class="pl-pds">"</span></span><span class="pl-c1">]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mktuple2_qn</span>  <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>FStar<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>Pervasives<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>Native<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>Mktuple2<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">mktuple3_qn</span>  <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>FStar<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>Pervasives<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>Native<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>Mktuple3<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">mktuple4_qn</span>  <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>FStar<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>Pervasives<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>Native<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>Mktuple4<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">mktuple5_qn</span>  <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>FStar<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>Pervasives<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>Native<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>Mktuple5<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">mktuple6_qn</span>  <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>FStar<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>Pervasives<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>Native<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>Mktuple6<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">mktuple7_qn</span>  <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>FStar<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>Pervasives<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>Native<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>Mktuple7<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">mktuple8_qn</span>  <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>FStar<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>Pervasives<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>Native<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>Mktuple8<span class="pl-pds">"</span></span><span class="pl-c1">]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">land_qn</span>    <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>FStar<span class="pl-pds">"</span></span> <span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>UInt<span class="pl-pds">"</span></span> <span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>logand<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">lxor_qn</span>    <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>FStar<span class="pl-pds">"</span></span> <span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>UInt<span class="pl-pds">"</span></span> <span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>logxor<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">lor_qn</span>     <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>FStar<span class="pl-pds">"</span></span> <span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>UInt<span class="pl-pds">"</span></span> <span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>logor<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">ladd_qn</span>    <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>FStar<span class="pl-pds">"</span></span> <span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>UInt<span class="pl-pds">"</span></span> <span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>add_mod<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">lsub_qn</span>    <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>FStar<span class="pl-pds">"</span></span> <span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>UInt<span class="pl-pds">"</span></span> <span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>sub_mod<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">shiftl_qn</span>  <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>FStar<span class="pl-pds">"</span></span> <span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>UInt<span class="pl-pds">"</span></span> <span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>shift_left<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">shiftr_qn</span>  <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>FStar<span class="pl-pds">"</span></span> <span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>UInt<span class="pl-pds">"</span></span> <span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>shift_right<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">udiv_qn</span>    <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>FStar<span class="pl-pds">"</span></span> <span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>UInt<span class="pl-pds">"</span></span> <span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>udiv<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">umod_qn</span>    <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>FStar<span class="pl-pds">"</span></span> <span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>UInt<span class="pl-pds">"</span></span> <span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>mod<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">mul_mod_qn</span> <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>FStar<span class="pl-pds">"</span></span> <span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>UInt<span class="pl-pds">"</span></span> <span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>mul_mod<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">nat_bv_qn</span>  <span class="pl-c1">=</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>FStar<span class="pl-pds">"</span></span> <span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>BV<span class="pl-pds">"</span></span>   <span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>int2bv<span class="pl-pds">"</span></span><span class="pl-c1">]</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Reflection.Derived.Lemmas.html b/docs/FStar.Reflection.Derived.Lemmas.html
index 7c36397..ab97345 100644
--- a/docs/FStar.Reflection.Derived.Lemmas.html
+++ b/docs/FStar.Reflection.Derived.Lemmas.html
@@ -1,16 +1,73 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Reflection.Derived.Lemmas</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.reflection.derived.lemmas">module FStar.Reflection.Derived.Lemmas</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarreflectionderivedlemmas" class="anchor" href="#fstarreflectionderivedlemmas" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Reflection.Derived.Lemmas</h1>
+<ul>
+<li>Opens module <a href="FStar.Reflection.Types.html">FStar.Reflection.Types</a>
+</li>
+<li>Opens module <a href="FStar.Reflection.Builtins.html">FStar.Reflection.Builtins</a>
+</li>
+<li>Opens module <a href="FStar.Reflection.Data.html">FStar.Reflection.Data</a>
+</li>
+<li>Opens module <a href="FStar.Reflection.Derived.html">FStar.Reflection.Derived</a>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">uncurry</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'c</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> * <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'c</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">uncurry</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">y</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">curry</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> * <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'c</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'c</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">curry</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<p>A glorified <code>id</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">list_ref</span> <span class="pl-c1">:</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+                    <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">}))</span>
+                         <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">forall_list</span> <span class="pl-en">p</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+                         <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">list_ref</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-en">l</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+    <span class="pl-c1">|</span> <span class="pl-en">x</span><span class="pl-c1">::</span><span class="pl-en">xs</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span> <span class="pl-c1">::</span> <span class="pl-en">list_ref</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-en">xs</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mk_app_collect_inv_s</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">args</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">argv</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+                            <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">uncurry</span> <span class="pl-en">mk_app</span> <span class="pl-c1">(</span><span class="pl-en">collect_app'</span> <span class="pl-en">args</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">mk_app</span> <span class="pl-en">t</span> <span class="pl-en">args</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">mk_app_collect_inv_s</span> <span class="pl-en">t</span> <span class="pl-en">args</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">inspect_ln</span> <span class="pl-en">t</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_App</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-en">mk_app_collect_inv_s</span> <span class="pl-en">l</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">::</span><span class="pl-en">args</span><span class="pl-c1">);</span>
+        <span class="pl-en">pack_inspect_inv</span> <span class="pl-en">t</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mk_app_collect_inv</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">uncurry</span> <span class="pl-en">mk_app</span> <span class="pl-c1">(</span><span class="pl-en">collect_app</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">mk_app_collect_inv</span> <span class="pl-en">t</span> <span class="pl-c1">=</span> <span class="pl-en">mk_app_collect_inv_s</span> <span class="pl-en">t</span> <span class="pl-c1">[]</span></pre></div>
+<ul>
+<li>The way back is not stricly true: the list of arguments could grow.</li>
+<li>It's annoying to even state</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">collect_app_order'</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">args</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">argv</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">tt</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+            <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">forall_list</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fst</span> <span class="pl-en">a</span> &lt;&lt; <span class="pl-en">tt</span><span class="pl-c1">)</span> <span class="pl-en">args</span><span class="pl-c1">)</span>
+                             <span class="pl-c1">/\</span> <span class="pl-en">t</span> &lt;&lt; <span class="pl-en">tt</span><span class="pl-c1">)</span>
+                  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">forall_list</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fst</span> <span class="pl-en">a</span> &lt;&lt; <span class="pl-en">tt</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">snd</span> <span class="pl-c1">(</span><span class="pl-en">collect_app'</span> <span class="pl-en">args</span> <span class="pl-en">t</span><span class="pl-c1">)))</span>
+                           <span class="pl-c1">/\</span> <span class="pl-en">fst</span> <span class="pl-c1">(</span><span class="pl-en">collect_app'</span> <span class="pl-en">args</span> <span class="pl-en">t</span><span class="pl-c1">)</span> &lt;&lt; <span class="pl-en">tt</span><span class="pl-c1">)</span>
+                  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">collect_app_order'</span> <span class="pl-en">args</span> <span class="pl-en">tt</span> <span class="pl-en">t</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">inspect_ln</span> <span class="pl-en">t</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_App</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">collect_app_order'</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">::</span><span class="pl-en">args</span><span class="pl-c1">)</span> <span class="pl-en">tt</span> <span class="pl-en">l</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">collect_app_order</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+            <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">).</span> <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">argv</span><span class="pl-c1">).</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">,</span><span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">collect_app</span> <span class="pl-en">t</span> <span class="pl-c1">==&gt;</span>
+                              <span class="pl-c1">(</span><span class="pl-en">f</span> &lt;&lt; <span class="pl-en">t</span> <span class="pl-c1">/\</span> <span class="pl-en">forall_list</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fst</span> <span class="pl-en">a</span> &lt;&lt; <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">snd</span> <span class="pl-c1">(</span><span class="pl-en">collect_app</span> <span class="pl-en">t</span><span class="pl-c1">)))</span>
+                           <span class="pl-c1">\/</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-c1">==</span> <span class="pl-en">t</span> <span class="pl-c1">/\</span> <span class="pl-en">s</span> <span class="pl-c1">==</span> <span class="pl-c1">[])))</span>
+<span class="pl-k">let</span> <span class="pl-en">collect_app_order</span> <span class="pl-en">t</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">inspect_ln</span> <span class="pl-en">t</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_App</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">collect_app_order'</span> <span class="pl-c1">[</span><span class="pl-en">r</span><span class="pl-c1">]</span> <span class="pl-en">t</span> <span class="pl-en">l</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">collect_app_ref</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">{</span><span class="pl-en">h</span> <span class="pl-c1">==</span> <span class="pl-en">t</span> <span class="pl-c1">\/</span> <span class="pl-en">h</span> &lt;&lt; <span class="pl-en">t</span><span class="pl-c1">})</span> * <span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">argv</span><span class="pl-c1">{</span><span class="pl-en">fst</span> <span class="pl-en">a</span> &lt;&lt; <span class="pl-en">t</span><span class="pl-c1">})</span>
+<span class="pl-k">let</span> <span class="pl-en">collect_app_ref</span> <span class="pl-en">t</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">h</span><span class="pl-c1">,</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">collect_app</span> <span class="pl-en">t</span> <span class="pl-k">in</span>
+    <span class="pl-en">collect_app_order</span> <span class="pl-en">t</span><span class="pl-c1">;</span>
+    <span class="pl-en">h</span><span class="pl-c1">,</span> <span class="pl-en">list_ref</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#(</span><span class="pl-k">fun</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fst</span> <span class="pl-en">a</span> &lt;&lt; <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-en">a</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Reflection.Derived.html b/docs/FStar.Reflection.Derived.html
index e9c5e28..5bab6fb 100644
--- a/docs/FStar.Reflection.Derived.html
+++ b/docs/FStar.Reflection.Derived.html
@@ -1,16 +1,310 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Reflection.Derived</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.reflection.derived">module FStar.Reflection.Derived</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarreflectionderived" class="anchor" href="#fstarreflectionderived" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Reflection.Derived</h1>
+<ul>
+<li>Opens module <a href="FStar.Reflection.Types.html">FStar.Reflection.Types</a>
+</li>
+<li>Opens module <a href="FStar.Reflection.Builtins.html">FStar.Reflection.Builtins</a>
+</li>
+<li>Opens module <a href="FStar.Reflection.Data.html">FStar.Reflection.Data</a>
+</li>
+<li>Opens module <a href="FStar.Reflection.Const.html">FStar.Reflection.Const</a>
+</li>
+<li>Opens module <a href="FStar.Order.html">FStar.Order</a>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">name_of_bv</span> <span class="pl-c1">(</span><span class="pl-en">bv</span> <span class="pl-c1">:</span> <span class="pl-en">bv</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">=</span>
+    <span class="pl-c1">(</span><span class="pl-en">inspect_bv</span> <span class="pl-en">bv</span><span class="pl-c1">).</span><span class="pl-en">bv_ppname</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">type_of_bv</span> <span class="pl-c1">(</span><span class="pl-en">bv</span> <span class="pl-c1">:</span> <span class="pl-en">bv</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">typ</span> <span class="pl-c1">=</span>
+    <span class="pl-c1">(</span><span class="pl-en">inspect_bv</span> <span class="pl-en">bv</span><span class="pl-c1">).</span><span class="pl-en">bv_sort</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">bv_to_string</span> <span class="pl-c1">(</span><span class="pl-en">bv</span> <span class="pl-c1">:</span> <span class="pl-en">bv</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">bvv</span> <span class="pl-c1">=</span> <span class="pl-en">inspect_bv</span> <span class="pl-en">bv</span> <span class="pl-k">in</span>
+    <span class="pl-s"><span class="pl-pds">"</span>(<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">bvv</span><span class="pl-c1">.</span><span class="pl-en">bv_ppname</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>:<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">bvv</span><span class="pl-c1">.</span><span class="pl-en">bv_sort</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">bv_of_binder</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">:</span> <span class="pl-en">binder</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">bv</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">bv</span><span class="pl-c1">,</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-en">inspect_binder</span> <span class="pl-en">b</span> <span class="pl-k">in</span>
+    <span class="pl-en">bv</span></pre></div>
+<ul>
+<li>AR: add versions that take attributes as arguments?</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mk_binder</span> <span class="pl-c1">(</span><span class="pl-en">bv</span> <span class="pl-c1">:</span> <span class="pl-en">bv</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">binder</span> <span class="pl-c1">=</span>
+    <span class="pl-en">pack_binder</span> <span class="pl-en">bv</span> <span class="pl-c1">Q_Explicit</span> <span class="pl-c1">[]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mk_implicit_binder</span> <span class="pl-c1">(</span><span class="pl-en">bv</span> <span class="pl-c1">:</span> <span class="pl-en">bv</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">binder</span> <span class="pl-c1">=</span>
+    <span class="pl-en">pack_binder</span> <span class="pl-en">bv</span> <span class="pl-c1">Q_Implicit</span> <span class="pl-c1">[]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">name_of_binder</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">:</span> <span class="pl-en">binder</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">=</span>
+    <span class="pl-en">name_of_bv</span> <span class="pl-c1">(</span><span class="pl-en">bv_of_binder</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">type_of_binder</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">:</span> <span class="pl-en">binder</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">typ</span> <span class="pl-c1">=</span>
+    <span class="pl-en">type_of_bv</span> <span class="pl-c1">(</span><span class="pl-en">bv_of_binder</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">binder_to_string</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">:</span> <span class="pl-en">binder</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">=</span>
+    <span class="pl-en">bv_to_string</span> <span class="pl-c1">(</span><span class="pl-en">bv_of_binder</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c">//TODO: print aqual, attributes</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">flatten_name</span> <span class="pl-c1">:</span> <span class="pl-en">name</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">string</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">flatten_name</span> <span class="pl-en">ns</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">ns</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span><span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[</span><span class="pl-en">n</span><span class="pl-c1">]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">n</span>
+    <span class="pl-c1">|</span> <span class="pl-en">n</span><span class="pl-c1">::</span><span class="pl-en">ns</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">n</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>.<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">flatten_name</span> <span class="pl-en">ns</span></pre></div>
+<p>Helpers for dealing with nested applications and arrows</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">collect_app'</span> <span class="pl-c1">(</span><span class="pl-en">args</span> <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">argv</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">term</span> * <span class="pl-en">list</span> <span class="pl-en">argv</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">inspect_ln</span> <span class="pl-en">t</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_App</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-en">collect_app'</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">::</span><span class="pl-en">args</span><span class="pl-c1">)</span> <span class="pl-en">l</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">,</span> <span class="pl-en">args</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">collect_app</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">term</span> * <span class="pl-en">list</span> <span class="pl-en">argv</span>
+<span class="pl-k">let</span> <span class="pl-en">collect_app</span> <span class="pl-c1">=</span> <span class="pl-en">collect_app'</span> <span class="pl-c1">[]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">mk_app</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">args</span> <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">argv</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">term</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">args</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">args</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">::</span><span class="pl-en">xs</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mk_app</span> <span class="pl-c1">(</span><span class="pl-en">pack_ln</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_App</span> <span class="pl-en">t</span> <span class="pl-en">x</span><span class="pl-c1">))</span> <span class="pl-en">xs</span></pre></div>
+<p>Helper for when all arguments are explicit</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mk_e_app</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">args</span> <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">term</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">e</span> <span class="pl-en">t</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+    <span class="pl-en">mk_app</span> <span class="pl-en">t</span> <span class="pl-c1">(</span><span class="pl-smi">List.Tot.Base.</span><span class="pl-en">map</span> <span class="pl-en">e</span> <span class="pl-en">args</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">mk_tot_arr_ln</span> <span class="pl-c1">(</span><span class="pl-en">bs</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">binder</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">cod</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">term</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">bs</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">bs</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">cod</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">::</span><span class="pl-en">bs</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">pack_ln</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_Arrow</span> <span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">pack_comp</span> <span class="pl-c1">(</span><span class="pl-c1">C_Total</span> <span class="pl-c1">(</span><span class="pl-en">mk_tot_arr_ln</span> <span class="pl-en">bs</span> <span class="pl-en">cod</span><span class="pl-c1">)</span> <span class="pl-c1">[])))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">collect_arr'</span> <span class="pl-c1">(</span><span class="pl-en">bs</span> <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">binder</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">c</span> <span class="pl-c1">:</span> <span class="pl-en">comp</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-en">binder</span> * <span class="pl-en">comp</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-k">begin</span> <span class="pl-k">match</span> <span class="pl-en">inspect_comp</span> <span class="pl-en">c</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">C_Total</span> <span class="pl-en">t</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">begin</span> <span class="pl-k">match</span> <span class="pl-en">inspect_ln</span> <span class="pl-en">t</span> <span class="pl-k">with</span>
+        <span class="pl-c1">|</span> <span class="pl-c1">Tv_Arrow</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span>
+            <span class="pl-en">collect_arr'</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">::</span><span class="pl-en">bs</span><span class="pl-c1">)</span> <span class="pl-en">c</span>
+        <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+            <span class="pl-c1">(</span><span class="pl-en">bs</span><span class="pl-c1">,</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+        <span class="pl-k">end</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">bs</span><span class="pl-c1">,</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+    <span class="pl-k">end</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">collect_arr_ln_bs</span> <span class="pl-c1">:</span> <span class="pl-en">typ</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-en">binder</span> * <span class="pl-en">comp</span>
+<span class="pl-k">let</span> <span class="pl-en">collect_arr_ln_bs</span> <span class="pl-en">t</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-c1">(</span><span class="pl-en">bs</span><span class="pl-c1">,</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">collect_arr'</span> <span class="pl-c1">[]</span> <span class="pl-c1">(</span><span class="pl-en">pack_comp</span> <span class="pl-c1">(</span><span class="pl-c1">C_Total</span> <span class="pl-en">t</span> <span class="pl-c1">[]))</span> <span class="pl-k">in</span>
+    <span class="pl-c1">(</span><span class="pl-smi">List.Tot.Base.</span><span class="pl-en">rev</span> <span class="pl-en">bs</span><span class="pl-c1">,</span> <span class="pl-en">c</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">collect_arr_ln</span> <span class="pl-c1">:</span> <span class="pl-en">typ</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-en">typ</span> * <span class="pl-en">comp</span>
+<span class="pl-k">let</span> <span class="pl-en">collect_arr_ln</span> <span class="pl-en">t</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-c1">(</span><span class="pl-en">bs</span><span class="pl-c1">,</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">collect_arr'</span> <span class="pl-c1">[]</span> <span class="pl-c1">(</span><span class="pl-en">pack_comp</span> <span class="pl-c1">(</span><span class="pl-c1">C_Total</span> <span class="pl-en">t</span> <span class="pl-c1">[]))</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">ts</span> <span class="pl-c1">=</span> <span class="pl-smi">List.Tot.Base.</span><span class="pl-en">map</span> <span class="pl-en">type_of_binder</span> <span class="pl-en">bs</span> <span class="pl-k">in</span>
+    <span class="pl-c1">(</span><span class="pl-smi">List.Tot.Base.</span><span class="pl-en">rev</span> <span class="pl-en">ts</span><span class="pl-c1">,</span> <span class="pl-en">c</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">collect_abs'</span> <span class="pl-c1">(</span><span class="pl-en">bs</span> <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">binder</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-en">binder</span> * <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">inspect_ln</span> <span class="pl-en">t</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_Abs</span> <span class="pl-en">b</span> <span class="pl-en">t'</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-en">collect_abs'</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">::</span><span class="pl-en">bs</span><span class="pl-c1">)</span> <span class="pl-en">t'</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">bs</span><span class="pl-c1">,</span> <span class="pl-en">t</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">collect_abs_ln</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-en">binder</span> * <span class="pl-en">term</span>
+<span class="pl-k">let</span> <span class="pl-en">collect_abs_ln</span> <span class="pl-en">t</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-c1">(</span><span class="pl-en">bs</span><span class="pl-c1">,</span> <span class="pl-en">t'</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">collect_abs'</span> <span class="pl-c1">[]</span> <span class="pl-en">t</span> <span class="pl-k">in</span>
+    <span class="pl-c1">(</span><span class="pl-smi">List.Tot.Base.</span><span class="pl-en">rev</span> <span class="pl-en">bs</span><span class="pl-c1">,</span> <span class="pl-en">t'</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">fv_to_string</span> <span class="pl-c1">(</span><span class="pl-en">fv</span><span class="pl-c1">:</span><span class="pl-en">fv</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">=</span> <span class="pl-en">implode_qn</span> <span class="pl-c1">(</span><span class="pl-en">inspect_fv</span> <span class="pl-en">fv</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">compare_name</span> <span class="pl-c1">(</span><span class="pl-en">n1</span> <span class="pl-en">n2</span> <span class="pl-c1">:</span> <span class="pl-en">name</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">order</span> <span class="pl-c1">=</span>
+    <span class="pl-en">compare_list</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">order_from_int</span> <span class="pl-c1">(</span><span class="pl-en">compare_string</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))</span> <span class="pl-en">n1</span> <span class="pl-en">n2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">compare_fv</span> <span class="pl-c1">(</span><span class="pl-en">f1</span> <span class="pl-en">f2</span> <span class="pl-c1">:</span> <span class="pl-en">fv</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">order</span> <span class="pl-c1">=</span>
+    <span class="pl-en">compare_name</span> <span class="pl-c1">(</span><span class="pl-en">inspect_fv</span> <span class="pl-en">f1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">inspect_fv</span> <span class="pl-en">f2</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">compare_const</span> <span class="pl-c1">(</span><span class="pl-en">c1</span> <span class="pl-en">c2</span> <span class="pl-c1">:</span> <span class="pl-en">vconst</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">order</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">c1</span><span class="pl-c1">,</span> <span class="pl-en">c2</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">C_Unit</span><span class="pl-c1">,</span> <span class="pl-c1">C_Unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Eq</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">C_Int</span> <span class="pl-en">i</span><span class="pl-c1">,</span> <span class="pl-c1">C_Int</span> <span class="pl-en">j</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">order_from_int</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">-</span> <span class="pl-en">j</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">C_True</span><span class="pl-c1">,</span> <span class="pl-c1">C_True</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Eq</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">C_False</span><span class="pl-c1">,</span> <span class="pl-c1">C_False</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Eq</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">C_String</span> <span class="pl-en">s1</span><span class="pl-c1">,</span> <span class="pl-c1">C_String</span> <span class="pl-en">s2</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">order_from_int</span> <span class="pl-c1">(</span><span class="pl-en">compare_string</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">C_Range</span> <span class="pl-en">r1</span><span class="pl-c1">,</span> <span class="pl-c1">C_Range</span> <span class="pl-en">r2</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Eq</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">C_Reify</span><span class="pl-c1">,</span> <span class="pl-c1">C_Reify</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Eq</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">C_Reflect</span> <span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-c1">C_Reflect</span> <span class="pl-en">l2</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">compare_name</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">C_Unit</span><span class="pl-c1">,</span>  <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lt</span>       <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">C_Unit</span>  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Gt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">C_Int</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lt</span>       <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">C_Int</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Gt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">C_True</span><span class="pl-c1">,</span>  <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lt</span>       <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">C_True</span>  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Gt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">C_False</span><span class="pl-c1">,</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lt</span>       <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">C_False</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Gt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">C_String</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lt</span>    <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">C_String</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Gt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">C_Range</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lt</span>     <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">C_Range</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Gt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">C_Reify</span><span class="pl-c1">,</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lt</span>       <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">C_Reify</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Gt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">C_Reflect</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lt</span>   <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">C_Reflect</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Gt</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">compare_binder</span> <span class="pl-c1">(</span><span class="pl-en">b1</span> <span class="pl-en">b2</span> <span class="pl-c1">:</span> <span class="pl-en">binder</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">order</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">bv1</span><span class="pl-c1">,</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-en">inspect_binder</span> <span class="pl-en">b1</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">bv2</span><span class="pl-c1">,</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-en">inspect_binder</span> <span class="pl-en">b2</span> <span class="pl-k">in</span>
+    <span class="pl-en">compare_bv</span> <span class="pl-en">bv1</span> <span class="pl-en">bv2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">compare_term</span> <span class="pl-c1">(</span><span class="pl-en">s</span> <span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">order</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">inspect_ln</span> <span class="pl-en">s</span><span class="pl-c1">,</span> <span class="pl-en">inspect_ln</span> <span class="pl-en">t</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_Var</span> <span class="pl-en">sv</span><span class="pl-c1">,</span> <span class="pl-c1">Tv_Var</span> <span class="pl-en">tv</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-en">compare_bv</span> <span class="pl-en">sv</span> <span class="pl-en">tv</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Tv_BVar</span> <span class="pl-en">sv</span><span class="pl-c1">,</span> <span class="pl-c1">Tv_BVar</span> <span class="pl-en">tv</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">compare_bv</span> <span class="pl-en">sv</span> <span class="pl-en">tv</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-en">sv</span><span class="pl-c1">,</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-en">tv</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">compare_fv</span> <span class="pl-en">sv</span> <span class="pl-en">tv</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Tv_App</span> <span class="pl-en">h1</span> <span class="pl-en">a1</span><span class="pl-c1">,</span> <span class="pl-c1">Tv_App</span> <span class="pl-en">h2</span> <span class="pl-en">a2</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">lex</span> <span class="pl-c1">(</span><span class="pl-en">compare_term</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">compare_argv</span> <span class="pl-en">a1</span> <span class="pl-en">a2</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Tv_Abs</span> <span class="pl-en">b1</span> <span class="pl-en">e1</span><span class="pl-c1">,</span> <span class="pl-c1">Tv_Abs</span> <span class="pl-en">b2</span> <span class="pl-en">e2</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">lex</span> <span class="pl-c1">(</span><span class="pl-en">compare_binder</span> <span class="pl-en">b1</span> <span class="pl-en">b2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">compare_term</span> <span class="pl-en">e1</span> <span class="pl-en">e2</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Tv_Refine</span> <span class="pl-en">bv1</span> <span class="pl-en">e1</span><span class="pl-c1">,</span> <span class="pl-c1">Tv_Refine</span> <span class="pl-en">bv2</span> <span class="pl-en">e2</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">lex</span> <span class="pl-c1">(</span><span class="pl-en">compare_bv</span> <span class="pl-en">bv1</span> <span class="pl-en">bv2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">compare_term</span> <span class="pl-en">e1</span> <span class="pl-en">e2</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Tv_Arrow</span> <span class="pl-en">b1</span> <span class="pl-en">e1</span><span class="pl-c1">,</span> <span class="pl-c1">Tv_Arrow</span> <span class="pl-en">b2</span> <span class="pl-en">e2</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">lex</span> <span class="pl-c1">(</span><span class="pl-en">compare_binder</span> <span class="pl-en">b1</span> <span class="pl-en">b2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">compare_comp</span> <span class="pl-en">e1</span> <span class="pl-en">e2</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Tv_Type</span> <span class="pl-c1">(),</span> <span class="pl-c1">Tv_Type</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Eq</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Tv_Const</span> <span class="pl-en">c1</span><span class="pl-c1">,</span> <span class="pl-c1">Tv_Const</span> <span class="pl-en">c2</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">compare_const</span> <span class="pl-en">c1</span> <span class="pl-en">c2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Tv_Uvar</span> <span class="pl-en">u1</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">Tv_Uvar</span> <span class="pl-en">u2</span> <span class="pl-c1">_</span><span class="pl-c1">-&gt;</span>
+    <span class="pl-en">compare_int</span> <span class="pl-en">u1</span> <span class="pl-en">u2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Tv_Let</span> <span class="pl-en">_r1</span> <span class="pl-en">_attrs1</span> <span class="pl-en">bv1</span> <span class="pl-en">t1</span> <span class="pl-en">t1'</span><span class="pl-c1">,</span> <span class="pl-c1">Tv_Let</span> <span class="pl-en">_r2</span> <span class="pl-en">_attrs2</span> <span class="pl-en">bv2</span> <span class="pl-en">t2</span> <span class="pl-en">t2'</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">lex</span> <span class="pl-c1">(</span><span class="pl-en">compare_bv</span> <span class="pl-en">bv1</span> <span class="pl-en">bv2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">lex</span> <span class="pl-c1">(</span><span class="pl-en">compare_term</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span>
+         <span class="pl-en">compare_term</span> <span class="pl-en">t1'</span> <span class="pl-en">t2'</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Tv_Match</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">Tv_Match</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Eq</span> <span class="pl-c">// TODO</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Tv_AscribedT</span> <span class="pl-en">e1</span> <span class="pl-en">t1</span> <span class="pl-en">tac1</span><span class="pl-c1">,</span> <span class="pl-c1">Tv_AscribedT</span> <span class="pl-en">e2</span> <span class="pl-en">t2</span> <span class="pl-en">tac2</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">lex</span> <span class="pl-c1">(</span><span class="pl-en">compare_term</span> <span class="pl-en">e1</span> <span class="pl-en">e2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">lex</span> <span class="pl-c1">(</span><span class="pl-en">compare_term</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">match</span> <span class="pl-en">tac1</span><span class="pl-c1">,</span> <span class="pl-en">tac2</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">None</span><span class="pl-c1">,</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Eq</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">None</span><span class="pl-c1">,</span> <span class="pl-c1">_</span>  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Gt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">e1</span><span class="pl-c1">,</span> <span class="pl-c1">Some</span> <span class="pl-en">e2</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">compare_term</span> <span class="pl-en">e1</span> <span class="pl-en">e2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Tv_AscribedC</span> <span class="pl-en">e1</span> <span class="pl-en">c1</span> <span class="pl-en">tac1</span><span class="pl-c1">,</span> <span class="pl-c1">Tv_AscribedC</span> <span class="pl-en">e2</span> <span class="pl-en">c2</span> <span class="pl-en">tac2</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">lex</span> <span class="pl-c1">(</span><span class="pl-en">compare_term</span> <span class="pl-en">e1</span> <span class="pl-en">e2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">lex</span> <span class="pl-c1">(</span><span class="pl-en">compare_comp</span> <span class="pl-en">c1</span> <span class="pl-en">c2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">match</span> <span class="pl-en">tac1</span><span class="pl-c1">,</span> <span class="pl-en">tac2</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">None</span><span class="pl-c1">,</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Eq</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">None</span><span class="pl-c1">,</span> <span class="pl-c1">_</span>  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Gt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">e1</span><span class="pl-c1">,</span> <span class="pl-c1">Some</span> <span class="pl-en">e2</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">compare_term</span> <span class="pl-en">e1</span> <span class="pl-en">e2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Tv_Unknown</span><span class="pl-c1">,</span> <span class="pl-c1">Tv_Unknown</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Eq</span></pre></div>
+<p>From here onwards, they must have different constructors. Order them arbitrarilly as in the definition.</p>
+<div class="highlight highlight-source-fstar"><pre>    <span class="pl-c1">|</span> <span class="pl-c1">Tv_Var</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">_</span>      <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lt</span>   <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">Tv_Var</span> <span class="pl-c1">_</span>      <span class="pl-c1">-&gt;</span> <span class="pl-c1">Gt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_BVar</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">_</span>     <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lt</span>   <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">Tv_BVar</span> <span class="pl-c1">_</span>     <span class="pl-c1">-&gt;</span> <span class="pl-c1">Gt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">_</span>     <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lt</span>   <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-c1">_</span>     <span class="pl-c1">-&gt;</span> <span class="pl-c1">Gt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_App</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">_</span>    <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lt</span>   <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">Tv_App</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span>    <span class="pl-c1">-&gt;</span> <span class="pl-c1">Gt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_Abs</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">_</span>    <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lt</span>   <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">Tv_Abs</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span>    <span class="pl-c1">-&gt;</span> <span class="pl-c1">Gt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_Arrow</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">_</span>  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lt</span>   <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">Tv_Arrow</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span>  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Gt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_Type</span> <span class="pl-c1">(),</span> <span class="pl-c1">_</span>    <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lt</span>   <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">Tv_Type</span> <span class="pl-c1">()</span>    <span class="pl-c1">-&gt;</span> <span class="pl-c1">Gt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_Refine</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lt</span>   <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">Tv_Refine</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Gt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_Const</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">_</span>    <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lt</span>   <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">Tv_Const</span> <span class="pl-c1">_</span>    <span class="pl-c1">-&gt;</span> <span class="pl-c1">Gt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_Uvar</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">_</span>   <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lt</span>   <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">Tv_Uvar</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span>   <span class="pl-c1">-&gt;</span> <span class="pl-c1">Gt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_Match</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">_</span>  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lt</span> <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">Tv_Match</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span>  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Gt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_AscribedT</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">_</span>  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lt</span> <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">Tv_AscribedT</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span>  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Gt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_AscribedC</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">_</span>  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lt</span> <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">Tv_AscribedC</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span>  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Gt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_Unknown</span><span class="pl-c1">,</span> <span class="pl-c1">_</span>    <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lt</span>   <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">Tv_Unknown</span>    <span class="pl-c1">-&gt;</span> <span class="pl-c1">Gt</span>
+<span class="pl-k">and</span> <span class="pl-en">compare_term_list</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">order</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">l2</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[],</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Eq</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[],</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lt</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Gt</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd1</span><span class="pl-c1">::</span><span class="pl-en">tl1</span><span class="pl-c1">,</span> <span class="pl-en">hd2</span><span class="pl-c1">::</span><span class="pl-en">tl2</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">lex</span> <span class="pl-c1">(</span><span class="pl-en">compare_term</span> <span class="pl-en">hd1</span> <span class="pl-en">hd2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">compare_term_list</span> <span class="pl-en">tl1</span> <span class="pl-en">tl2</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">and</span> <span class="pl-en">compare_argv</span> <span class="pl-c1">(</span><span class="pl-en">a1</span> <span class="pl-en">a2</span> <span class="pl-c1">:</span> <span class="pl-en">argv</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">order</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">a1</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">a1</span><span class="pl-c1">,</span> <span class="pl-en">q1</span> <span class="pl-c1">=</span> <span class="pl-en">a1</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">a2</span><span class="pl-c1">,</span> <span class="pl-en">q2</span> <span class="pl-c1">=</span> <span class="pl-en">a2</span> <span class="pl-k">in</span>
+    <span class="pl-k">match</span> <span class="pl-en">q1</span><span class="pl-c1">,</span> <span class="pl-en">q2</span> <span class="pl-k">with</span></pre></div>
+<p>We should never see Q_Meta here</p>
+<div class="highlight highlight-source-fstar"><pre>    <span class="pl-c1">|</span> <span class="pl-c1">Q_Implicit</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Explicit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Implicit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Gt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">compare_term</span> <span class="pl-en">a1</span> <span class="pl-en">a2</span>
+<span class="pl-k">and</span> <span class="pl-en">compare_comp</span> <span class="pl-c1">(</span><span class="pl-en">c1</span> <span class="pl-en">c2</span> <span class="pl-c1">:</span> <span class="pl-en">comp</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">order</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">c1</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">cv1</span> <span class="pl-c1">=</span> <span class="pl-en">inspect_comp</span> <span class="pl-en">c1</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">cv2</span> <span class="pl-c1">=</span> <span class="pl-en">inspect_comp</span> <span class="pl-en">c2</span> <span class="pl-k">in</span>
+    <span class="pl-k">match</span> <span class="pl-en">cv1</span><span class="pl-c1">,</span> <span class="pl-en">cv2</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">C_Total</span> <span class="pl-en">t1</span> <span class="pl-en">md1</span><span class="pl-c1">,</span> <span class="pl-c1">C_Total</span> <span class="pl-en">t2</span> <span class="pl-en">md2</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">lex</span> <span class="pl-c1">(</span><span class="pl-en">compare_term</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">)</span>
+                                           <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">compare_term_list</span> <span class="pl-en">md1</span> <span class="pl-en">md2</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">C_GTotal</span> <span class="pl-en">t1</span> <span class="pl-en">md1</span><span class="pl-c1">,</span> <span class="pl-c1">C_GTotal</span> <span class="pl-en">t2</span> <span class="pl-en">md2</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">lex</span> <span class="pl-c1">(</span><span class="pl-en">compare_term</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">)</span>
+                                         <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">compare_term_list</span> <span class="pl-en">md1</span> <span class="pl-en">md2</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">C_Lemma</span> <span class="pl-en">p1</span> <span class="pl-en">q1</span> <span class="pl-en">s1</span><span class="pl-c1">,</span> <span class="pl-c1">C_Lemma</span> <span class="pl-en">p2</span> <span class="pl-en">q2</span> <span class="pl-en">s2</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">lex</span> <span class="pl-c1">(</span><span class="pl-en">compare_term</span> <span class="pl-en">p1</span> <span class="pl-en">p2</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-en">lex</span> <span class="pl-c1">(</span><span class="pl-en">compare_term</span> <span class="pl-en">q1</span> <span class="pl-en">q2</span><span class="pl-c1">)</span>
+            <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">compare_term</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span>
+      <span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">C_Eff</span> <span class="pl-en">_us1</span> <span class="pl-en">eff1</span> <span class="pl-en">res1</span> <span class="pl-en">args1</span><span class="pl-c1">,</span>
+  <span class="pl-c1">C_Eff</span> <span class="pl-en">_us2</span> <span class="pl-en">eff2</span> <span class="pl-en">res2</span> <span class="pl-en">args2</span> <span class="pl-c1">-&gt;</span></pre></div>
+<p>This could be more complex, not sure it is worth it</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">lex</span> <span class="pl-c1">(</span><span class="pl-en">compare_name</span> <span class="pl-en">eff1</span> <span class="pl-en">eff2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">compare_term</span> <span class="pl-en">res1</span> <span class="pl-en">res2</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">C_Total</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">_</span>  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lt</span>     <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">C_Total</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Gt</span>
+<span class="pl-c1">|</span> <span class="pl-c1">C_GTotal</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">_</span>  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lt</span>    <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">C_GTotal</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Gt</span>
+<span class="pl-c1">|</span> <span class="pl-c1">C_Lemma</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">_</span>  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lt</span>   <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">C_Lemma</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Gt</span>
+<span class="pl-c1">|</span> <span class="pl-c1">C_Eff</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lt</span>    <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">C_Eff</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Gt</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mk_stringlit</span> <span class="pl-c1">(</span><span class="pl-en">s</span> <span class="pl-c1">:</span> <span class="pl-c1">string)</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">=</span>
+    <span class="pl-en">pack_ln</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_Const</span> <span class="pl-c1">(</span><span class="pl-c1">C_String</span> <span class="pl-en">s</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mk_strcat</span> <span class="pl-c1">(</span><span class="pl-en">t1</span> <span class="pl-en">t2</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">=</span>
+    <span class="pl-en">mk_e_app</span> <span class="pl-c1">(</span><span class="pl-en">pack_ln</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_FVar</span> <span class="pl-c1">(</span><span class="pl-en">pack_fv</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>Prims<span class="pl-pds">"</span></span><span class="pl-c1">;</span> <span class="pl-s"><span class="pl-pds">"</span>strcat<span class="pl-pds">"</span></span><span class="pl-c1">])))</span> <span class="pl-c1">[</span><span class="pl-en">t1</span><span class="pl-c1">;</span> <span class="pl-en">t2</span><span class="pl-c1">]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mk_cons</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">=</span>
+   <span class="pl-en">mk_e_app</span> <span class="pl-c1">(</span><span class="pl-en">pack_ln</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_FVar</span> <span class="pl-c1">(</span><span class="pl-en">pack_fv</span> <span class="pl-en">cons_qn</span><span class="pl-c1">)))</span> <span class="pl-c1">[</span><span class="pl-en">h</span><span class="pl-c1">;</span> <span class="pl-en">t</span><span class="pl-c1">]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mk_cons_t</span> <span class="pl-c1">(</span><span class="pl-en">ty</span> <span class="pl-en">h</span> <span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">=</span>
+   <span class="pl-en">mk_app</span> <span class="pl-c1">(</span><span class="pl-en">pack_ln</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_FVar</span> <span class="pl-c1">(</span><span class="pl-en">pack_fv</span> <span class="pl-en">cons_qn</span><span class="pl-c1">)))</span> <span class="pl-c1">[(</span><span class="pl-en">ty</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Implicit</span><span class="pl-c1">);</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">);</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">mk_list</span> <span class="pl-c1">(</span><span class="pl-en">ts</span> <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">ts</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">pack_ln</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_FVar</span> <span class="pl-c1">(</span><span class="pl-en">pack_fv</span> <span class="pl-en">nil_qn</span><span class="pl-c1">))</span>
+    <span class="pl-c1">|</span> <span class="pl-en">t</span><span class="pl-c1">::</span><span class="pl-en">ts</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mk_cons</span> <span class="pl-en">t</span> <span class="pl-c1">(</span><span class="pl-en">mk_list</span> <span class="pl-en">ts</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mktuple_n</span> <span class="pl-c1">(</span><span class="pl-en">ts</span> <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">=</span>
+    <span class="pl-k">assume</span> <span class="pl-c1">(</span><span class="pl-smi">List.Tot.Base.</span><span class="pl-en">length</span> <span class="pl-en">ts</span> &lt;<span class="pl-c1">=</span> <span class="pl-c1">8</span><span class="pl-c1">);</span>
+    <span class="pl-k">match</span> <span class="pl-smi">List.Tot.Base.</span><span class="pl-en">length</span> <span class="pl-en">ts</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">0</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">pack_ln</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_Const</span> <span class="pl-c1">C_Unit</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">1</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">let</span> <span class="pl-c1">[</span><span class="pl-en">x</span><span class="pl-c1">]</span> <span class="pl-c1">=</span> <span class="pl-en">ts</span> <span class="pl-k">in</span> <span class="pl-en">x</span>
+    <span class="pl-c1">|</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">begin</span>
+           <span class="pl-k">let</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">n</span> <span class="pl-k">with</span>
+                    <span class="pl-c1">|</span> <span class="pl-c1">2</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mktuple2_qn</span>
+                    <span class="pl-c1">|</span> <span class="pl-c1">3</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mktuple3_qn</span>
+                    <span class="pl-c1">|</span> <span class="pl-c1">4</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mktuple4_qn</span>
+                    <span class="pl-c1">|</span> <span class="pl-c1">5</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mktuple5_qn</span>
+                    <span class="pl-c1">|</span> <span class="pl-c1">6</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mktuple6_qn</span>
+                    <span class="pl-c1">|</span> <span class="pl-c1">7</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mktuple7_qn</span>
+                    <span class="pl-c1">|</span> <span class="pl-c1">8</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mktuple8_qn</span>
+           <span class="pl-k">in</span> <span class="pl-en">mk_e_app</span> <span class="pl-c1">(</span><span class="pl-en">pack_ln</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_FVar</span> <span class="pl-c1">(</span><span class="pl-en">pack_fv</span> <span class="pl-en">qn</span><span class="pl-c1">)))</span> <span class="pl-en">ts</span>
+           <span class="pl-k">end</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">destruct_tuple</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">option</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">head</span><span class="pl-c1">,</span> <span class="pl-en">args</span> <span class="pl-c1">=</span> <span class="pl-en">collect_app</span> <span class="pl-en">t</span> <span class="pl-k">in</span>
+    <span class="pl-k">match</span> <span class="pl-en">inspect_ln</span> <span class="pl-en">head</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-en">fv</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">if</span> <span class="pl-smi">List.Tot.Base.</span><span class="pl-en">mem</span>
+                <span class="pl-c1">(</span><span class="pl-en">inspect_fv</span> <span class="pl-en">fv</span><span class="pl-c1">)</span> <span class="pl-c1">[</span><span class="pl-en">mktuple2_qn</span><span class="pl-c1">;</span> <span class="pl-en">mktuple3_qn</span><span class="pl-c1">;</span> <span class="pl-en">mktuple4_qn</span><span class="pl-c1">;</span> <span class="pl-en">mktuple5_qn</span><span class="pl-c1">;</span>
+                                 <span class="pl-en">mktuple6_qn</span><span class="pl-c1">;</span> <span class="pl-en">mktuple7_qn</span><span class="pl-c1">;</span> <span class="pl-en">mktuple8_qn</span><span class="pl-c1">]</span>
+        <span class="pl-k">then</span> <span class="pl-c1">Some</span> <span class="pl-c1">(</span><span class="pl-smi">List.Tot.Base.</span><span class="pl-en">concatMap</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">,</span> <span class="pl-en">q</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+                                      <span class="pl-k">match</span> <span class="pl-en">q</span> <span class="pl-k">with</span>
+                                      <span class="pl-c1">|</span> <span class="pl-c1">Q_Explicit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[</span><span class="pl-en">t</span><span class="pl-c1">]</span>
+                                      <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[])</span> <span class="pl-en">args</span><span class="pl-c1">)</span>
+        <span class="pl-k">else</span> <span class="pl-c1">None</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">None</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mkpair</span> <span class="pl-c1">(</span><span class="pl-en">t1</span> <span class="pl-en">t2</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">=</span>
+    <span class="pl-en">mktuple_n</span> <span class="pl-c1">[</span><span class="pl-en">t1</span><span class="pl-c1">;</span><span class="pl-en">t2</span><span class="pl-c1">]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">head</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">inspect_ln</span> <span class="pl-en">t</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_Match</span> <span class="pl-en">t</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_Let</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-en">t</span> <span class="pl-c1">_</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_Abs</span> <span class="pl-c1">_</span> <span class="pl-en">t</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_Refine</span> <span class="pl-c1">_</span> <span class="pl-en">t</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_App</span> <span class="pl-en">t</span> <span class="pl-c1">_</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_AscribedT</span> <span class="pl-en">t</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_AscribedC</span> <span class="pl-en">t</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">head</span> <span class="pl-en">t</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Tv_Unknown</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Tv_Uvar</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Tv_Const</span> <span class="pl-c1">_</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Tv_Type</span> <span class="pl-c1">_</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Tv_Var</span> <span class="pl-c1">_</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Tv_BVar</span> <span class="pl-c1">_</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-c1">_</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Tv_Arrow</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">nameof</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">inspect_ln</span> <span class="pl-en">t</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-en">fv</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">implode_qn</span> <span class="pl-c1">(</span><span class="pl-en">inspect_fv</span> <span class="pl-en">fv</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>?<span class="pl-pds">"</span></span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">is_uvar</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">inspect_ln</span> <span class="pl-c1">(</span><span class="pl-en">head</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_Uvar</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">true</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">false</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">binder_set_qual</span> <span class="pl-c1">(</span><span class="pl-en">q</span><span class="pl-c1">:</span><span class="pl-en">aqualv</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">binder</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">binder</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">bv</span><span class="pl-c1">,</span> <span class="pl-c1">(</span><span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-en">attrs</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">inspect_binder</span> <span class="pl-en">b</span> <span class="pl-k">in</span>
+  <span class="pl-en">pack_binder</span> <span class="pl-en">bv</span> <span class="pl-en">q</span> <span class="pl-en">attrs</span></pre></div>
+<h4>
+<a id="user-content-add_check_with" class="anchor" href="#add_check_with" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>add_check_with</h4>
+<p>Set a vconfig for a sigelt</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">add_check_with</span> <span class="pl-c1">:</span> <span class="pl-en">vconfig</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">sigelt</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">sigelt</span>
+<span class="pl-k">let</span> <span class="pl-en">add_check_with</span> <span class="pl-en">vcfg</span> <span class="pl-en">se</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">attrs</span> <span class="pl-c1">=</span> <span class="pl-en">sigelt_attrs</span> <span class="pl-en">se</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">vcfg_t</span> <span class="pl-c1">=</span> <span class="pl-en">embed_vconfig</span> <span class="pl-en">vcfg</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">t</span> <span class="pl-c1">=</span> <span class="pl-c1">`(</span><span class="pl-en">check_with</span> <span class="pl-c1">(`#</span><span class="pl-en">vcfg_t</span><span class="pl-c1">))</span> <span class="pl-k">in</span>
+  <span class="pl-en">set_sigelt_attrs</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">::</span> <span class="pl-en">attrs</span><span class="pl-c1">)</span> <span class="pl-en">se</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Reflection.Formula.html b/docs/FStar.Reflection.Formula.html
index 64554c8..10bd560 100644
--- a/docs/FStar.Reflection.Formula.html
+++ b/docs/FStar.Reflection.Formula.html
@@ -1,16 +1,215 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Reflection.Formula</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.reflection.formula">module FStar.Reflection.Formula</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarreflectionformula" class="anchor" href="#fstarreflectionformula" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Reflection.Formula</h1>
+<ul>
+<li>Opens module <a href="FStar.List.Tot.html">FStar.List.Tot</a>
+</li>
+<li>Opens module <a href="FStar.Tactics.Effect.html">FStar.Tactics.Effect</a>
+</li>
+<li>Opens module <a href="FStar.Tactics.Builtins.html">FStar.Tactics.Builtins</a>
+</li>
+<li>Opens module <a href="FStar.Reflection.Builtins.html">FStar.Reflection.Builtins</a>
+</li>
+<li>Opens module <a href="FStar.Reflection.Types.html">FStar.Reflection.Types</a>
+</li>
+<li>Opens module <a href="FStar.Reflection.Derived.html">FStar.Reflection.Derived</a>
+</li>
+<li>Opens module <a href="FStar.Reflection.Const.html">FStar.Reflection.Const</a>
+</li>
+<li>Opens module <a href="FStar.Reflection.Data.html">FStar.Reflection.Data</a>
+</li>
+</ul>
+<p>Cannot open FStar.Tactics.Derived here</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">fresh_bv</span> <span class="pl-c1">=</span> <span class="pl-en">fresh_bv_named</span> <span class="pl-s"><span class="pl-pds">"</span>x<span class="pl-pds">"</span></span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">noeq</span> <span class="pl-k">type</span> <span class="pl-en">comparison</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Eq</span>     <span class="pl-en">of</span> <span class="pl-en">option</span> <span class="pl-en">typ</span>  <span class="pl-c"><span class="pl-c">(*</span> Propositional equality (eq2), maybe annotated <span class="pl-c">*)</span></span>
+  <span class="pl-c1">|</span> <span class="pl-c1">BoolEq</span> <span class="pl-en">of</span> <span class="pl-en">option</span> <span class="pl-en">typ</span>  <span class="pl-c"><span class="pl-c">(*</span> Decidable, boolean equality (eq), maybe annotated <span class="pl-c">*)</span></span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Lt</span> <span class="pl-c1">|</span> <span class="pl-c1">Le</span> <span class="pl-c1">|</span> <span class="pl-c1">Gt</span> <span class="pl-c1">|</span> <span class="pl-c1">Ge</span>     <span class="pl-c"><span class="pl-c">(*</span> Orderings, at type `int` (and subtypes) <span class="pl-c">*)</span></span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">noeq</span> <span class="pl-k">type</span> <span class="pl-en">formula</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">True_</span>  <span class="pl-c1">:</span> <span class="pl-en">formula</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">False_</span> <span class="pl-c1">:</span> <span class="pl-en">formula</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Comp</span>   <span class="pl-c1">:</span> <span class="pl-en">comparison</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">formula</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">And</span>    <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">formula</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Or</span>     <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">formula</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Not</span>    <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">formula</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Implies</span><span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">formula</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Iff</span>    <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">formula</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Forall</span> <span class="pl-c1">:</span> <span class="pl-en">bv</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">formula</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Exists</span> <span class="pl-c1">:</span> <span class="pl-en">bv</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">formula</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">App</span>    <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">formula</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Name</span>   <span class="pl-c1">:</span> <span class="pl-en">bv</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">formula</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">FV</span>     <span class="pl-c1">:</span> <span class="pl-en">fv</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">formula</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">IntLit</span> <span class="pl-c1">:</span> <span class="pl-c1">int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">formula</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">F_Unknown</span> <span class="pl-c1">:</span> <span class="pl-en">formula</span> <span class="pl-c">// Also a baked-in "None"</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mk_Forall</span> <span class="pl-c1">(</span><span class="pl-en">typ</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">pred</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">formula</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">pack_bv</span> <span class="pl-c1">({</span> <span class="pl-en">bv_ppname</span> <span class="pl-c1">=</span> <span class="pl-s"><span class="pl-pds">"</span>x<span class="pl-pds">"</span></span><span class="pl-c1">;</span>
+                       <span class="pl-en">bv_sort</span> <span class="pl-c1">=</span> <span class="pl-en">typ</span><span class="pl-c1">;</span>
+                       <span class="pl-en">bv_index</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">;</span> <span class="pl-c1">})</span> <span class="pl-k">in</span>
+    <span class="pl-c1">Forall</span> <span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">pack_ln</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_App</span> <span class="pl-en">pred</span> <span class="pl-c1">(</span><span class="pl-en">pack_ln</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_BVar</span> <span class="pl-en">b</span><span class="pl-c1">),</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mk_Exists</span> <span class="pl-c1">(</span><span class="pl-en">typ</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">pred</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">formula</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">pack_bv</span> <span class="pl-c1">({</span> <span class="pl-en">bv_ppname</span> <span class="pl-c1">=</span> <span class="pl-s"><span class="pl-pds">"</span>x<span class="pl-pds">"</span></span><span class="pl-c1">;</span>
+                       <span class="pl-en">bv_sort</span> <span class="pl-c1">=</span> <span class="pl-en">typ</span><span class="pl-c1">;</span>
+                       <span class="pl-en">bv_index</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">;</span> <span class="pl-c1">})</span> <span class="pl-k">in</span>
+    <span class="pl-c1">Exists</span> <span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">pack_ln</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_App</span> <span class="pl-en">pred</span> <span class="pl-c1">(</span><span class="pl-en">pack_ln</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_BVar</span> <span class="pl-en">b</span><span class="pl-c1">),</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">term_as_formula'</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">formula</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">inspect_ln</span> <span class="pl-en">t</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_Var</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-c1">Name</span> <span class="pl-en">n</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-en">fv</span> <span class="pl-c1">-&gt;</span></pre></div>
+<p>Cannot use <code>when</code> clauses when verifying!</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">inspect_fv</span> <span class="pl-en">fv</span> <span class="pl-k">in</span>
+<span class="pl-k">if</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">true_qn</span> <span class="pl-k">then</span> <span class="pl-c1">True_</span>
+<span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">false_qn</span> <span class="pl-k">then</span> <span class="pl-c1">False_</span>
+<span class="pl-k">else</span> <span class="pl-c1">FV</span> <span class="pl-en">fv</span></pre></div>
+<p>TODO: l_Forall
+...or should we just try to drop all squashes?
+TODO: b2t at this point ?
+Non-annotated comparisons</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Tv_App</span> <span class="pl-en">h0</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">begin</span>
+    <span class="pl-k">let</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">,</span> <span class="pl-en">ts</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">collect_app</span> <span class="pl-en">h0</span> <span class="pl-k">in</span>
+    <span class="pl-k">match</span> <span class="pl-en">inspect_ln</span> <span class="pl-en">h</span><span class="pl-c1">,</span> <span class="pl-en">ts</span>@<span class="pl-c1">[</span><span class="pl-en">t</span><span class="pl-c1">]</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-en">fv</span><span class="pl-c1">,</span> <span class="pl-c1">[(</span><span class="pl-en">a1</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Implicit</span><span class="pl-c1">);</span> <span class="pl-c1">(</span><span class="pl-en">a2</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">);</span> <span class="pl-c1">(</span><span class="pl-en">a3</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">)]</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">let</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">inspect_fv</span> <span class="pl-en">fv</span> <span class="pl-k">in</span>
+        <span class="pl-k">if</span>      <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">eq2_qn</span> <span class="pl-k">then</span> <span class="pl-c1">Comp</span> <span class="pl-c1">(</span><span class="pl-c1">Eq</span>     <span class="pl-c1">(</span><span class="pl-c1">Some</span> <span class="pl-en">a1</span><span class="pl-c1">))</span> <span class="pl-en">a2</span> <span class="pl-en">a3</span>
+        <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">eq1_qn</span> <span class="pl-k">then</span> <span class="pl-c1">Comp</span> <span class="pl-c1">(</span><span class="pl-c1">BoolEq</span> <span class="pl-c1">(</span><span class="pl-c1">Some</span> <span class="pl-en">a1</span><span class="pl-c1">))</span> <span class="pl-en">a2</span> <span class="pl-en">a3</span>
+        <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">lt_qn</span>  <span class="pl-k">then</span> <span class="pl-c1">Comp</span> <span class="pl-c1">Lt</span> <span class="pl-en">a2</span> <span class="pl-en">a3</span>
+        <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">lte_qn</span> <span class="pl-k">then</span> <span class="pl-c1">Comp</span> <span class="pl-c1">Le</span> <span class="pl-en">a2</span> <span class="pl-en">a3</span>
+        <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">gt_qn</span>  <span class="pl-k">then</span> <span class="pl-c1">Comp</span> <span class="pl-c1">Gt</span> <span class="pl-en">a2</span> <span class="pl-en">a3</span>
+        <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">gte_qn</span> <span class="pl-k">then</span> <span class="pl-c1">Comp</span> <span class="pl-c1">Ge</span> <span class="pl-en">a2</span> <span class="pl-en">a3</span>
+        <span class="pl-k">else</span> <span class="pl-c1">App</span> <span class="pl-en">h0</span> <span class="pl-c1">(</span><span class="pl-en">fst</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-en">fv</span><span class="pl-c1">,</span> <span class="pl-c1">[(</span><span class="pl-en">a1</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">);</span> <span class="pl-c1">(</span><span class="pl-en">a2</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">)]</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">let</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">inspect_fv</span> <span class="pl-en">fv</span> <span class="pl-k">in</span>
+        <span class="pl-k">if</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">imp_qn</span> <span class="pl-k">then</span> <span class="pl-c1">Implies</span> <span class="pl-en">a1</span> <span class="pl-en">a2</span>
+        <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">and_qn</span> <span class="pl-k">then</span> <span class="pl-c1">And</span> <span class="pl-en">a1</span> <span class="pl-en">a2</span>
+        <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">iff_qn</span> <span class="pl-k">then</span> <span class="pl-c1">Iff</span> <span class="pl-en">a1</span> <span class="pl-en">a2</span>
+        <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">or_qn</span>  <span class="pl-k">then</span> <span class="pl-c1">Or</span> <span class="pl-en">a1</span> <span class="pl-en">a2</span>
+        <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">eq2_qn</span> <span class="pl-k">then</span> <span class="pl-c1">Comp</span> <span class="pl-c1">(</span><span class="pl-c1">Eq</span>     <span class="pl-c1">None</span><span class="pl-c1">)</span> <span class="pl-en">a1</span> <span class="pl-en">a2</span>
+        <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">eq1_qn</span> <span class="pl-k">then</span> <span class="pl-c1">Comp</span> <span class="pl-c1">(</span><span class="pl-c1">BoolEq</span> <span class="pl-c1">None</span><span class="pl-c1">)</span> <span class="pl-en">a1</span> <span class="pl-en">a2</span>
+        <span class="pl-k">else</span> <span class="pl-c1">App</span> <span class="pl-en">h0</span> <span class="pl-c1">(</span><span class="pl-en">fst</span> <span class="pl-en">t</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-en">fv</span><span class="pl-c1">,</span> <span class="pl-c1">[(</span><span class="pl-en">a1</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Implicit</span><span class="pl-c1">);</span> <span class="pl-c1">(</span><span class="pl-en">a2</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">)]</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">let</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">inspect_fv</span> <span class="pl-en">fv</span> <span class="pl-k">in</span>
+         <span class="pl-k">if</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">forall_qn</span> <span class="pl-k">then</span> <span class="pl-en">mk_Forall</span> <span class="pl-en">a1</span> <span class="pl-en">a2</span>
+    <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">exists_qn</span> <span class="pl-k">then</span> <span class="pl-en">mk_Exists</span> <span class="pl-en">a1</span> <span class="pl-en">a2</span>
+    <span class="pl-k">else</span> <span class="pl-c1">App</span> <span class="pl-en">h0</span> <span class="pl-c1">(</span><span class="pl-en">fst</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-en">fv</span><span class="pl-c1">,</span> <span class="pl-c1">[(</span><span class="pl-en">a</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">)]</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">let</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">inspect_fv</span> <span class="pl-en">fv</span> <span class="pl-k">in</span>
+    <span class="pl-k">if</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">not_qn</span> <span class="pl-k">then</span> <span class="pl-c1">Not</span> <span class="pl-en">a</span>
+    <span class="pl-k">else</span> <span class="pl-c1">App</span> <span class="pl-en">h0</span> <span class="pl-c1">(</span><span class="pl-en">fst</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+<span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">App</span> <span class="pl-en">h0</span> <span class="pl-c1">(</span><span class="pl-en">fst</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+<span class="pl-en">end</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Tv_Const</span> <span class="pl-c1">(</span><span class="pl-c1">C_Int</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">IntLit</span> <span class="pl-en">i</span></pre></div>
+<p>TODO: all these. Do we want to export them?</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Tv_Type</span> <span class="pl-c1">_</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Tv_Abs</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Tv_Refine</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Tv_Const</span> <span class="pl-c1">(</span><span class="pl-c1">C_Unit</span><span class="pl-c1">)</span>
+<span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">F_Unknown</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">is_name_imp</span> <span class="pl-c1">(</span><span class="pl-en">nm</span> <span class="pl-c1">:</span> <span class="pl-en">name</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span>
+    <span class="pl-k">begin</span> <span class="pl-k">match</span> <span class="pl-en">inspect_ln</span> <span class="pl-en">t</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-en">fv</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">if</span> <span class="pl-en">inspect_fv</span> <span class="pl-en">fv</span> <span class="pl-c1">=</span> <span class="pl-en">nm</span>
+        <span class="pl-k">then</span> <span class="pl-c1">true</span>
+        <span class="pl-k">else</span> <span class="pl-c1">false</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_App</span> <span class="pl-en">l</span> <span class="pl-c1">(</span><span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Implicit</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c">// ignore implicits</span>
+        <span class="pl-en">is_name_imp</span> <span class="pl-en">nm</span> <span class="pl-en">l</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">false</span>
+    <span class="pl-k">end</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">unsquash</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">option</span> <span class="pl-en">term</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">inspect_ln</span> <span class="pl-en">t</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_App</span> <span class="pl-en">l</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">if</span> <span class="pl-en">is_name_imp</span> <span class="pl-en">squash_qn</span> <span class="pl-en">l</span>
+        <span class="pl-k">then</span> <span class="pl-c1">Some</span> <span class="pl-en">r</span>
+        <span class="pl-k">else</span> <span class="pl-c1">None</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">None</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">unsquash_total</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">inspect_ln</span> <span class="pl-en">t</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_App</span> <span class="pl-en">l</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">if</span> <span class="pl-en">is_name_imp</span> <span class="pl-en">squash_qn</span> <span class="pl-en">l</span>
+        <span class="pl-k">then</span> <span class="pl-en">r</span>
+        <span class="pl-k">else</span> <span class="pl-en">t</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t</span></pre></div>
+<p>Unsquashing</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">term_as_formula</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">formula</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">unsquash</span> <span class="pl-en">t</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">F_Unknown</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-en">term_as_formula'</span> <span class="pl-en">t</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">term_as_formula_total</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">formula</span> <span class="pl-c1">=</span>
+    <span class="pl-en">term_as_formula'</span> <span class="pl-c1">(</span><span class="pl-en">unsquash_total</span> <span class="pl-en">t</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">formula_as_term_view</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">formula</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">term_view</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">mk_app'</span> <span class="pl-en">tv</span> <span class="pl-en">args</span> <span class="pl-c1">=</span> <span class="pl-smi">List.Tot.Base.</span><span class="pl-en">fold_left</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">tv</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tv_App</span> <span class="pl-c1">(</span><span class="pl-en">pack_ln</span> <span class="pl-en">tv</span><span class="pl-c1">)</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">tv</span> <span class="pl-en">args</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">e</span> <span class="pl-c1">=</span> <span class="pl-c1">Q_Explicit</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">Q_Implicit</span> <span class="pl-k">in</span>
+    <span class="pl-k">match</span> <span class="pl-en">f</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">True_</span>  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-c1">(</span><span class="pl-en">pack_fv</span> <span class="pl-en">true_qn</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">False_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-c1">(</span><span class="pl-en">pack_fv</span> <span class="pl-en">false_qn</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Comp</span> <span class="pl-c1">(</span><span class="pl-c1">Eq</span> <span class="pl-c1">None</span><span class="pl-c1">)</span>         <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mk_app'</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_FVar</span> <span class="pl-c1">(</span><span class="pl-en">pack_fv</span> <span class="pl-en">eq2_qn</span><span class="pl-c1">))</span> <span class="pl-c1">[(</span><span class="pl-en">l</span><span class="pl-c1">,</span><span class="pl-en">e</span><span class="pl-c1">);(</span><span class="pl-en">r</span><span class="pl-c1">,</span><span class="pl-en">e</span><span class="pl-c1">)]</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Comp</span> <span class="pl-c1">(</span><span class="pl-c1">Eq</span> <span class="pl-c1">(</span><span class="pl-c1">Some</span> <span class="pl-en">t</span><span class="pl-c1">))</span>     <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mk_app'</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_FVar</span> <span class="pl-c1">(</span><span class="pl-en">pack_fv</span> <span class="pl-en">eq2_qn</span><span class="pl-c1">))</span> <span class="pl-c1">[(</span><span class="pl-en">t</span><span class="pl-c1">,</span><span class="pl-en">i</span><span class="pl-c1">);(</span><span class="pl-en">l</span><span class="pl-c1">,</span><span class="pl-en">e</span><span class="pl-c1">);(</span><span class="pl-en">r</span><span class="pl-c1">,</span><span class="pl-en">e</span><span class="pl-c1">)]</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Comp</span> <span class="pl-c1">(</span><span class="pl-c1">BoolEq</span> <span class="pl-c1">None</span><span class="pl-c1">)</span>     <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mk_app'</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_FVar</span> <span class="pl-c1">(</span><span class="pl-en">pack_fv</span> <span class="pl-en">eq1_qn</span><span class="pl-c1">))</span> <span class="pl-c1">[(</span><span class="pl-en">l</span><span class="pl-c1">,</span><span class="pl-en">e</span><span class="pl-c1">);(</span><span class="pl-en">r</span><span class="pl-c1">,</span><span class="pl-en">e</span><span class="pl-c1">)]</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Comp</span> <span class="pl-c1">(</span><span class="pl-c1">BoolEq</span> <span class="pl-c1">(</span><span class="pl-c1">Some</span> <span class="pl-en">t</span><span class="pl-c1">))</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mk_app'</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_FVar</span> <span class="pl-c1">(</span><span class="pl-en">pack_fv</span> <span class="pl-en">eq1_qn</span><span class="pl-c1">))</span> <span class="pl-c1">[(</span><span class="pl-en">t</span><span class="pl-c1">,</span><span class="pl-en">i</span><span class="pl-c1">);(</span><span class="pl-en">l</span><span class="pl-c1">,</span><span class="pl-en">e</span><span class="pl-c1">);(</span><span class="pl-en">r</span><span class="pl-c1">,</span><span class="pl-en">e</span><span class="pl-c1">)]</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Comp</span> <span class="pl-c1">Lt</span> <span class="pl-en">l</span> <span class="pl-en">r</span>     <span class="pl-c1">-&gt;</span> <span class="pl-en">mk_app'</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_FVar</span> <span class="pl-c1">(</span><span class="pl-en">pack_fv</span> <span class="pl-en">lt_qn</span><span class="pl-c1">))</span>  <span class="pl-c1">[(</span><span class="pl-en">l</span><span class="pl-c1">,</span><span class="pl-en">e</span><span class="pl-c1">);(</span><span class="pl-en">r</span><span class="pl-c1">,</span><span class="pl-en">e</span><span class="pl-c1">)]</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Comp</span> <span class="pl-c1">Le</span> <span class="pl-en">l</span> <span class="pl-en">r</span>     <span class="pl-c1">-&gt;</span> <span class="pl-en">mk_app'</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_FVar</span> <span class="pl-c1">(</span><span class="pl-en">pack_fv</span> <span class="pl-en">lte_qn</span><span class="pl-c1">))</span> <span class="pl-c1">[(</span><span class="pl-en">l</span><span class="pl-c1">,</span><span class="pl-en">e</span><span class="pl-c1">);(</span><span class="pl-en">r</span><span class="pl-c1">,</span><span class="pl-en">e</span><span class="pl-c1">)]</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Comp</span> <span class="pl-c1">Gt</span> <span class="pl-en">l</span> <span class="pl-en">r</span>     <span class="pl-c1">-&gt;</span> <span class="pl-en">mk_app'</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_FVar</span> <span class="pl-c1">(</span><span class="pl-en">pack_fv</span> <span class="pl-en">gt_qn</span><span class="pl-c1">))</span>  <span class="pl-c1">[(</span><span class="pl-en">l</span><span class="pl-c1">,</span><span class="pl-en">e</span><span class="pl-c1">);(</span><span class="pl-en">r</span><span class="pl-c1">,</span><span class="pl-en">e</span><span class="pl-c1">)]</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Comp</span> <span class="pl-c1">Ge</span> <span class="pl-en">l</span> <span class="pl-en">r</span>     <span class="pl-c1">-&gt;</span> <span class="pl-en">mk_app'</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_FVar</span> <span class="pl-c1">(</span><span class="pl-en">pack_fv</span> <span class="pl-en">gte_qn</span><span class="pl-c1">))</span> <span class="pl-c1">[(</span><span class="pl-en">l</span><span class="pl-c1">,</span><span class="pl-en">e</span><span class="pl-c1">);(</span><span class="pl-en">r</span><span class="pl-c1">,</span><span class="pl-en">e</span><span class="pl-c1">)]</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">And</span> <span class="pl-en">p</span> <span class="pl-en">q</span>         <span class="pl-c1">-&gt;</span> <span class="pl-en">mk_app'</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_FVar</span> <span class="pl-c1">(</span><span class="pl-en">pack_fv</span> <span class="pl-en">and_qn</span><span class="pl-c1">))</span> <span class="pl-c1">[(</span><span class="pl-en">p</span><span class="pl-c1">,</span><span class="pl-en">e</span><span class="pl-c1">);(</span><span class="pl-en">q</span><span class="pl-c1">,</span><span class="pl-en">e</span><span class="pl-c1">)]</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Or</span>  <span class="pl-en">p</span> <span class="pl-en">q</span>         <span class="pl-c1">-&gt;</span> <span class="pl-en">mk_app'</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_FVar</span> <span class="pl-c1">(</span><span class="pl-en">pack_fv</span>  <span class="pl-en">or_qn</span><span class="pl-c1">))</span> <span class="pl-c1">[(</span><span class="pl-en">p</span><span class="pl-c1">,</span><span class="pl-en">e</span><span class="pl-c1">);(</span><span class="pl-en">q</span><span class="pl-c1">,</span><span class="pl-en">e</span><span class="pl-c1">)]</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Implies</span> <span class="pl-en">p</span> <span class="pl-en">q</span>     <span class="pl-c1">-&gt;</span> <span class="pl-en">mk_app'</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_FVar</span> <span class="pl-c1">(</span><span class="pl-en">pack_fv</span> <span class="pl-en">imp_qn</span><span class="pl-c1">))</span> <span class="pl-c1">[(</span><span class="pl-en">p</span><span class="pl-c1">,</span><span class="pl-en">e</span><span class="pl-c1">);(</span><span class="pl-en">q</span><span class="pl-c1">,</span><span class="pl-en">e</span><span class="pl-c1">)]</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Not</span> <span class="pl-en">p</span>           <span class="pl-c1">-&gt;</span> <span class="pl-en">mk_app'</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_FVar</span> <span class="pl-c1">(</span><span class="pl-en">pack_fv</span> <span class="pl-en">not_qn</span><span class="pl-c1">))</span> <span class="pl-c1">[(</span><span class="pl-en">p</span><span class="pl-c1">,</span><span class="pl-en">e</span><span class="pl-c1">)]</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Iff</span> <span class="pl-en">p</span> <span class="pl-en">q</span>         <span class="pl-c1">-&gt;</span> <span class="pl-en">mk_app'</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_FVar</span> <span class="pl-c1">(</span><span class="pl-en">pack_fv</span> <span class="pl-en">iff_qn</span><span class="pl-c1">))</span> <span class="pl-c1">[(</span><span class="pl-en">p</span><span class="pl-c1">,</span><span class="pl-en">e</span><span class="pl-c1">);(</span><span class="pl-en">q</span><span class="pl-c1">,</span><span class="pl-en">e</span><span class="pl-c1">)]</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Forall</span> <span class="pl-en">b</span> <span class="pl-en">t</span>      <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tv_Unknown</span> <span class="pl-c">// TODO: decide on meaning of this</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Exists</span> <span class="pl-en">b</span> <span class="pl-en">t</span>      <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tv_Unknown</span> <span class="pl-c">// TODO: ^</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">App</span> <span class="pl-en">p</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Tv_App</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-en">q</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Name</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Tv_Var</span> <span class="pl-en">b</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">FV</span> <span class="pl-en">fv</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Tv_FVar</span> <span class="pl-en">fv</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">IntLit</span> <span class="pl-en">i</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Tv_Const</span> <span class="pl-c1">(</span><span class="pl-c1">C_Int</span> <span class="pl-en">i</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">F_Unknown</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Tv_Unknown</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">formula_as_term</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">formula</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">term</span> <span class="pl-c1">=</span>
+    <span class="pl-en">pack_ln</span> <span class="pl-c1">(</span><span class="pl-en">formula_as_term_view</span> <span class="pl-en">f</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">formula_to_string</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">formula</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">f</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">True_</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>True_<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">False_</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>False_<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Comp</span> <span class="pl-c1">(</span><span class="pl-c1">Eq</span> <span class="pl-en">mt</span><span class="pl-c1">)</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Eq<span class="pl-pds">"</span></span> <span class="pl-c1">^</span>
+                        <span class="pl-c1">(</span><span class="pl-k">match</span> <span class="pl-en">mt</span> <span class="pl-k">with</span>
+                         <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span><span class="pl-pds">"</span></span>
+                         <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span> (<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">t</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span><span class="pl-c1">)</span> <span class="pl-c1">^</span>
+                        <span class="pl-s"><span class="pl-pds">"</span> (<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">l</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>) (<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">r</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Comp</span> <span class="pl-c1">(</span><span class="pl-c1">BoolEq</span> <span class="pl-en">mt</span><span class="pl-c1">)</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>BoolEq<span class="pl-pds">"</span></span> <span class="pl-c1">^</span>
+                        <span class="pl-c1">(</span><span class="pl-k">match</span> <span class="pl-en">mt</span> <span class="pl-k">with</span>
+                         <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span><span class="pl-pds">"</span></span>
+                         <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span> (<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">t</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span><span class="pl-c1">)</span> <span class="pl-c1">^</span>
+                        <span class="pl-s"><span class="pl-pds">"</span> (<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">l</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>) (<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">r</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Comp</span> <span class="pl-c1">Lt</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Lt (<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">l</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>) (<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">r</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Comp</span> <span class="pl-c1">Le</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Le (<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">l</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>) (<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">r</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Comp</span> <span class="pl-c1">Gt</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Gt (<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">l</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>) (<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">r</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Comp</span> <span class="pl-c1">Ge</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Ge (<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">l</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>) (<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">r</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">And</span> <span class="pl-en">p</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>And (<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">p</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>) (<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">q</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Or</span>  <span class="pl-en">p</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span>  <span class="pl-s"><span class="pl-pds">"</span>Or (<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">p</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>) (<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">q</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Implies</span> <span class="pl-en">p</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span>  <span class="pl-s"><span class="pl-pds">"</span>Implies (<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">p</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>) (<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">q</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Not</span> <span class="pl-en">p</span> <span class="pl-c1">-&gt;</span>  <span class="pl-s"><span class="pl-pds">"</span>Not (<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">p</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Iff</span> <span class="pl-en">p</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span>  <span class="pl-s"><span class="pl-pds">"</span>Iff (<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">p</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>) (<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">q</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Forall</span> <span class="pl-en">bs</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Forall &lt;bs&gt; (<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">t</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Exists</span> <span class="pl-en">bs</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Exists &lt;bs&gt; (<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">t</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">App</span> <span class="pl-en">p</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span>  <span class="pl-s"><span class="pl-pds">"</span>App (<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">p</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>) (<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">q</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Name</span> <span class="pl-en">bv</span> <span class="pl-c1">-&gt;</span>  <span class="pl-s"><span class="pl-pds">"</span>Name (<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">bv_to_string</span> <span class="pl-en">bv</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">FV</span> <span class="pl-en">fv</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>FV (<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">flatten_name</span> <span class="pl-c1">(</span><span class="pl-en">inspect_fv</span> <span class="pl-en">fv</span><span class="pl-c1">)</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">IntLit</span> <span class="pl-en">i</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Int <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">string_of_int</span> <span class="pl-en">i</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">F_Unknown</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>?<span class="pl-pds">"</span></span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Reflection.Types.html b/docs/FStar.Reflection.Types.html
index 9c2381d..fdee178 100644
--- a/docs/FStar.Reflection.Types.html
+++ b/docs/FStar.Reflection.Types.html
@@ -1,16 +1,31 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Reflection.Types</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.reflection.types">module FStar.Reflection.Types</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarreflectiontypes" class="anchor" href="#fstarreflectiontypes" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Reflection.Types</h1>
+<ul>
+<li>Includes module <a href="FStar.VConfig.html">FStar.VConfig</a>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">assume</span> <span class="pl-k">new</span> <span class="pl-k">type</span> <span class="pl-en">binder</span>
+<span class="pl-k">assume</span> <span class="pl-k">new</span> <span class="pl-k">type</span> <span class="pl-en">bv</span>
+<span class="pl-k">assume</span> <span class="pl-k">new</span> <span class="pl-k">type</span> <span class="pl-en">term</span>
+<span class="pl-k">assume</span> <span class="pl-k">new</span> <span class="pl-k">type</span> <span class="pl-en">env</span>
+<span class="pl-k">assume</span> <span class="pl-k">new</span> <span class="pl-k">type</span> <span class="pl-en">fv</span>
+<span class="pl-k">assume</span> <span class="pl-k">new</span> <span class="pl-k">type</span> <span class="pl-en">comp</span>
+<span class="pl-k">assume</span> <span class="pl-k">new</span> <span class="pl-k">type</span> <span class="pl-en">sigelt</span> <span class="pl-c">// called `def` in the paper, but we keep the internal name here</span>
+<span class="pl-k">assume</span> <span class="pl-k">new</span> <span class="pl-k">type</span> <span class="pl-en">ctx_uvar_and_subst</span>
+<span class="pl-k">assume</span> <span class="pl-k">new</span> <span class="pl-k">type</span> <span class="pl-en">letbinding</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">name</span> <span class="pl-c1">:</span> <span class="pl-c1">eqtype</span> <span class="pl-c1">=</span> <span class="pl-en">list</span> <span class="pl-c1">string</span>
+<span class="pl-k">type</span> <span class="pl-en">ident</span> <span class="pl-c1">=</span> <span class="pl-en">range</span> * <span class="pl-c1">string</span>
+<span class="pl-k">type</span> <span class="pl-en">univ_name</span> <span class="pl-c1">=</span> <span class="pl-en">ident</span>
+<span class="pl-k">type</span> <span class="pl-en">typ</span>     <span class="pl-c1">=</span> <span class="pl-en">term</span>
+<span class="pl-k">type</span> <span class="pl-en">binders</span> <span class="pl-c1">=</span> <span class="pl-en">list</span> <span class="pl-en">binder</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Reflection.html b/docs/FStar.Reflection.html
index 0dc917f..ae6a3a7 100644
--- a/docs/FStar.Reflection.html
+++ b/docs/FStar.Reflection.html
@@ -1,16 +1,27 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Reflection</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.reflection">module FStar.Reflection</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarreflection" class="anchor" href="#fstarreflection" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Reflection</h1>
+<ul>
+<li>Includes module <a href="FStar.Reflection.Types.html">FStar.Reflection.Types</a>
+</li>
+<li>Includes module <a href="FStar.Reflection.Data.html">FStar.Reflection.Data</a>
+</li>
+<li>Includes module <a href="FStar.Reflection.Builtins.html">FStar.Reflection.Builtins</a>
+</li>
+<li>Includes module <a href="FStar.Reflection.Derived.html">FStar.Reflection.Derived</a>
+</li>
+<li>Includes module <a href="FStar.Reflection.Derived.Lemmas.html">FStar.Reflection.Derived.Lemmas</a>
+</li>
+<li>Includes module <a href="FStar.Reflection.Const.html">FStar.Reflection.Const</a>
+</li>
+</ul>
+
 </body>
 </html>
diff --git a/docs/FStar.ReflexiveTransitiveClosure.html b/docs/FStar.ReflexiveTransitiveClosure.html
index ee7dbc4..ff1c78d 100644
--- a/docs/FStar.ReflexiveTransitiveClosure.html
+++ b/docs/FStar.ReflexiveTransitiveClosure.html
@@ -1,64 +1,61 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.ReflexiveTransitiveClosure</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.reflexivetransitiveclosure">module FStar.ReflexiveTransitiveClosure</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> closure_step:Unidentified product: [#a:Type0] Unidentified product: [r:relation a] Unidentified product: [x:a] Unidentified product: [y:a] (Lemma ((requires r x y)) ((ensures closure r x y)) (Prims<span class="kw">.</span>Cons (SMTPat (closure r x y)) (Prims<span class="kw">.</span>Nil )))</code></pre></div>
+<h1>
+<a id="user-content-fstarreflexivetransitiveclosure" class="anchor" href="#fstarreflexivetransitiveclosure" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.ReflexiveTransitiveClosure</h1>
+<blockquote>
+<p>This module defines the reflexive transitive closure of a
+relation. That is, the smallest preorder that includes it.</p>
+<p>Closures are convenient for defining monotonic memory references:</p>
+<ul>
+<li>
+<p>Define a <code>step</code> relation and take <code>closure step</code> as the
+monotonic relation of the reference.</p>
+</li>
+<li>
+<p>To witness a property of the value of the reference, one must
+show that the property is stable with respect to <code>closure step</code>,
+but this boils down to proving that is stable with respect to
+<code>step</code> (see lemma <a href="#stable_on_closure"><code>stable_on_closure</code></a> below).</p>
+</li>
+</ul>
+<p>See examples/preorder/Closure.fst for usage examples.</p>
+</blockquote>
+<ul>
+<li>Opens module <a href="FStar.Preorder.html">FStar.Preorder</a>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">closure</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">preorder</span> <span class="pl-en">a</span></pre></div>
+<h4>
+<a id="user-content-closure_step" class="anchor" href="#closure_step" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>closure_step</h4>
 <p><code>closure r</code> includes <code>r</code></p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> closure_inversion:Unidentified product: [#a:Type0] Unidentified product: [r:relation a] Unidentified product: [x:a] Unidentified product: [y:a] (Lemma ((requires closure r x y)) ((ensures \/(==(x, y), (exists z.{:pattern } /\(r x z, closure r z y))))) (Prims<span class="kw">.</span>Cons (SMTPat (closure r x y)) (Prims<span class="kw">.</span>Nil )))</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">closure_step</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">r</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">closure</span> <span class="pl-en">r</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">closure</span> <span class="pl-en">r</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)]</span></pre></div>
+<h4>
+<a id="user-content-closure_inversion" class="anchor" href="#closure_inversion" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>closure_inversion</h4>
 <p><code>closure r</code> is the smallest preorder that includes <code>r</code></p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> stable_on_closure:Unidentified product: [#a:Type0] Unidentified product: [r:relation a] Unidentified product: [p:(Unidentified product: [a] Type0)] Unidentified product: [p_stable_on_r:(squash (forall x y.{:pattern (p y); (r x y)} ==&gt;(/\(p x, r x y), p y)))] (Lemma (forall x y.{:pattern (closure r x y)} ==&gt;(/\(p x, closure r x y), p y)))</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">closure_inversion</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">closure</span> <span class="pl-en">r</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+          <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">y</span> <span class="pl-c1">\/</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-en">z</span><span class="pl-c1">.</span> <span class="pl-en">r</span> <span class="pl-en">x</span> <span class="pl-en">z</span> <span class="pl-c1">/\</span> <span class="pl-en">closure</span> <span class="pl-en">r</span> <span class="pl-en">z</span> <span class="pl-en">y</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-stable_on_closure" class="anchor" href="#stable_on_closure" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>stable_on_closure</h4>
 <ul>
-<li>A predicate that is stable on <code>r</code> is stable on <code>closure r</code></li>
-<li></li>
+<li>A predicate that is stable on <code>r</code> is stable on <code>closure r</code>
+</li>
+<li>
+</li>
 <li>This is useful to witness properties of monotonic references where</li>
 <li>the monotonicity relation is the closure of a step relation.</li>
 </ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">stable_on_closure</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0)</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">p_stable_on_r</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">.{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">y</span><span class="pl-c1">);</span> <span class="pl-c1">(</span><span class="pl-en">r</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)}</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-c1">/\</span> <span class="pl-en">r</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">p</span> <span class="pl-en">y</span><span class="pl-c1">))</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">.{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">closure</span> <span class="pl-en">r</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)}</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-c1">/\</span> <span class="pl-en">closure</span> <span class="pl-en">r</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">p</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.ST.html b/docs/FStar.ST.html
index be1d92e..4a8eea4 100644
--- a/docs/FStar.ST.html
+++ b/docs/FStar.ST.html
@@ -1,55 +1,111 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.ST</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.st">module FStar.ST</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">*** Global ST (GST) effect <span class="kw">with</span> put, get, witness, <span class="kw">and</span> recall ****</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">*** ST effect ****</code></pre></div>
+<h1>
+<a id="user-content-fstarst" class="anchor" href="#fstarst" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.ST</h1>
+<ul>
+<li>
+<p>Opens module <a href="FStar.TSet.html">FStar.TSet</a></p>
+</li>
+<li>
+<p>Opens module <a href="FStar.Heap.html">FStar.Heap</a></p>
+</li>
+<li>
+<p>Opens module <a href="FStar.Preorder.html">FStar.Preorder</a></p>
+</li>
+<li>
+<p>Aliases module <a href="FStar.Monotonic.Witnessed.html"> FStar.Monotonic.Witnessed</a> as <code>W </code></p>
+</li>
+</ul>
+<h3>
+<a id="user-content-global-st-gst-effect-with-put-get-witness-and-recall-" class="anchor" href="#global-st-gst-effect-with-put-get-witness-and-recall-" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Global ST (GST) effect with put, get, witness, and recall ****</h3>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">new_effect</span> <span class="pl-c1">GST</span> <span class="pl-c1">=</span> <span class="pl-c1">STATE_h</span> <span class="pl-en">heap</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">gst_pre</span>           <span class="pl-c1">=</span> <span class="pl-en">st_pre_h</span> <span class="pl-en">heap</span>
+<span class="pl-k">let</span> <span class="pl-en">gst_post'</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">pre</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-en">st_post_h'</span> <span class="pl-en">heap</span> <span class="pl-en">a</span> <span class="pl-en">pre</span>
+<span class="pl-k">let</span> <span class="pl-en">gst_post</span>  <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-en">st_post_h</span> <span class="pl-en">heap</span> <span class="pl-en">a</span>
+<span class="pl-k">let</span> <span class="pl-en">gst_wp</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span>   <span class="pl-c1">=</span> <span class="pl-en">st_wp_h</span> <span class="pl-en">heap</span> <span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">lift_div_gst</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp</span><span class="pl-c1">:</span><span class="pl-en">pure_wp</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">gst_post</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">wp</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-en">a</span> <span class="pl-en">h</span><span class="pl-c1">)</span>
+<span class="pl-en">sub_effect</span> <span class="pl-c1">DIV</span> <span class="pl-c1">~&gt;</span> <span class="pl-c1">GST</span> <span class="pl-c1">=</span> <span class="pl-en">lift_div_gst</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">heap_rel</span> <span class="pl-c1">(</span><span class="pl-en">h1</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h2</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">).</span> <span class="pl-en">h1</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span> <span class="pl-c1">==&gt;</span>
+                                               <span class="pl-c1">(</span><span class="pl-en">h2</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span> <span class="pl-en">rel</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-en">h1</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-en">h2</span> <span class="pl-en">r</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">gst_get</span><span class="pl-c1">:</span> <span class="pl-c1">unit</span>    <span class="pl-c1">-&gt;</span> <span class="pl-c1">GST</span> <span class="pl-en">heap</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">p</span> <span class="pl-en">h0</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-en">h0</span> <span class="pl-en">h0</span><span class="pl-c1">)</span>
+<span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">gst_put</span><span class="pl-c1">:</span> <span class="pl-en">h1</span><span class="pl-c1">:</span><span class="pl-en">heap</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GST</span> <span class="pl-c1">unit</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">p</span> <span class="pl-en">h0</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">heap_rel</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span> <span class="pl-en">p</span> <span class="pl-c1">()</span> <span class="pl-en">h1</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">heap_predicate</span> <span class="pl-c1">=</span> <span class="pl-en">heap</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">stable</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">heap_predicate</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">h1</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h2</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">).</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span> <span class="pl-en">heap_rel</span> <span class="pl-en">h1</span> <span class="pl-en">h2</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">p</span> <span class="pl-en">h2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-s"><span class="pl-pds">"</span>opaque_to_smt<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">heap_predicate</span><span class="pl-c1">{</span><span class="pl-en">stable</span> <span class="pl-en">p</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Type0</span> <span class="pl-c1">=</span> <span class="pl-smi">W.</span><span class="pl-en">witnessed</span> <span class="pl-en">heap_rel</span> <span class="pl-en">p</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">gst_witness</span><span class="pl-c1">:</span> <span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">heap_predicate</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GST</span> <span class="pl-c1">unit</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">post</span> <span class="pl-en">h0</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">stable</span> <span class="pl-en">p</span> <span class="pl-c1">/\</span> <span class="pl-en">p</span> <span class="pl-en">h0</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-en">witnessed</span> <span class="pl-en">p</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">post</span> <span class="pl-c1">()</span> <span class="pl-en">h0</span><span class="pl-c1">))</span>
+<span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">gst_recall</span><span class="pl-c1">:</span>  <span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">heap_predicate</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GST</span> <span class="pl-c1">unit</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">post</span> <span class="pl-en">h0</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">stable</span> <span class="pl-en">p</span> <span class="pl-c1">/\</span> <span class="pl-en">witnessed</span> <span class="pl-en">p</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">h0</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">post</span> <span class="pl-c1">()</span> <span class="pl-en">h0</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_functoriality</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">heap_predicate</span><span class="pl-c1">{</span><span class="pl-en">stable</span> <span class="pl-en">p</span> <span class="pl-c1">/\</span> <span class="pl-en">witnessed</span> <span class="pl-en">p</span><span class="pl-c1">})</span>
+                        <span class="pl-c1">(</span><span class="pl-en">q</span><span class="pl-c1">:</span><span class="pl-en">heap_predicate</span><span class="pl-c1">{</span><span class="pl-en">stable</span> <span class="pl-en">q</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">).</span> <span class="pl-en">p</span> <span class="pl-en">h</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">q</span> <span class="pl-en">h</span><span class="pl-c1">)})</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">witnessed</span> <span class="pl-en">q</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_functoriality</span> <span class="pl-en">p</span> <span class="pl-en">q</span> <span class="pl-c1">=</span>
+  <span class="pl-en">reveal_opaque</span> <span class="pl-c1">(`</span>%<span class="pl-en">witnessed</span><span class="pl-c1">)</span> <span class="pl-en">witnessed</span><span class="pl-c1">;</span>
+  <span class="pl-smi">W.</span><span class="pl-en">lemma_witnessed_weakening</span> <span class="pl-en">heap_rel</span> <span class="pl-en">p</span> <span class="pl-en">q</span></pre></div>
+<h3>
+<a id="user-content-st-effect-" class="anchor" href="#st-effect-" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>ST effect ****</h3>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">st_pre</span>   <span class="pl-c1">=</span> <span class="pl-en">gst_pre</span>
+<span class="pl-k">let</span> <span class="pl-en">st_post'</span> <span class="pl-c1">=</span> <span class="pl-en">gst_post'</span>
+<span class="pl-k">let</span> <span class="pl-en">st_post</span>  <span class="pl-c1">=</span> <span class="pl-en">gst_post</span>
+<span class="pl-k">let</span> <span class="pl-en">st_wp</span>    <span class="pl-c1">=</span> <span class="pl-en">gst_wp</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">new_effect</span> <span class="pl-c1">STATE</span> <span class="pl-c1">=</span> <span class="pl-c1">GST</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">lift_gst_state</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp</span><span class="pl-c1">:</span><span class="pl-en">gst_wp</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">wp</span>
+<span class="pl-en">sub_effect</span> <span class="pl-c1">GST</span> <span class="pl-c1">~&gt;</span> <span class="pl-c1">STATE</span> <span class="pl-c1">=</span> <span class="pl-en">lift_gst_state</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">effect</span> <span class="pl-c1">State</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp</span><span class="pl-c1">:</span><span class="pl-en">st_wp</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">STATE</span> <span class="pl-en">a</span> <span class="pl-en">wp</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">effect</span> <span class="pl-c1">ST</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">pre</span><span class="pl-c1">:</span><span class="pl-en">st_pre</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">post</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">st_post'</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">pre</span> <span class="pl-en">h</span><span class="pl-c1">))))</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">STATE</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">st_post</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">pre</span> <span class="pl-en">h</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">a</span> <span class="pl-en">h1</span><span class="pl-c1">.</span> <span class="pl-en">post</span> <span class="pl-en">h</span> <span class="pl-en">a</span> <span class="pl-en">h1</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">p</span> <span class="pl-en">a</span> <span class="pl-en">h1</span><span class="pl-c1">))</span>
+<span class="pl-en">effect</span> <span class="pl-c1">St</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-c1">ST</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-en">r</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">contains_pred</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-k">fun</span> <span class="pl-en">h</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">h</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">mref</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-smi">Heap.</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">{</span><span class="pl-en">is_mm</span> <span class="pl-en">r</span> <span class="pl-c1">=</span> <span class="pl-c1">false</span> <span class="pl-c1">/\</span> <span class="pl-en">witnessed</span> <span class="pl-c1">(</span><span class="pl-en">contains_pred</span> <span class="pl-en">r</span><span class="pl-c1">)}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">recall</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-c1">STATE</span> <span class="pl-c1">unit</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">p</span> <span class="pl-en">h</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">Heap.</span><span class="pl-en">contains</span> <span class="pl-en">h</span> <span class="pl-en">r</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">p</span> <span class="pl-c1">()</span> <span class="pl-en">h</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-en">gst_recall</span> <span class="pl-c1">(</span><span class="pl-en">contains_pred</span> <span class="pl-en">r</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">alloc</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">init</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">ST</span> <span class="pl-c1">(</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-en">r</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fresh</span> <span class="pl-en">r</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span> <span class="pl-en">modifies</span> <span class="pl-smi">Set.</span><span class="pl-en">empty</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span> <span class="pl-en">sel</span> <span class="pl-en">h1</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-en">init</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-en">h0</span> <span class="pl-c1">=</span> <span class="pl-en">gst_get</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">r</span><span class="pl-c1">,</span> <span class="pl-en">h1</span> <span class="pl-c1">=</span> <span class="pl-en">alloc</span> <span class="pl-en">rel</span> <span class="pl-en">h0</span> <span class="pl-en">init</span> <span class="pl-c1">false</span> <span class="pl-k">in</span>
+    <span class="pl-en">gst_put</span> <span class="pl-en">h1</span><span class="pl-c1">;</span>
+    <span class="pl-en">gst_witness</span> <span class="pl-c1">(</span><span class="pl-en">contains_pred</span> <span class="pl-en">r</span><span class="pl-c1">);</span>
+    <span class="pl-en">r</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">read</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-c1">STATE</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">p</span> <span class="pl-en">h</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">h</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-en">h0</span> <span class="pl-c1">=</span> <span class="pl-en">gst_get</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+    <span class="pl-en">gst_recall</span> <span class="pl-c1">(</span><span class="pl-en">contains_pred</span> <span class="pl-en">r</span><span class="pl-c1">);</span>
+    <span class="pl-smi">Heap.</span><span class="pl-en">lemma_sel_equals_sel_tot_for_contained_refs</span> <span class="pl-en">h0</span> <span class="pl-en">r</span><span class="pl-c1">;</span>
+    <span class="pl-en">sel_tot</span> <span class="pl-en">h0</span> <span class="pl-en">r</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">write</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">ST</span> <span class="pl-c1">unit</span>
+    <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">rel</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">v</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-en">x</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">rel</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-en">h0</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">v</span> <span class="pl-c1">/\</span> <span class="pl-en">h0</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span>
+                 <span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">singleton</span> <span class="pl-c1">(</span><span class="pl-en">addr_of</span> <span class="pl-en">r</span><span class="pl-c1">))</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span> <span class="pl-en">equal_dom</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span>
+                 <span class="pl-en">sel</span> <span class="pl-en">h1</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-en">v</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-en">h0</span> <span class="pl-c1">=</span> <span class="pl-en">gst_get</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+    <span class="pl-en">gst_recall</span> <span class="pl-c1">(</span><span class="pl-en">contains_pred</span> <span class="pl-en">r</span><span class="pl-c1">);</span>
+    <span class="pl-k">let</span> <span class="pl-en">h1</span> <span class="pl-c1">=</span> <span class="pl-en">upd_tot</span> <span class="pl-en">h0</span> <span class="pl-en">r</span> <span class="pl-en">v</span> <span class="pl-k">in</span>
+    <span class="pl-smi">Heap.</span><span class="pl-en">lemma_distinct_addrs_distinct_preorders</span> <span class="pl-c1">();</span>
+    <span class="pl-smi">Heap.</span><span class="pl-en">lemma_distinct_addrs_distinct_mm</span> <span class="pl-c1">();</span>
+    <span class="pl-smi">Heap.</span><span class="pl-en">lemma_upd_equals_upd_tot_for_contained_refs</span> <span class="pl-en">h0</span> <span class="pl-en">r</span> <span class="pl-en">v</span><span class="pl-c1">;</span>
+    <span class="pl-en">gst_put</span> <span class="pl-en">h1</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">get</span> <span class="pl-c1">(</span><span class="pl-en">u</span><span class="pl-c1">:unit)</span> <span class="pl-c1">:</span><span class="pl-c1">ST</span> <span class="pl-en">heap</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-en">h</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">h0</span><span class="pl-c1">==</span><span class="pl-en">h1</span> <span class="pl-c1">/\</span> <span class="pl-en">h</span><span class="pl-c1">==</span><span class="pl-en">h1</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">gst_get</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">op_Bang</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">STATE</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">p</span> <span class="pl-en">h</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">h</span><span class="pl-c1">)</span>
+<span class="pl-c1">=</span> <span class="pl-en">read</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">rel</span> <span class="pl-en">r</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">op_Colon_Equals</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-en">rel</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">ST</span> <span class="pl-c1">unit</span>
+    <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">rel</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-en">h</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">v</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">h0</span> <span class="pl-en">x</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">rel</span> <span class="pl-c1">(</span><span class="pl-en">sel</span> <span class="pl-en">h0</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-en">v</span> <span class="pl-c1">/\</span> <span class="pl-en">h0</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span>
+                 <span class="pl-en">modifies</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">singleton</span> <span class="pl-c1">(</span><span class="pl-en">addr_of</span> <span class="pl-en">r</span><span class="pl-c1">))</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span> <span class="pl-en">equal_dom</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span> <span class="pl-c1">/\</span>
+                 <span class="pl-en">sel</span> <span class="pl-en">h1</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-en">v</span><span class="pl-c1">)</span>
+<span class="pl-c1">=</span> <span class="pl-en">write</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">rel</span> <span class="pl-en">r</span> <span class="pl-en">v</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">ref</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">=</span> <span class="pl-en">mref</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">trivial_preorder</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">modifies_none</span> <span class="pl-c1">(</span><span class="pl-en">h0</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h1</span><span class="pl-c1">:</span><span class="pl-en">heap</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">modifies</span> <span class="pl-c1">!{}</span> <span class="pl-en">h0</span> <span class="pl-en">h1</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Seq.Base.html b/docs/FStar.Seq.Base.html
index c27b611..94a320b 100644
--- a/docs/FStar.Seq.Base.html
+++ b/docs/FStar.Seq.Base.html
@@ -1,16 +1,153 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Seq.Base</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.seq.base">module FStar.Seq.Base</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<p>A logical theory of sequences indexed by natural numbers in [0, n)</p>
+<h1>
+<a id="user-content-fstarseqbase" class="anchor" href="#fstarseqbase" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Seq.Base</h1>
+<p>#set-options "--initial_fuel 0 --max_fuel 0 --initial_ifuel 1 --max_ifuel 1"</p>
+<ul>
+<li>Aliases module <a href="FStar.List.Tot.html"> FStar.List.Tot</a> as <code>List </code>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">new</span> <span class="pl-k">val</span> <span class="pl-en">seq</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span></pre></div>
+<p>Destructors</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">length</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">nat</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">index</span><span class="pl-c1">:</span>  <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">create</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">init_aux</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">len</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:nat{</span><span class="pl-en">k</span> &lt; <span class="pl-en">len</span><span class="pl-c1">})</span> <span class="pl-c1">(</span><span class="pl-en">contents</span><span class="pl-c1">:(</span><span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">{</span> <span class="pl-en">i</span> &lt; <span class="pl-en">len</span> <span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">inline_for_extraction</span> <span class="pl-k">val</span> <span class="pl-en">init</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">len</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">contents</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">{</span> <span class="pl-en">i</span> &lt; <span class="pl-en">len</span> <span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">init_aux_ghost</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">len</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:nat{</span><span class="pl-en">k</span> &lt; <span class="pl-en">len</span><span class="pl-c1">})</span> <span class="pl-c1">(</span><span class="pl-en">contents</span><span class="pl-c1">:(</span><span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">{</span> <span class="pl-en">i</span> &lt; <span class="pl-en">len</span> <span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">inline_for_extraction</span> <span class="pl-k">val</span> <span class="pl-en">init_ghost</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">len</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">contents</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">{</span> <span class="pl-en">i</span> &lt; <span class="pl-en">len</span> <span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">empty</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:(</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">){</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">=</span><span class="pl-c1">0</span><span class="pl-c1">})</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>Seq.empty<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">createEmpty</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:(</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">){</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">=</span><span class="pl-c1">0</span><span class="pl-c1">})</span>
+    <span class="pl-c1">=</span> <span class="pl-en">empty</span> <span class="pl-c1">#</span><span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_empty</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">s</span> <span class="pl-c1">==</span> <span class="pl-en">empty</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">upd</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">n</span><span class="pl-c1">:nat{</span><span class="pl-en">n</span> &lt; <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>  <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">append</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">op_At_Bar</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">slice</span><span class="pl-c1">:</span>  <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">j</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">j</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<p>Lemmas about length</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_create_len</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">n</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">create</span> <span class="pl-en">n</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">create</span> <span class="pl-en">n</span> <span class="pl-en">i</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_init_len</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">n</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">contents</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">{</span> <span class="pl-en">i</span> &lt; <span class="pl-en">n</span> <span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">init</span> <span class="pl-en">n</span> <span class="pl-en">contents</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">init</span> <span class="pl-en">n</span> <span class="pl-en">contents</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">lemma_init_aux_len</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:nat{</span><span class="pl-en">k</span> &lt; <span class="pl-en">n</span><span class="pl-c1">})</span> <span class="pl-c1">(</span><span class="pl-en">contents</span><span class="pl-c1">:(</span><span class="pl-en">i</span><span class="pl-c1">:nat{</span> <span class="pl-en">i</span> &lt; <span class="pl-en">n</span> <span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">init_aux</span> <span class="pl-en">n</span> <span class="pl-en">k</span> <span class="pl-en">contents</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">k</span><span class="pl-c1">))</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">init_aux</span> <span class="pl-en">n</span> <span class="pl-en">k</span> <span class="pl-en">contents</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_init_ghost_len</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">n</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">contents</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">{</span> <span class="pl-en">i</span> &lt; <span class="pl-en">n</span> <span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">init_ghost</span> <span class="pl-en">n</span> <span class="pl-en">contents</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">init_ghost</span> <span class="pl-en">n</span> <span class="pl-en">contents</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">lemma_init_ghost_aux_len</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:nat{</span><span class="pl-en">k</span> &lt; <span class="pl-en">n</span><span class="pl-c1">})</span> <span class="pl-c1">(</span><span class="pl-en">contents</span><span class="pl-c1">:(</span><span class="pl-en">i</span><span class="pl-c1">:nat{</span> <span class="pl-en">i</span> &lt; <span class="pl-en">n</span> <span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">init_aux_ghost</span> <span class="pl-en">n</span> <span class="pl-en">k</span> <span class="pl-en">contents</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">k</span><span class="pl-c1">))</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">init_aux_ghost</span> <span class="pl-en">n</span> <span class="pl-en">k</span> <span class="pl-en">contents</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_len_upd</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">n</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">n</span> &lt; <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">s</span> <span class="pl-en">n</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">s</span> <span class="pl-en">n</span> <span class="pl-en">v</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_len_append</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s1</span> <span class="pl-c1">+</span> <span class="pl-en">length</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_len_slice</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">j</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">j</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">j</span> <span class="pl-c1">-</span> <span class="pl-en">i</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">))]</span></pre></div>
+<p>Lemmas about index</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_index_create</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">n</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">create</span> <span class="pl-en">n</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-en">v</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">create</span> <span class="pl-en">n</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_index_upd1</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">n</span><span class="pl-c1">:nat{</span><span class="pl-en">n</span> &lt; <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">s</span> <span class="pl-en">n</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-en">n</span> <span class="pl-c1">==</span> <span class="pl-en">v</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">s</span> <span class="pl-en">n</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_index_upd2</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">n</span><span class="pl-c1">:nat{</span><span class="pl-en">n</span> &lt; <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span>&lt;&gt;<span class="pl-en">n</span> <span class="pl-c1">/\</span> <span class="pl-en">i</span> &lt; <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">s</span> <span class="pl-en">n</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">i</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">s</span> <span class="pl-en">n</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_index_app1</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">length</span> <span class="pl-en">s1</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-en">index</span> <span class="pl-en">s1</span> <span class="pl-en">i</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_index_app2</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">length</span> <span class="pl-en">s1</span> <span class="pl-c1">+</span> <span class="pl-en">length</span> <span class="pl-en">s2</span> <span class="pl-c1">/\</span> <span class="pl-en">length</span> <span class="pl-en">s1</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">i</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-en">index</span> <span class="pl-en">s2</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">-</span> <span class="pl-en">length</span> <span class="pl-en">s1</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_index_slice</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">j</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span> <span class="pl-c1">/\</span> <span class="pl-en">j</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">k</span><span class="pl-c1">:nat{</span><span class="pl-en">k</span> &lt; <span class="pl-en">j</span> <span class="pl-c1">-</span> <span class="pl-en">i</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-en">k</span> <span class="pl-c1">==</span> <span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-en">k</span> <span class="pl-c1">+</span> <span class="pl-en">i</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-en">k</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">hasEq_lemma</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">hasEq</span> <span class="pl-en">a</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">hasEq</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)))</span> <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-k">hasEq</span>  <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@ <span class="pl-en">remove_unused_type_parameters</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">;</span> <span class="pl-c1">1</span><span class="pl-c1">;</span> <span class="pl-c1">2</span><span class="pl-c1">]]</span>
+<span class="pl-k">val</span> <span class="pl-en">equal</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">prop</span></pre></div>
+<p>decidable equality</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">eq_i</span><span class="pl-c1">:</span>
+  <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">s1</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s2</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s1</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:bool{</span><span class="pl-en">r</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">j</span><span class="pl-c1">.</span> <span class="pl-c1">(</span><span class="pl-en">j</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">i</span> <span class="pl-c1">/\</span> <span class="pl-en">j</span> &lt; <span class="pl-en">length</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s1</span> <span class="pl-en">j</span> <span class="pl-c1">=</span> <span class="pl-en">index</span> <span class="pl-en">s2</span> <span class="pl-en">j</span><span class="pl-c1">))})</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">eq</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:bool{</span><span class="pl-en">r</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">equal</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">})</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_eq_intro</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+     <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">s1</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s2</span>
+               <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">length</span> <span class="pl-en">s1</span><span class="pl-c1">}).{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s1</span> <span class="pl-en">i</span><span class="pl-c1">);</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s2</span> <span class="pl-en">i</span><span class="pl-c1">)}</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s1</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-en">index</span> <span class="pl-en">s2</span> <span class="pl-en">i</span><span class="pl-c1">))))</span>
+     <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+     <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_eq_refl</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+     <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-c1">==</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+     <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+     <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_eq_elim</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+     <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+     <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">==</span><span class="pl-en">s2</span><span class="pl-c1">))</span>
+     <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)]</span></pre></div>
+<p>Properties of <code>append</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">append_assoc</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span> <span class="pl-en">s3</span><span class="pl-c1">:</span> <span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-en">s3</span> <span class="pl-c1">==</span> <span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">s2</span> <span class="pl-en">s3</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">append_empty_l</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">empty</span> <span class="pl-en">s</span> <span class="pl-c1">==</span> <span class="pl-en">s</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">append_empty_r</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">s</span> <span class="pl-en">empty</span> <span class="pl-c1">==</span> <span class="pl-en">s</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">init_index</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">len</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">contents</span><span class="pl-c1">:(</span><span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">{</span> <span class="pl-en">i</span> &lt; <span class="pl-en">len</span> <span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">len</span><span class="pl-c1">}).</span> <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">init</span> <span class="pl-en">len</span> <span class="pl-en">contents</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-en">contents</span> <span class="pl-en">i</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">init_index_</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">len</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">contents</span><span class="pl-c1">:(</span><span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">{</span> <span class="pl-en">i</span> &lt; <span class="pl-en">len</span> <span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">j</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">j</span> &lt; <span class="pl-en">len</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">init</span> <span class="pl-en">len</span> <span class="pl-en">contents</span><span class="pl-c1">)</span> <span class="pl-en">j</span> <span class="pl-c1">==</span> <span class="pl-en">contents</span> <span class="pl-en">j</span><span class="pl-c1">))</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">init</span> <span class="pl-en">len</span> <span class="pl-en">contents</span><span class="pl-c1">)</span> <span class="pl-en">j</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">init_ghost_index</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">len</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">contents</span><span class="pl-c1">:(</span><span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">{</span> <span class="pl-en">i</span> &lt; <span class="pl-en">len</span> <span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">len</span><span class="pl-c1">}).</span> <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">init_ghost</span> <span class="pl-en">len</span> <span class="pl-en">contents</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-en">contents</span> <span class="pl-en">i</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">init_ghost_index_</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">len</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">contents</span><span class="pl-c1">:(</span><span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">{</span> <span class="pl-en">i</span> &lt; <span class="pl-en">len</span> <span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-en">a</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">j</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">j</span> &lt; <span class="pl-en">len</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">init_ghost</span> <span class="pl-en">len</span> <span class="pl-en">contents</span><span class="pl-c1">)</span> <span class="pl-en">j</span> <span class="pl-c1">==</span> <span class="pl-en">contents</span> <span class="pl-en">j</span><span class="pl-c1">))</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">init_ghost</span> <span class="pl-en">len</span> <span class="pl-en">contents</span><span class="pl-c1">)</span> <span class="pl-en">j</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_equal_instances_implies_equal_types</span> <span class="pl-c1">(</span><span class="pl-c1">_</span><span class="pl-c1">:unit)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">b</span><span class="pl-c1">).</span> <span class="pl-en">s1</span> <span class="pl-c1">===</span> <span class="pl-en">s2</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">==</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Seq.Permutation.html b/docs/FStar.Seq.Permutation.html
new file mode 100644
index 0000000..3d85318
--- /dev/null
+++ b/docs/FStar.Seq.Permutation.html
@@ -0,0 +1,93 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+  <title>FStar.Seq.Permutation</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
+</head>
+<body>
+<h1>
+<a id="user-content-fstarseqpermutation" class="anchor" href="#fstarseqpermutation" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Seq.Permutation</h1>
+<ul>
+<li>Opens module <a href="FStar.Seq.html">FStar.Seq</a>
+Copyright 2021 Microsoft Research</li>
+</ul>
+<p>Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at</p>
+<pre><code>http://www.apache.org/licenses/LICENSE-2.0
+</code></pre>
+<p>Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.</p>
+<p>Author: N. Swamy</p>
+<p>This module defines a permutation on sequences as a bijection among
+the sequence indices relating equal elements.</p>
+<p>It defines a few utilities to work with such permutations.</p>
+<p>Notably:</p>
+<ol>
+<li>
+<p>Given two sequence with equal element counts, it constructs a
+permutation.</p>
+</li>
+<li>
+<p>Folding the multiplication of a commutative monoid over a
+sequence and its permutation produces the same result</p>
+</li>
+</ol>
+<p>A bounded natural number</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">nat_at_most</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">=</span> <span class="pl-en">m</span><span class="pl-c1">:nat</span> <span class="pl-c1">{</span> <span class="pl-en">m</span> &lt; <span class="pl-en">n</span> <span class="pl-c1">}</span></pre></div>
+<p>A function from the indices of <code>s</code> to itself</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">index_fun</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">nat_at_most</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">nat_at_most</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">)</span></pre></div>
+<p>An abstract predicate defining when an index_fun is a permutation</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">is_permutation</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">s0</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">index_fun</span> <span class="pl-en">s0</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">prop</span></pre></div>
+<p>Revealing the intepretation of is_permutation</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">reveal_is_permutation</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">s0</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">index_fun</span> <span class="pl-en">s0</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">is_permutation</span> <span class="pl-en">s0</span> <span class="pl-en">s1</span> <span class="pl-en">f</span> <span class="pl-c1">&lt;==&gt;</span></pre></div>
+<p>lengths of the sequences are the same</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s0</span> <span class="pl-c1">==</span> <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s1</span> <span class="pl-c1">/\</span></pre></div>
+<p>f is injective</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">.</span> <span class="pl-c1">{:pattern</span> <span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">;</span> <span class="pl-en">f</span> <span class="pl-en">y</span><span class="pl-c1">}</span>
+  <span class="pl-en">x</span> &lt;&gt; <span class="pl-en">y</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">f</span> <span class="pl-en">x</span> &lt;&gt; <span class="pl-en">f</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span></pre></div>
+<p>and f relates equal items in s0 and s1</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s0</span><span class="pl-c1">}).{:pattern</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-en">s1</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">i</span><span class="pl-c1">))}</span>
+   <span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-en">s0</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-en">s1</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">i</span><span class="pl-c1">)))</span></pre></div>
+<p>A seqperm is an index_fun that is also a permutation</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">seqperm</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">s0</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">index_fun</span> <span class="pl-en">s0</span> <span class="pl-c1">{</span> <span class="pl-en">is_permutation</span> <span class="pl-en">s0</span> <span class="pl-en">s1</span> <span class="pl-en">f</span> <span class="pl-c1">}</span></pre></div>
+<p>We can construct a permutation from
+sequences whose element counts are the same</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">permutation_from_equal_counts</span>
+      <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span>
+      <span class="pl-c1">(</span><span class="pl-en">s0</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">count</span> <span class="pl-en">x</span> <span class="pl-en">s0</span> <span class="pl-c1">==</span> <span class="pl-en">count</span> <span class="pl-en">x</span> <span class="pl-en">s1</span><span class="pl-c1">)})</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">seqperm</span> <span class="pl-en">s0</span> <span class="pl-en">s1</span><span class="pl-c1">)</span></pre></div>
+<p>Now, some utilities related to commutative monoids and permutations</p>
+<ul>
+<li>Aliases module <a href="FStar.Algebra.CommMonoid.html"> FStar.Algebra.CommMonoid</a> as <code>CM </code>
+</li>
+</ul>
+<p>folding a m.mult over a sequence</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">foldm_snoc</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-smi">CM.</span><span class="pl-en">cm</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">foldr_snoc</span> <span class="pl-en">m</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-en">s</span> <span class="pl-en">m</span><span class="pl-c1">.unit</span></pre></div>
+<p>folding m over the concatenation of s1 and s2
+can be decomposed into a fold over s1 and a fold over s2</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">foldm_snoc_append</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-smi">CM.</span><span class="pl-en">cm</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">foldm_snoc</span> <span class="pl-en">m</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">m</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-c1">(</span><span class="pl-en">foldm_snoc</span> <span class="pl-en">m</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">foldm_snoc</span> <span class="pl-en">m</span> <span class="pl-en">s2</span><span class="pl-c1">))</span></pre></div>
+<p>folds over concatenated lists can is symmetric</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">foldm_snoc_sym</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-smi">CM.</span><span class="pl-en">cm</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">foldm_snoc</span> <span class="pl-en">m</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">foldm_snoc</span> <span class="pl-en">m</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">s2</span> <span class="pl-en">s1</span><span class="pl-c1">))</span></pre></div>
+<p>And, finally, if s0 and s1 are permutations,
+then folding m over them is identical</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">foldm_snoc_perm</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-c1">_</span><span class="pl-c1">)</span>
+               <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-smi">CM.</span><span class="pl-en">cm</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+               <span class="pl-c1">(</span><span class="pl-en">s0</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+               <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+               <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">seqperm</span> <span class="pl-en">s0</span> <span class="pl-en">s1</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">foldm_snoc</span> <span class="pl-en">m</span> <span class="pl-en">s0</span>  <span class="pl-c1">==</span> <span class="pl-en">foldm_snoc</span> <span class="pl-en">m</span> <span class="pl-en">s1</span><span class="pl-c1">)</span></pre></div>
+
+</body>
+</html>
diff --git a/docs/FStar.Seq.Properties.html b/docs/FStar.Seq.Properties.html
index 2d0eb2f..e4ce453 100644
--- a/docs/FStar.Seq.Properties.html
+++ b/docs/FStar.Seq.Properties.html
@@ -1,58 +1,613 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Seq.Properties</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.seq.properties">module FStar.Seq.Properties</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> More properties, <span class="kw">with</span> <span class="kw">new</span> naming conventions </code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">pragma</code></pre></div>
-<p>Dealing efficiently with <code>seq_of_list</code> by meta-evaluating conjunctions over an entire list.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((sortWith (#a:eqtype) (f:Unidentified product: [a] Unidentified product: [a] (Tot <span class="dt">int</span>)) (s:<span class="dt">seq</span> a)):(Tot (<span class="dt">seq</span> a))):seq_of_list (List<span class="kw">.</span>Tot<span class="kw">.</span>Base<span class="kw">.</span>sortWith f (seq_to_list s))</code></pre></div>
-<p>**** sortWith *****</p>
+<h1>
+<a id="user-content-fstarseqproperties" class="anchor" href="#fstarseqproperties" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Seq.Properties</h1>
+<ul>
+<li>Opens module <a href="FStar.Seq.Base.html">FStar.Seq.Base</a>
+</li>
+<li>Aliases module <a href="FStar.Seq.Base.html"> FStar.Seq.Base</a> as <code>Seq </code>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lseq</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">=</span>
+    <span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-smi">Seq.</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">{</span> <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">==</span> <span class="pl-en">l</span> <span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">indexable</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">Seq.</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">j</span><span class="pl-c1">:int)</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span> <span class="pl-c1">/\</span> <span class="pl-en">j</span> &lt; <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_append_inj_l</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">s1</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">t1</span> <span class="pl-c1">/\</span> <span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">)}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">length</span> <span class="pl-en">s1</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s1</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-en">index</span> <span class="pl-en">t1</span> <span class="pl-en">i</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_append_inj_r</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">s1</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">t1</span> <span class="pl-c1">/\</span> <span class="pl-en">length</span> <span class="pl-en">s2</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">t2</span> <span class="pl-c1">/\</span> <span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">)}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">length</span> <span class="pl-en">s2</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s2</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-en">index</span> <span class="pl-en">t2</span> <span class="pl-en">i</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_append_len_disj</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">{(</span><span class="pl-en">length</span> <span class="pl-en">s1</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">t1</span> <span class="pl-c1">\/</span> <span class="pl-en">length</span> <span class="pl-en">s2</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">t2</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">))}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">s1</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">t1</span> <span class="pl-c1">/\</span> <span class="pl-en">length</span> <span class="pl-en">s2</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">t2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_append_inj</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">s1</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">t1</span> <span class="pl-c1">\/</span> <span class="pl-en">length</span> <span class="pl-en">s2</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">t2</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">)))</span>
+           <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">s1</span> <span class="pl-en">t1</span> <span class="pl-c1">/\</span> <span class="pl-en">equal</span> <span class="pl-en">s2</span> <span class="pl-en">t2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">head</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">s</span> &gt; <span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-c1">0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">tail</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">s</span> &gt; <span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-c1">1</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_head_append</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">s1</span> &gt; <span class="pl-c1">0</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">head</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">head</span> <span class="pl-en">s1</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_tail_append</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">s1</span> &gt; <span class="pl-c1">0</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">tail</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">tail</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-en">s2</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">last</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">s</span> &gt; <span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">cons</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">create</span> <span class="pl-c1">1</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-en">s</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_cons_inj</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v1</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v2</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-en">cons</span> <span class="pl-en">v1</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">cons</span> <span class="pl-en">v2</span> <span class="pl-en">s2</span><span class="pl-c1">)))</span>
+          <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">v1</span> <span class="pl-c1">==</span> <span class="pl-en">v2</span> <span class="pl-c1">/\</span> <span class="pl-en">equal</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">split</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat{(</span><span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">i</span> <span class="pl-c1">/\</span> <span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">)})</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">a</span> * <span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-c1">0</span> <span class="pl-en">i</span><span class="pl-c1">,</span> <span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_split</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{(</span><span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">i</span> <span class="pl-c1">/\</span> <span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">)}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">fst</span> <span class="pl-c1">(</span><span class="pl-en">split</span> <span class="pl-en">s</span> <span class="pl-en">i</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">snd</span> <span class="pl-c1">(</span><span class="pl-en">split</span> <span class="pl-en">s</span> <span class="pl-en">i</span><span class="pl-c1">))</span> <span class="pl-c1">==</span> <span class="pl-en">s</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">split_eq</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat{(</span><span class="pl-c1">0</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">i</span> <span class="pl-c1">/\</span> <span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">)})</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Pure</span>
+  <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">a</span> * <span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">fst</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">snd</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">s</span><span class="pl-c1">)))</span>
+<span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">split</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-k">in</span>
+  <span class="pl-en">lemma_split</span> <span class="pl-en">s</span> <span class="pl-en">i</span><span class="pl-c1">;</span>
+  <span class="pl-en">x</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">count</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">nat</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+<span class="pl-c1">=</span> <span class="pl-k">if</span> <span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-c1">0</span>
+  <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">head</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-en">x</span>
+  <span class="pl-k">then</span> <span class="pl-c1">1</span> <span class="pl-c1">+</span> <span class="pl-en">count</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">tail</span> <span class="pl-en">s</span><span class="pl-c1">)</span>
+  <span class="pl-k">else</span> <span class="pl-en">count</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">tail</span> <span class="pl-en">s</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mem</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">count</span> <span class="pl-en">x</span> <span class="pl-en">l</span> &gt; <span class="pl-c1">0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mem_index</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-en">i</span><span class="pl-c1">.</span> <span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<p>index_mem:
+A utility function that finds the first index of
+<code>x</code> in <code>s</code>, given that we know the <code>x</code> is actually contained in <code>s</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">index_mem</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">nat</span>
+           <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+           <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">i</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span> &lt; <span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">/\</span> <span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+           <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+    <span class="pl-c1">=</span> <span class="pl-k">if</span> <span class="pl-en">head</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-en">x</span> <span class="pl-k">then</span> <span class="pl-c1">0</span>
+      <span class="pl-k">else</span> <span class="pl-c1">1</span> <span class="pl-c1">+</span> <span class="pl-en">index_mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">tail</span> <span class="pl-en">s</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">swap</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span>&lt;<span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">})</span> <span class="pl-c1">(</span><span class="pl-en">j</span><span class="pl-c1">:nat{</span><span class="pl-en">j</span>&lt;<span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">=</span> <span class="pl-en">upd</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">s</span> <span class="pl-en">j</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">i</span><span class="pl-c1">))</span> <span class="pl-en">i</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">j</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_slice_append</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">s1</span> &gt;<span class="pl-c1">=</span> <span class="pl-c1">1</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s1</span> <span class="pl-c1">0</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s1</span> <span class="pl-c1">1</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">s1</span><span class="pl-c1">))</span> <span class="pl-en">s2</span><span class="pl-c1">))))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_slice_first_in_append</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s1</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)))</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s1</span> <span class="pl-en">i</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">s1</span><span class="pl-c1">))</span> <span class="pl-en">s2</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">slice_upd</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">j</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span> <span class="pl-c1">/\</span> <span class="pl-en">j</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">k</span><span class="pl-c1">:nat{</span><span class="pl-en">k</span> &lt; <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">k</span> &lt; <span class="pl-en">i</span> <span class="pl-c1">\/</span> <span class="pl-en">j</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">k</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-en">slice</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">s</span> <span class="pl-en">k</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-en">j</span> <span class="pl-c1">==</span> <span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">s</span> <span class="pl-en">k</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">upd_slice</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">j</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span> <span class="pl-c1">/\</span> <span class="pl-en">j</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">k</span><span class="pl-c1">:nat{</span><span class="pl-en">k</span> &lt; <span class="pl-en">j</span> <span class="pl-c1">-</span> <span class="pl-en">i</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">i</span> <span class="pl-c1">+</span> <span class="pl-en">k</span> &lt; <span class="pl-en">j</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-en">upd</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-en">k</span> <span class="pl-en">v</span> <span class="pl-c1">==</span> <span class="pl-en">slice</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">+</span> <span class="pl-en">k</span><span class="pl-c1">)</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">upd</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-en">k</span> <span class="pl-en">v</span><span class="pl-c1">)]</span></pre></div>
+<p>TODO: should be renamed cons_head_append, or something like that (because it is NOT related to (append (cons _ _) _))</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_append_cons</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">s1</span> &gt; <span class="pl-c1">0</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">cons</span> <span class="pl-c1">(</span><span class="pl-en">head</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">tail</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-en">s2</span><span class="pl-c1">))))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_tl</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">hd</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">tl</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-en">tail</span> <span class="pl-c1">(</span><span class="pl-en">cons</span> <span class="pl-en">hd</span> <span class="pl-en">tl</span><span class="pl-c1">))</span> <span class="pl-en">tl</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">sorted</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+<span class="pl-c1">=</span> <span class="pl-k">if</span> <span class="pl-en">length</span> <span class="pl-en">s</span> &lt;<span class="pl-c1">=</span> <span class="pl-c1">1</span>
+  <span class="pl-k">then</span> <span class="pl-c1">true</span>
+  <span class="pl-k">else</span> <span class="pl-k">let</span> <span class="pl-en">hd</span> <span class="pl-c1">=</span> <span class="pl-en">head</span> <span class="pl-en">s</span> <span class="pl-k">in</span>
+       <span class="pl-en">f</span> <span class="pl-en">hd</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">sorted</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">tail</span> <span class="pl-en">s</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sorted_feq</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span>
+               <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">g</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool))</span>
+               <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-k">forall</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">.</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">g</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">})</span>
+   <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">sorted</span> <span class="pl-en">f</span> <span class="pl-en">s</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">sorted</span> <span class="pl-en">g</span> <span class="pl-en">s</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_append_count</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">lo</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">hi</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">count</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">lo</span> <span class="pl-en">hi</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">count</span> <span class="pl-en">x</span> <span class="pl-en">lo</span> <span class="pl-c1">+</span> <span class="pl-en">count</span> <span class="pl-en">x</span> <span class="pl-en">hi</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_append_count_aux</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">lo</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">hi</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">count</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">lo</span> <span class="pl-en">hi</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">count</span> <span class="pl-en">x</span> <span class="pl-en">lo</span> <span class="pl-c1">+</span> <span class="pl-en">count</span> <span class="pl-en">x</span> <span class="pl-en">hi</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_mem_inversion</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">s</span> &gt; <span class="pl-c1">0</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">=</span><span class="pl-en">head</span> <span class="pl-en">s</span> <span class="pl-c1">||</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">tail</span> <span class="pl-en">s</span><span class="pl-c1">))))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_mem_count</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span>&lt;<span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}).</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">i</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_count_slice</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span>&lt;<span class="pl-c1">=</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">count</span> <span class="pl-en">x</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-en">count</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-c1">0</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-en">count</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">))))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">total_order</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool))</span> <span class="pl-c1">=</span>
+    <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">a</span><span class="pl-c1">.</span> <span class="pl-en">f</span> <span class="pl-en">a</span> <span class="pl-en">a</span><span class="pl-c1">)</span>                                           <span class="pl-c"><span class="pl-c">(*</span> reflexivity   <span class="pl-c">*)</span></span>
+    <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">a1</span> <span class="pl-en">a2</span><span class="pl-c1">.</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">a1</span> <span class="pl-en">a2</span> <span class="pl-c1">/\</span> <span class="pl-en">a1</span>&lt;&gt;<span class="pl-en">a2</span><span class="pl-c1">)</span>  <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">a2</span> <span class="pl-en">a1</span><span class="pl-c1">))</span>  <span class="pl-c"><span class="pl-c">(*</span> anti-symmetry <span class="pl-c">*)</span></span>
+    <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">a1</span> <span class="pl-en">a2</span> <span class="pl-en">a3</span><span class="pl-c1">.</span> <span class="pl-en">f</span> <span class="pl-en">a1</span> <span class="pl-en">a2</span> <span class="pl-c1">/\</span> <span class="pl-en">f</span> <span class="pl-en">a2</span> <span class="pl-en">a3</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">f</span> <span class="pl-en">a1</span> <span class="pl-en">a3</span><span class="pl-c1">)</span>        <span class="pl-c"><span class="pl-c">(*</span> transitivity  <span class="pl-c">*)</span></span>
+<span class="pl-k">type</span> <span class="pl-en">tot_ord</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">=</span> <span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool){</span><span class="pl-en">total_order</span> <span class="pl-en">a</span> <span class="pl-en">f</span><span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sorted_concat_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span>
+                      <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool){</span><span class="pl-en">total_order</span> <span class="pl-en">a</span> <span class="pl-en">f</span><span class="pl-c1">}</span>
+                      <span class="pl-c1">-&gt;</span> <span class="pl-en">lo</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">sorted</span> <span class="pl-en">f</span> <span class="pl-en">lo</span><span class="pl-c1">}</span>
+                      <span class="pl-c1">-&gt;</span> <span class="pl-en">pivot</span><span class="pl-c1">:</span><span class="pl-en">a</span>
+                      <span class="pl-c1">-&gt;</span> <span class="pl-en">hi</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">sorted</span> <span class="pl-en">f</span> <span class="pl-en">hi</span><span class="pl-c1">}</span>
+                      <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">y</span><span class="pl-c1">.</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">y</span> <span class="pl-en">lo</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">f</span> <span class="pl-en">y</span> <span class="pl-en">pivot</span><span class="pl-c1">)</span>
+                                                 <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">y</span> <span class="pl-en">hi</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">f</span> <span class="pl-en">pivot</span> <span class="pl-en">y</span><span class="pl-c1">)))</span>
+                               <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">sorted</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">lo</span> <span class="pl-c1">(</span><span class="pl-en">cons</span> <span class="pl-en">pivot</span> <span class="pl-en">hi</span><span class="pl-c1">))))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">split_5</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">j</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">j</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">j</span> &lt; <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span>
+            <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">5</span>
+             <span class="pl-c1">/\</span> <span class="pl-en">equal</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">x</span> <span class="pl-c1">0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">x</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">x</span> <span class="pl-c1">2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">x</span> <span class="pl-c1">3</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">x</span> <span class="pl-c1">4</span><span class="pl-c1">)))))</span>
+             <span class="pl-c1">/\</span> <span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">x</span> <span class="pl-c1">0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-c1">0</span> <span class="pl-en">i</span><span class="pl-c1">)</span>
+             <span class="pl-c1">/\</span> <span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">x</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">+</span><span class="pl-c1">1</span><span class="pl-c1">))</span>
+             <span class="pl-c1">/\</span> <span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">x</span> <span class="pl-c1">2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">+</span><span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">j</span><span class="pl-c1">)</span>
+             <span class="pl-c1">/\</span> <span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">x</span> <span class="pl-c1">3</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">j</span> <span class="pl-c1">(</span><span class="pl-en">j</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">))</span>
+             <span class="pl-c1">/\</span> <span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">x</span> <span class="pl-c1">4</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-en">j</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">)))))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_swap_permutes_aux_frag_eq</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span>&lt;<span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">j</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">j</span>&lt;<span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span>
+                          <span class="pl-c1">-&gt;</span> <span class="pl-en">i'</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">j'</span><span class="pl-c1">:nat{</span><span class="pl-en">i'</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j'</span> <span class="pl-c1">/\</span> <span class="pl-en">j'</span>&lt;<span class="pl-c1">=</span><span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">/\</span>
+                                              <span class="pl-c1">(</span><span class="pl-en">j</span> &lt; <span class="pl-en">i'</span>  <span class="pl-c">//high slice</span>
+                                              <span class="pl-c1">\/</span> <span class="pl-en">j'</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">i</span> <span class="pl-c">//low slice</span>
+                                              <span class="pl-c1">\/</span> <span class="pl-c1">(</span><span class="pl-en">i</span> &lt; <span class="pl-en">i'</span> <span class="pl-c1">/\</span> <span class="pl-en">j'</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span><span class="pl-c1">))</span> <span class="pl-c">//mid slice</span>
+                                              <span class="pl-c1">}</span>
+                          <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">i'</span> <span class="pl-en">j'</span> <span class="pl-c1">==</span> <span class="pl-en">slice</span> <span class="pl-c1">(</span><span class="pl-en">swap</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-en">i'</span> <span class="pl-en">j'</span>
+                                            <span class="pl-c1">/\</span> <span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">slice</span> <span class="pl-c1">(</span><span class="pl-en">swap</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-en">j</span> <span class="pl-c1">(</span><span class="pl-en">j</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">)</span>
+                                            <span class="pl-c1">/\</span> <span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">j</span> <span class="pl-c1">(</span><span class="pl-en">j</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">slice</span> <span class="pl-c1">(</span><span class="pl-en">swap</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_swap_permutes_aux</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span>&lt;<span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">j</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">j</span>&lt;<span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">count</span> <span class="pl-en">x</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-en">count</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">swap</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">permutation</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+       <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">i</span><span class="pl-c1">.</span> <span class="pl-en">count</span> <span class="pl-en">i</span> <span class="pl-en">s1</span> <span class="pl-c1">=</span> <span class="pl-en">count</span> <span class="pl-en">i</span> <span class="pl-en">s2</span><span class="pl-c1">)</span>
+<span class="pl-k">val</span> <span class="pl-en">lemma_swap_permutes</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span>&lt;<span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">})</span> <span class="pl-c1">(</span><span class="pl-en">j</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">j</span>&lt;<span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">})</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">permutation</span> <span class="pl-en">a</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-en">swap</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">))</span></pre></div>
+<p>perm_len:
+A lemma that shows that two sequences that are permutations
+of each other also have the same length</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">perm_len</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">permutation</span> <span class="pl-en">a</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+          <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">s1</span> <span class="pl-c1">==</span> <span class="pl-en">length</span> <span class="pl-en">s2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">cons_perm</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">tl</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">s</span> &gt; <span class="pl-c1">0</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+         <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">permutation</span> <span class="pl-en">a</span> <span class="pl-en">tl</span> <span class="pl-c1">(</span><span class="pl-en">tail</span> <span class="pl-en">s</span><span class="pl-c1">)))</span>
+               <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">permutation</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">cons</span> <span class="pl-c1">(</span><span class="pl-en">head</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">tl</span><span class="pl-c1">)</span> <span class="pl-en">s</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_mem_append</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span>
+      <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s1</span> <span class="pl-c1">||</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s2</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_slice_cons</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">j</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">j</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">j</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-c1">||</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">j</span><span class="pl-c1">))))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_slice_snoc</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">j</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">j</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">j</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-en">j</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">||</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-c1">(</span><span class="pl-en">j</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)))))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_ordering_lo_snoc</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">tot_ord</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">j</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">j</span> &lt; <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">pv</span><span class="pl-c1">:</span><span class="pl-en">a</span>
+   <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">((</span><span class="pl-k">forall</span> <span class="pl-en">y</span><span class="pl-c1">.</span> <span class="pl-en">mem</span> <span class="pl-en">y</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">f</span> <span class="pl-en">y</span> <span class="pl-en">pv</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-en">pv</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">((</span><span class="pl-k">forall</span> <span class="pl-en">y</span><span class="pl-c1">.</span> <span class="pl-en">mem</span> <span class="pl-en">y</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-c1">(</span><span class="pl-en">j</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">))</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">f</span> <span class="pl-en">y</span> <span class="pl-en">pv</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_ordering_hi_cons</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">tot_ord</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">back</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">len</span><span class="pl-c1">:nat{</span><span class="pl-en">back</span> &lt; <span class="pl-en">len</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">len</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">pv</span><span class="pl-c1">:</span><span class="pl-en">a</span>
+   <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">((</span><span class="pl-k">forall</span> <span class="pl-en">y</span><span class="pl-c1">.</span> <span class="pl-en">mem</span> <span class="pl-en">y</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-en">back</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">len</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">f</span> <span class="pl-en">pv</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">f</span> <span class="pl-en">pv</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">back</span><span class="pl-c1">)))</span>
+            <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">((</span><span class="pl-k">forall</span> <span class="pl-en">y</span><span class="pl-c1">.</span> <span class="pl-en">mem</span> <span class="pl-en">y</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">back</span> <span class="pl-en">len</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">f</span> <span class="pl-en">pv</span> <span class="pl-en">y</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">swap_frame_lo</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">lo</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">lo</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">i</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">j</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">j</span> &lt; <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span>
+     <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">lo</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-en">slice</span> <span class="pl-c1">(</span><span class="pl-en">swap</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-en">lo</span> <span class="pl-en">i</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">swap_frame_lo'</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">lo</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i'</span><span class="pl-c1">:nat</span> <span class="pl-c1">{</span><span class="pl-en">lo</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">i'</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i'</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">i</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">j</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">j</span> &lt; <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span>
+     <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">lo</span> <span class="pl-en">i'</span> <span class="pl-c1">==</span> <span class="pl-en">slice</span> <span class="pl-c1">(</span><span class="pl-en">swap</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-en">lo</span> <span class="pl-en">i'</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">swap_frame_hi</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">j</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">k</span><span class="pl-c1">:nat{</span><span class="pl-en">j</span> &lt; <span class="pl-en">k</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">hi</span><span class="pl-c1">:nat{</span><span class="pl-en">k</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">hi</span> <span class="pl-c1">/\</span> <span class="pl-en">hi</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span>
+     <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">k</span> <span class="pl-en">hi</span> <span class="pl-c1">==</span> <span class="pl-en">slice</span> <span class="pl-c1">(</span><span class="pl-en">swap</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-en">k</span> <span class="pl-en">hi</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_swap_slice_commute</span>  <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">start</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">start</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">i</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">j</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">len</span><span class="pl-c1">:nat{</span><span class="pl-en">j</span> &lt; <span class="pl-en">len</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">len</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span>
+    <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-c1">(</span><span class="pl-en">swap</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-en">start</span> <span class="pl-en">len</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-en">swap</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">start</span> <span class="pl-en">len</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">-</span> <span class="pl-en">start</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">j</span> <span class="pl-c1">-</span> <span class="pl-en">start</span><span class="pl-c1">))))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_swap_permutes_slice</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">start</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">start</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">i</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">j</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">len</span><span class="pl-c1">:nat{</span><span class="pl-en">j</span> &lt; <span class="pl-en">len</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">len</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span>
+   <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">permutation</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">start</span> <span class="pl-en">len</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-c1">(</span><span class="pl-en">swap</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-en">start</span> <span class="pl-en">len</span><span class="pl-c1">)))</span></pre></div>
+<p>replaces the [i,j) sub-sequence of s1 with the corresponding sub-sequence of s2</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">splice</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">s1</span><span class="pl-c1">=</span><span class="pl-en">length</span> <span class="pl-en">s2</span><span class="pl-c1">})</span> <span class="pl-c1">(</span><span class="pl-en">j</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span> <span class="pl-c1">/\</span> <span class="pl-en">j</span> &lt;<span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">s2</span><span class="pl-c1">)})</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">=</span> <span class="pl-smi">Seq.</span><span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s1</span> <span class="pl-c1">0</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s2</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s1</span> <span class="pl-en">j</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">s1</span><span class="pl-c1">)))</span></pre></div>
+<p>replace with sub</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">replace_subseq</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">Seq.</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">j</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span> <span class="pl-c1">/\</span> <span class="pl-en">j</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">})</span> <span class="pl-c1">(</span><span class="pl-en">sub</span><span class="pl-c1">:</span><span class="pl-smi">Seq.</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">sub</span> <span class="pl-c1">==</span> <span class="pl-en">j</span> <span class="pl-c1">-</span> <span class="pl-en">i</span><span class="pl-c1">})</span> <span class="pl-c1">:</span><span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-smi">Seq.</span><span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-c1">0</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">append</span> <span class="pl-en">sub</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">j</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">splice_refl</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">j</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">j</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">s</span> <span class="pl-c1">==</span> <span class="pl-en">splice</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">s</span> <span class="pl-en">j</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_swap_splice</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">start</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">start</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">i</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">j</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">len</span><span class="pl-c1">:nat{</span><span class="pl-en">j</span> &lt; <span class="pl-en">len</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">len</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span>
+   <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">swap</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">j</span> <span class="pl-c1">==</span> <span class="pl-en">splice</span> <span class="pl-en">s</span> <span class="pl-en">start</span> <span class="pl-c1">(</span><span class="pl-en">swap</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-en">len</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_seq_frame_hi</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">s1</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s2</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">j</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span><span class="pl-c1">:nat{</span><span class="pl-en">j</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">m</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">n</span><span class="pl-c1">:nat{</span><span class="pl-en">m</span> &lt; <span class="pl-en">n</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">n</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s1</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-en">splice</span> <span class="pl-en">s2</span> <span class="pl-en">i</span> <span class="pl-en">s1</span> <span class="pl-en">j</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">((</span><span class="pl-en">slice</span> <span class="pl-en">s1</span> <span class="pl-en">m</span> <span class="pl-en">n</span> <span class="pl-c1">==</span> <span class="pl-en">slice</span> <span class="pl-en">s2</span> <span class="pl-en">m</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s1</span> <span class="pl-en">m</span> <span class="pl-c1">==</span> <span class="pl-en">index</span> <span class="pl-en">s2</span> <span class="pl-en">m</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_seq_frame_lo</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">s1</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s2</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">j</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span><span class="pl-c1">:nat{</span><span class="pl-en">j</span> &lt; <span class="pl-en">m</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">n</span><span class="pl-c1">:nat{</span><span class="pl-en">m</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">n</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">n</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s1</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-en">splice</span> <span class="pl-en">s2</span> <span class="pl-en">m</span> <span class="pl-en">s1</span> <span class="pl-en">n</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">((</span><span class="pl-en">slice</span> <span class="pl-en">s1</span> <span class="pl-en">i</span> <span class="pl-en">j</span> <span class="pl-c1">==</span> <span class="pl-en">slice</span> <span class="pl-en">s2</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s1</span> <span class="pl-en">j</span> <span class="pl-c1">==</span> <span class="pl-en">index</span> <span class="pl-en">s2</span> <span class="pl-en">j</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_tail_slice</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">j</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">j</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">j</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">tail</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">j</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">tail</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_weaken_frame_right</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">s1</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s2</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">j</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">k</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">j</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">k</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">k</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s1</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-c1">==</span> <span class="pl-en">splice</span> <span class="pl-en">s2</span> <span class="pl-en">i</span> <span class="pl-en">s1</span> <span class="pl-en">j</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-c1">==</span> <span class="pl-en">splice</span> <span class="pl-en">s2</span> <span class="pl-en">i</span> <span class="pl-en">s1</span> <span class="pl-en">k</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_weaken_frame_left</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">s1</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s2</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">j</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">k</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">j</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">k</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">k</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s1</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-c1">==</span> <span class="pl-en">splice</span> <span class="pl-en">s2</span> <span class="pl-en">j</span> <span class="pl-en">s1</span> <span class="pl-en">k</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-c1">==</span> <span class="pl-en">splice</span> <span class="pl-en">s2</span> <span class="pl-en">i</span> <span class="pl-en">s1</span> <span class="pl-en">k</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_trans_frame</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s3</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">s1</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s2</span> <span class="pl-c1">/\</span> <span class="pl-en">length</span> <span class="pl-en">s2</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s3</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">j</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">j</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s1</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">((</span><span class="pl-en">s1</span> <span class="pl-c1">==</span> <span class="pl-en">splice</span> <span class="pl-en">s2</span> <span class="pl-en">i</span> <span class="pl-en">s1</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">s2</span> <span class="pl-c1">==</span> <span class="pl-en">splice</span> <span class="pl-en">s3</span> <span class="pl-en">i</span> <span class="pl-en">s2</span> <span class="pl-en">j</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-c1">==</span> <span class="pl-en">splice</span> <span class="pl-en">s3</span> <span class="pl-en">i</span> <span class="pl-en">s1</span> <span class="pl-en">j</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_weaken_perm_left</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">s1</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s2</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">j</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">k</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span> <span class="pl-c1">/\</span> <span class="pl-en">j</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">k</span> <span class="pl-c1">/\</span> <span class="pl-en">k</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s1</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-c1">==</span> <span class="pl-en">splice</span> <span class="pl-en">s2</span> <span class="pl-en">j</span> <span class="pl-en">s1</span> <span class="pl-en">k</span> <span class="pl-c1">/\</span> <span class="pl-en">permutation</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s2</span> <span class="pl-en">j</span> <span class="pl-en">k</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s1</span> <span class="pl-en">j</span> <span class="pl-en">k</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">permutation</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s2</span> <span class="pl-en">i</span> <span class="pl-en">k</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s1</span> <span class="pl-en">i</span> <span class="pl-en">k</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_weaken_perm_right</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">s1</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s2</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">j</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">k</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span> <span class="pl-c1">/\</span> <span class="pl-en">j</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">k</span> <span class="pl-c1">/\</span> <span class="pl-en">k</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s1</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-c1">==</span> <span class="pl-en">splice</span> <span class="pl-en">s2</span> <span class="pl-en">i</span> <span class="pl-en">s1</span> <span class="pl-en">j</span> <span class="pl-c1">/\</span> <span class="pl-en">permutation</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s2</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s1</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">permutation</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s2</span> <span class="pl-en">i</span> <span class="pl-en">k</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s1</span> <span class="pl-en">i</span> <span class="pl-en">k</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_trans_perm</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s3</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">s1</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s2</span> <span class="pl-c1">/\</span> <span class="pl-en">length</span> <span class="pl-en">s2</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s3</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">j</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span>&lt;<span class="pl-c1">=</span><span class="pl-en">j</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">j</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s1</span><span class="pl-c1">}</span>
+ <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">permutation</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s1</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s2</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span>
+             <span class="pl-c1">/\</span> <span class="pl-en">permutation</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s2</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s3</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">permutation</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s1</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s3</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)))</span></pre></div>
+<p>New addtions, please review</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">snoc</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-smi">Seq.</span><span class="pl-en">append</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">create</span> <span class="pl-c1">1</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_cons_snoc</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">hd</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">Seq.</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">tl</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+          <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-en">cons</span> <span class="pl-en">hd</span> <span class="pl-c1">(</span><span class="pl-en">snoc</span> <span class="pl-en">s</span> <span class="pl-en">tl</span><span class="pl-c1">))</span>
+                              <span class="pl-c1">(</span><span class="pl-en">snoc</span> <span class="pl-c1">(</span><span class="pl-en">cons</span> <span class="pl-en">hd</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">tl</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_tail_snoc</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">Seq.</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s</span> &gt; <span class="pl-c1">0</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span>
+                     <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">tail</span> <span class="pl-c1">(</span><span class="pl-en">snoc</span> <span class="pl-en">s</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">snoc</span> <span class="pl-c1">(</span><span class="pl-en">tail</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_snoc_inj</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v1</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v2</span><span class="pl-c1">:</span><span class="pl-en">a</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-en">snoc</span> <span class="pl-en">s1</span> <span class="pl-en">v1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">snoc</span> <span class="pl-en">s2</span> <span class="pl-en">v2</span><span class="pl-c1">)))</span>
+          <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">v1</span> <span class="pl-c1">==</span> <span class="pl-en">v2</span> <span class="pl-c1">/\</span> <span class="pl-en">equal</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_mem_snoc</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">Seq.</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+   <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">y</span><span class="pl-c1">.</span> <span class="pl-en">mem</span> <span class="pl-en">y</span> <span class="pl-c1">(</span><span class="pl-en">snoc</span> <span class="pl-en">s</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">mem</span> <span class="pl-en">y</span> <span class="pl-en">s</span> <span class="pl-c1">\/</span> <span class="pl-en">x</span><span class="pl-c1">=</span><span class="pl-en">y</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">find_l</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">o</span><span class="pl-c1">:</span><span class="pl-en">option</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-c1">Some</span><span class="pl-c1">?</span> <span class="pl-en">o</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-c1">Some</span><span class="pl-c1">?.</span><span class="pl-en">v</span> <span class="pl-en">o</span><span class="pl-c1">)})</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+<span class="pl-c1">=</span> <span class="pl-k">if</span> <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-c1">None</span>
+  <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">head</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-k">then</span> <span class="pl-c1">Some</span> <span class="pl-c1">(</span><span class="pl-en">head</span> <span class="pl-en">l</span><span class="pl-c1">)</span>
+  <span class="pl-k">else</span> <span class="pl-en">find_l</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">tail</span> <span class="pl-en">l</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">ghost_find_l</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">bool)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">o</span><span class="pl-c1">:</span><span class="pl-en">option</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-c1">Some</span><span class="pl-c1">?</span> <span class="pl-en">o</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-c1">Some</span><span class="pl-c1">?.</span><span class="pl-en">v</span> <span class="pl-en">o</span><span class="pl-c1">)})</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+<span class="pl-c1">=</span> <span class="pl-k">if</span> <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-c1">None</span>
+  <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">head</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-k">then</span> <span class="pl-c1">Some</span> <span class="pl-c1">(</span><span class="pl-en">head</span> <span class="pl-en">l</span><span class="pl-c1">)</span>
+  <span class="pl-k">else</span> <span class="pl-en">ghost_find_l</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">tail</span> <span class="pl-en">l</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">find_append_some</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">Some</span><span class="pl-c1">?</span> <span class="pl-c1">(</span><span class="pl-en">find_l</span> <span class="pl-en">f</span> <span class="pl-en">s1</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">find_l</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">find_l</span> <span class="pl-en">f</span> <span class="pl-en">s1</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">find_append_none</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">None</span><span class="pl-c1">?</span> <span class="pl-c1">(</span><span class="pl-en">find_l</span> <span class="pl-en">f</span> <span class="pl-en">s1</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">find_l</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">find_l</span> <span class="pl-en">f</span> <span class="pl-en">s2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">find_append_none_s2</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">None</span><span class="pl-c1">?</span> <span class="pl-c1">(</span><span class="pl-en">find_l</span> <span class="pl-en">f</span> <span class="pl-en">s2</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">find_l</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">find_l</span> <span class="pl-en">f</span> <span class="pl-en">s1</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">find_snoc</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">Seq.</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool)</span>
+               <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-en">res</span> <span class="pl-c1">=</span> <span class="pl-en">find_l</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">snoc</span> <span class="pl-en">s</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+                                 <span class="pl-k">match</span> <span class="pl-en">res</span> <span class="pl-k">with</span>
+                                 <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">find_l</span> <span class="pl-en">f</span> <span class="pl-en">s</span> <span class="pl-c1">==</span> <span class="pl-c1">None</span> <span class="pl-c1">/\</span> <span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+                                 <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">res</span> <span class="pl-c1">==</span> <span class="pl-en">find_l</span> <span class="pl-en">f</span> <span class="pl-en">s</span> <span class="pl-c1">\/</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-c1">/\</span> <span class="pl-en">x</span><span class="pl-c1">==</span><span class="pl-en">y</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">un_snoc</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">s</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:(</span><span class="pl-en">seq</span> <span class="pl-en">a</span> * <span class="pl-en">a</span><span class="pl-c1">){</span><span class="pl-en">s</span> <span class="pl-c1">==</span> <span class="pl-en">snoc</span> <span class="pl-c1">(</span><span class="pl-en">fst</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">snd</span> <span class="pl-en">r</span><span class="pl-c1">)})</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">s'</span><span class="pl-c1">,</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">split</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+  <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-en">snoc</span> <span class="pl-en">s'</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-en">a</span> <span class="pl-c1">0</span><span class="pl-c1">))</span> <span class="pl-en">s</span><span class="pl-c1">);</span>
+  <span class="pl-en">s'</span><span class="pl-c1">,</span> <span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-en">a</span> <span class="pl-c1">0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">un_snoc_snoc</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">un_snoc</span> <span class="pl-c1">(</span><span class="pl-en">snoc</span> <span class="pl-en">s</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">,</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">find_r</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">o</span><span class="pl-c1">:</span><span class="pl-en">option</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-c1">Some</span><span class="pl-c1">?</span> <span class="pl-en">o</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-c1">Some</span><span class="pl-c1">?.</span><span class="pl-en">v</span> <span class="pl-en">o</span><span class="pl-c1">)})</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+<span class="pl-c1">=</span> <span class="pl-k">if</span> <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-c1">None</span>
+  <span class="pl-k">else</span> <span class="pl-k">let</span> <span class="pl-en">prefix</span><span class="pl-c1">,</span> <span class="pl-en">last</span> <span class="pl-c1">=</span> <span class="pl-en">un_snoc</span> <span class="pl-en">l</span> <span class="pl-k">in</span>
+       <span class="pl-k">if</span> <span class="pl-en">f</span> <span class="pl-en">last</span> <span class="pl-k">then</span> <span class="pl-c1">Some</span> <span class="pl-en">last</span>
+       <span class="pl-k">else</span> <span class="pl-en">find_r</span> <span class="pl-en">f</span> <span class="pl-en">prefix</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">found</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat)</span> <span class="pl-c1">=</span> <span class="pl-c1">True</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">seq_find_aux</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ctr</span><span class="pl-c1">:nat{</span><span class="pl-en">ctr</span> &lt;<span class="pl-c1">=</span> <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">})</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">option</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat{</span> <span class="pl-en">i</span> &lt; <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">/\</span> <span class="pl-en">i</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">ctr</span><span class="pl-c1">}).</span>
+               <span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-en">l</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">function</span>
+            <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">}).</span>  <span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-en">l</span> <span class="pl-en">i</span><span class="pl-c1">))</span>
+            <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-c1">/\</span>  <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">}).</span> <span class="pl-c1">{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">found</span> <span class="pl-en">i</span><span class="pl-c1">)}</span>
+                                 <span class="pl-en">found</span> <span class="pl-en">i</span> <span class="pl-c1">/\</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-en">l</span> <span class="pl-en">i</span><span class="pl-c1">)))</span>
+<span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">ctr</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">None</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">let</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">ctr</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span> <span class="pl-k">in</span>
+  <span class="pl-k">if</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-en">l</span> <span class="pl-en">i</span><span class="pl-c1">)</span>
+  <span class="pl-k">then</span> <span class="pl-c1">(</span>
+     <span class="pl-en">cut</span> <span class="pl-c1">(</span><span class="pl-en">found</span> <span class="pl-en">i</span><span class="pl-c1">);</span>
+     <span class="pl-c1">Some</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-en">l</span> <span class="pl-en">i</span><span class="pl-c1">))</span>
+  <span class="pl-k">else</span> <span class="pl-en">seq_find_aux</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-en">i</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">seq_find</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">option</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">function</span>
+            <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">}).</span> <span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-en">l</span> <span class="pl-en">i</span><span class="pl-c1">))</span>
+            <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">}).{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">found</span> <span class="pl-en">i</span><span class="pl-c1">)}</span>
+                                 <span class="pl-en">found</span> <span class="pl-en">i</span> <span class="pl-c1">/\</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-en">l</span> <span class="pl-en">i</span><span class="pl-c1">)))</span>
+<span class="pl-c1">=</span> <span class="pl-en">seq_find_aux</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">find_mem</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">})</span>
+   <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+           <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-c1">Some</span><span class="pl-c1">?</span> <span class="pl-c1">(</span><span class="pl-en">seq_find</span> <span class="pl-en">f</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-c1">Some</span><span class="pl-c1">?.</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">seq_find</span> <span class="pl-en">f</span> <span class="pl-en">s</span><span class="pl-c1">))))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">for_all</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool))</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">bool</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">==</span> <span class="pl-c1">true</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-c1">nat</span> <span class="pl-c1">{</span><span class="pl-en">i</span> &lt; <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">}</span> <span class="pl-c1">)</span> <span class="pl-c1">.</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">l</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">true</span><span class="pl-c1">))))</span>
+<span class="pl-c1">=</span> <span class="pl-c1">None</span><span class="pl-c1">?</span> <span class="pl-c1">(</span><span class="pl-en">seq_find</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">i</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">i</span><span class="pl-c1">))</span> <span class="pl-en">l</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">seq_mem_k</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">n</span><span class="pl-c1">:nat{</span><span class="pl-en">n</span> &lt; <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+          <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+          <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-en">s</span><span class="pl-c1">)]</span></pre></div>
+<ul>
+<li>Aliases module <a href="FStar.List.Tot.html"> FStar.List.Tot</a> as <code>L </code>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">seq_to_list</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-smi">L.</span><span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">})</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+<span class="pl-c1">=</span> <span class="pl-k">if</span> <span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-c1">[]</span>
+  <span class="pl-k">else</span> <span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-c1">0</span><span class="pl-c1">::</span><span class="pl-en">seq_to_list</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-c1">1</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-s"><span class="pl-pds">"</span>opaque_to_smt<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">seq_of_list</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-smi">L.</span><span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">})</span>  <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">Seq.</span><span class="pl-en">empty</span> <span class="pl-c1">#</span><span class="pl-en">a</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">create</span> <span class="pl-c1">1</span> <span class="pl-en">hd</span> @<span class="pl-c1">|</span> <span class="pl-en">seq_of_list</span> <span class="pl-en">tl</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_seq_of_list_induction</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-en">seq_of_list</span> <span class="pl-en">l</span> <span class="pl-k">in</span>
+                   <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+                   <span class="pl-c1">|</span> <span class="pl-c1">[]</span>    <span class="pl-c1">-&gt;</span> <span class="pl-smi">Seq.</span><span class="pl-en">equal</span> <span class="pl-en">s</span> <span class="pl-en">empty</span>
+                   <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span> <span class="pl-c1">==</span> <span class="pl-en">cons</span> <span class="pl-en">hd</span> <span class="pl-c1">(</span><span class="pl-en">seq_of_list</span> <span class="pl-en">tl</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+                     <span class="pl-en">head</span> <span class="pl-en">s</span> <span class="pl-c1">==</span> <span class="pl-en">hd</span> <span class="pl-c1">/\</span> <span class="pl-en">tail</span> <span class="pl-en">s</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-en">seq_of_list</span> <span class="pl-en">tl</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_seq_list_bij</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">True</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">seq_of_list</span> <span class="pl-c1">(</span><span class="pl-en">seq_to_list</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">s</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_list_seq_bij</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">True</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">seq_to_list</span> <span class="pl-c1">(</span><span class="pl-en">seq_of_list</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">l</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">createL_post</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">Type0</span> <span class="pl-c1">=</span>
+  <span class="pl-en">normalize</span> <span class="pl-c1">(</span><span class="pl-smi">L.</span><span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">seq_to_list</span> <span class="pl-en">s</span> <span class="pl-c1">==</span> <span class="pl-en">l</span> <span class="pl-c1">/\</span> <span class="pl-en">seq_of_list</span> <span class="pl-en">l</span> <span class="pl-c1">==</span> <span class="pl-en">s</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">createL</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">s</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">createL_post</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">l</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+<span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-en">seq_of_list</span> <span class="pl-en">l</span> <span class="pl-k">in</span>
+  <span class="pl-en">lemma_list_seq_bij</span> <span class="pl-en">l</span><span class="pl-c1">;</span>
+  <span class="pl-en">s</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_index_is_nth</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-smi">L.</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">seq_to_list</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">i</span><span class="pl-c1">))</span></pre></div>
+<p>//////////////////////////////////////////////////////////////////////////////
+s <code>contains</code> x : Type0
+An undecidable version of <code>mem</code>,
+for when the sequence payload is not an eqtype
+//////////////////////////////////////////////////////////////////////////////</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@ <span class="pl-en">remove_unused_type_parameters</span> <span class="pl-c1">[</span><span class="pl-c1">0</span><span class="pl-c1">;</span> <span class="pl-c1">1</span><span class="pl-c1">;</span> <span class="pl-c1">2</span><span class="pl-c1">]]</span>
+<span class="pl-k">val</span> <span class="pl-en">contains</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">contains_intro</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">k</span> &lt; <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">/\</span> <span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">k</span> <span class="pl-c1">==</span> <span class="pl-en">x</span>
+            <span class="pl-c1">==&gt;</span>
+           <span class="pl-en">s</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">contains_elim</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">s</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">x</span>
+            <span class="pl-c1">==&gt;</span>
+          <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:nat).</span> <span class="pl-en">k</span> &lt; <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">/\</span> <span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">k</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_contains_empty</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-c1">~</span> <span class="pl-c1">(</span><span class="pl-en">contains</span> <span class="pl-smi">Seq.</span><span class="pl-en">empty</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_contains_singleton</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-en">contains</span> <span class="pl-c1">(</span><span class="pl-en">create</span> <span class="pl-c1">1</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-en">y</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">append_contains_equiv</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">x</span>
+            <span class="pl-c1">&lt;==&gt;</span>
+           <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">x</span> <span class="pl-c1">\/</span> <span class="pl-en">s2</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">contains_snoc</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">Seq.</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+   <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">y</span><span class="pl-c1">.</span> <span class="pl-c1">(</span><span class="pl-en">snoc</span> <span class="pl-en">s</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">y</span>  <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">s</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">y</span> <span class="pl-c1">\/</span> <span class="pl-en">x</span><span class="pl-c1">==</span><span class="pl-en">y</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_find_l_contains</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">Some</span><span class="pl-c1">?</span> <span class="pl-c1">(</span><span class="pl-en">find_l</span> <span class="pl-en">f</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">l</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-c1">Some</span><span class="pl-c1">?.</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">find_l</span> <span class="pl-en">f</span> <span class="pl-en">l</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">contains_cons</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">hd</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">tl</span><span class="pl-c1">:</span><span class="pl-smi">Seq.</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">cons</span> <span class="pl-en">hd</span> <span class="pl-en">tl</span><span class="pl-c1">)</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">x</span>
+           <span class="pl-c1">&lt;==&gt;</span>
+           <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">==</span><span class="pl-en">hd</span> <span class="pl-c1">\/</span> <span class="pl-en">tl</span> <span class="pl-c1">`</span><span class="pl-en">contains</span><span class="pl-c1">`</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">append_cons_snoc</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">u</span><span class="pl-c1">:</span> <span class="pl-smi">Seq.</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-smi">Seq.</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">append</span> <span class="pl-en">u</span> <span class="pl-c1">(</span><span class="pl-en">cons</span> <span class="pl-en">x</span> <span class="pl-en">v</span><span class="pl-c1">))</span>
+                       <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">snoc</span> <span class="pl-en">u</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-en">v</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">append_slices</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-smi">Seq.</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-smi">Seq.</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+   <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span> <span class="pl-smi">Seq.</span><span class="pl-en">equal</span> <span class="pl-en">s1</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">slice</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">0</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s1</span><span class="pl-c1">))</span> <span class="pl-c1">/\</span>
+             <span class="pl-smi">Seq.</span><span class="pl-en">equal</span> <span class="pl-en">s2</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">slice</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s1</span> <span class="pl-c1">+</span> <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s2</span><span class="pl-c1">))</span> <span class="pl-c1">/\</span>
+             <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">j</span><span class="pl-c1">:nat).</span>
+                <span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span> <span class="pl-c1">/\</span> <span class="pl-en">j</span> &lt;<span class="pl-c1">=</span> <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s2</span> <span class="pl-c1">==&gt;</span>
+                <span class="pl-smi">Seq.</span><span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">slice</span> <span class="pl-en">s2</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span>
+                          <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">slice</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s1</span> <span class="pl-c1">+</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s1</span> <span class="pl-c1">+</span> <span class="pl-en">j</span><span class="pl-c1">))))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">find_l_none_no_index</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">Seq.</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool))</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">None</span><span class="pl-c1">?</span> <span class="pl-c1">(</span><span class="pl-en">find_l</span> <span class="pl-en">f</span> <span class="pl-en">s</span><span class="pl-c1">)))</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}).</span> <span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">i</span><span class="pl-c1">))))</span>
+        <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">))</span></pre></div>
+<p>More properties, with new naming conventions</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">suffix_of</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s_suff</span> <span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">=</span> <span class="pl-k">exists</span> <span class="pl-en">s_pref</span> <span class="pl-c1">.</span> <span class="pl-c1">(</span><span class="pl-en">s</span> <span class="pl-c1">==</span> <span class="pl-en">append</span> <span class="pl-en">s_pref</span> <span class="pl-en">s_suff</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">cons_head_tail</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">s</span> &gt; <span class="pl-c1">0</span><span class="pl-c1">})</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">s</span> <span class="pl-c1">==</span> <span class="pl-en">cons</span> <span class="pl-c1">(</span><span class="pl-en">head</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">tail</span> <span class="pl-en">s</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">cons</span> <span class="pl-c1">(</span><span class="pl-en">head</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">tail</span> <span class="pl-en">s</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">head_cons</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">head</span> <span class="pl-c1">(</span><span class="pl-en">cons</span> <span class="pl-en">x</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">suffix_of_tail</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">s</span> &gt; <span class="pl-c1">0</span><span class="pl-c1">})</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">((</span><span class="pl-en">tail</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">`</span><span class="pl-en">suffix_of</span><span class="pl-c1">`</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">((</span><span class="pl-en">tail</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">`</span><span class="pl-en">suffix_of</span><span class="pl-c1">`</span> <span class="pl-en">s</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">index_cons_l</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">cons</span> <span class="pl-en">c</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">0</span> <span class="pl-c1">==</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">index_cons_r</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-c1">nat</span> <span class="pl-c1">{</span><span class="pl-c1">1</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">i</span> <span class="pl-c1">/\</span> <span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">})</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">cons</span> <span class="pl-en">c</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">append_cons</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">cons</span> <span class="pl-en">c</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-en">s2</span> <span class="pl-c1">==</span> <span class="pl-en">cons</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">index_tail</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">s</span> &gt; <span class="pl-c1">0</span><span class="pl-c1">})</span>
+  <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-c1">nat</span> <span class="pl-c1">{</span><span class="pl-en">i</span> &lt; <span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">}</span> <span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">tail</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mem_cons</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">y</span><span class="pl-c1">.</span> <span class="pl-en">mem</span> <span class="pl-en">y</span> <span class="pl-c1">(</span><span class="pl-en">cons</span> <span class="pl-en">x</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">mem</span> <span class="pl-en">y</span> <span class="pl-en">s</span> <span class="pl-c1">\/</span> <span class="pl-en">x</span><span class="pl-c1">=</span><span class="pl-en">y</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">snoc_slice_index</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span>
+  <span class="pl-c1">(</span><span class="pl-en">j</span><span class="pl-c1">:</span> <span class="pl-c1">nat</span> <span class="pl-c1">{</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span> <span class="pl-c1">/\</span> <span class="pl-en">j</span> &lt; <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">snoc</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-c1">(</span><span class="pl-en">j</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">snoc</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">j</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">cons_index_slice</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span>
+  <span class="pl-c1">(</span><span class="pl-en">j</span><span class="pl-c1">:</span> <span class="pl-c1">nat</span> <span class="pl-c1">{</span><span class="pl-en">i</span> &lt; <span class="pl-en">j</span> <span class="pl-c1">/\</span> <span class="pl-en">j</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:nat{</span><span class="pl-en">k</span> <span class="pl-c1">==</span> <span class="pl-en">i</span><span class="pl-c1">+</span><span class="pl-c1">1</span><span class="pl-c1">})</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">cons</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">k</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">cons</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">k</span> <span class="pl-en">j</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">slice_is_empty</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-c1">nat</span> <span class="pl-c1">{</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">})</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-smi">Seq.</span><span class="pl-en">empty</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">slice_length</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-c1">0</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-c1">0</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">slice_slice</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">i1</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span>
+  <span class="pl-c1">(</span><span class="pl-en">j1</span><span class="pl-c1">:</span> <span class="pl-c1">nat</span> <span class="pl-c1">{</span><span class="pl-en">i1</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j1</span> <span class="pl-c1">/\</span> <span class="pl-en">j1</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">i2</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span>
+  <span class="pl-c1">(</span><span class="pl-en">j2</span><span class="pl-c1">:</span> <span class="pl-c1">nat</span> <span class="pl-c1">{</span><span class="pl-en">i2</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j2</span> <span class="pl-c1">/\</span> <span class="pl-en">j2</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j1</span> <span class="pl-c1">-</span> <span class="pl-en">i1</span><span class="pl-c1">}</span> <span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">i1</span> <span class="pl-en">j1</span><span class="pl-c1">)</span> <span class="pl-en">i2</span> <span class="pl-en">j2</span> <span class="pl-c1">==</span> <span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-en">i1</span> <span class="pl-c1">+</span> <span class="pl-en">i2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i1</span> <span class="pl-c1">+</span> <span class="pl-en">j2</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">i1</span> <span class="pl-en">j1</span><span class="pl-c1">)</span> <span class="pl-en">i2</span> <span class="pl-en">j2</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_seq_of_list_index</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-smi">List.Tot.</span><span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">})</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">seq_of_list</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-smi">List.Tot.</span><span class="pl-en">index</span> <span class="pl-en">l</span> <span class="pl-en">i</span><span class="pl-c1">))</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">seq_of_list</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>seq_of_list<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">let</span> <span class="pl-en">of_list</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">seq_of_list</span> <span class="pl-en">l</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">seq_of_list_tl</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span> <span class="pl-c1">{</span> <span class="pl-smi">List.Tot.</span><span class="pl-en">length</span> <span class="pl-en">l</span> &gt; <span class="pl-c1">0</span> <span class="pl-c1">}</span> <span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">seq_of_list</span> <span class="pl-c1">(</span><span class="pl-smi">List.Tot.</span><span class="pl-en">tl</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">tail</span> <span class="pl-c1">(</span><span class="pl-en">seq_of_list</span> <span class="pl-en">l</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mem_seq_of_list</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">seq_of_list</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-smi">List.Tot.</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">seq_of_list</span> <span class="pl-en">l</span><span class="pl-c1">))]</span></pre></div>
+<p>Dealing efficiently with <code>seq_of_list</code> by meta-evaluating conjunctions over
+an entire list.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">explode_and</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span> <span class="pl-c1">nat)</span>
+  <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">{</span> <span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">})</span>
+  <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span> <span class="pl-c1">{</span> <span class="pl-smi">List.Tot.</span><span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">+</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">}):</span>
+  <span class="pl-c1">Tot</span> <span class="pl-c1">Type</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-smi">List.Tot.</span><span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+<span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span> <span class="pl-c1">::</span> <span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-en">hd</span> <span class="pl-c1">/\</span> <span class="pl-en">explode_and</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">s</span> <span class="pl-en">tl</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">pointwise_and</span> <span class="pl-en">s</span> <span class="pl-en">l</span> <span class="pl-c1">=</span>
+  <span class="pl-en">norm</span> <span class="pl-c1">[</span> <span class="pl-en">iota</span><span class="pl-c1">;</span> <span class="pl-en">zeta</span><span class="pl-c1">;</span> <span class="pl-en">primops</span><span class="pl-c1">;</span> <span class="pl-en">delta_only</span> <span class="pl-c1">[</span> <span class="pl-c1">`</span>%<span class="pl-c1">(</span><span class="pl-en">explode_and</span><span class="pl-c1">)</span> <span class="pl-c1">]</span> <span class="pl-c1">]</span> <span class="pl-c1">(</span><span class="pl-en">explode_and</span> <span class="pl-c1">0</span> <span class="pl-en">s</span> <span class="pl-en">l</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">intro_of_list'</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span>
+      <span class="pl-smi">List.Tot.</span><span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">+</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">/\</span>
+      <span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">/\</span>
+      <span class="pl-en">explode_and</span> <span class="pl-en">i</span> <span class="pl-en">s</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span>
+      <span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-en">seq_of_list</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">))))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">intro_of_list</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span> <span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">):</span>
+  <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span>
+      <span class="pl-smi">List.Tot.</span><span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">/\</span>
+      <span class="pl-en">pointwise_and</span> <span class="pl-en">s</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span>
+      <span class="pl-en">s</span> <span class="pl-c1">==</span> <span class="pl-en">seq_of_list</span> <span class="pl-en">l</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">elim_of_list'</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span>
+      <span class="pl-smi">List.Tot.</span><span class="pl-en">length</span> <span class="pl-en">l</span> <span class="pl-c1">+</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">/\</span>
+      <span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">/\</span>
+      <span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">seq_of_list</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span>
+      <span class="pl-en">explode_and</span> <span class="pl-en">i</span> <span class="pl-en">s</span> <span class="pl-en">l</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">elim_of_list</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">):</span>
+  <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span>
+      <span class="pl-k">let</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-en">seq_of_list</span> <span class="pl-en">l</span> <span class="pl-k">in</span>
+      <span class="pl-en">pointwise_and</span> <span class="pl-en">s</span> <span class="pl-en">l</span><span class="pl-c1">))</span></pre></div>
+<p>***** sortWith *****</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">sortWith</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">int)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span><span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-en">seq_of_list</span> <span class="pl-c1">(</span><span class="pl-smi">List.Tot.Base.</span><span class="pl-en">sortWith</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">seq_to_list</span> <span class="pl-en">s</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_seq_to_list_permutation</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">count</span> <span class="pl-en">x</span> <span class="pl-en">s</span> <span class="pl-c1">==</span> <span class="pl-smi">List.Tot.Base.</span><span class="pl-en">count</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">seq_to_list</span> <span class="pl-en">s</span><span class="pl-c1">)))</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_seq_of_list_permutation</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-smi">List.Tot.Base.</span><span class="pl-en">count</span> <span class="pl-en">x</span> <span class="pl-en">l</span> <span class="pl-c1">==</span> <span class="pl-en">count</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">seq_of_list</span> <span class="pl-en">l</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_seq_of_list_sorted</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">List.Tot.Properties.</span><span class="pl-en">sorted</span> <span class="pl-en">f</span> <span class="pl-en">l</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">sorted</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">seq_of_list</span> <span class="pl-en">l</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_seq_sortwith_correctness</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">int)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">total_order</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-smi">List.Tot.Base.</span><span class="pl-en">bool_of_compare</span> <span class="pl-en">f</span><span class="pl-c1">)))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-en">s'</span> <span class="pl-c1">=</span> <span class="pl-en">sortWith</span> <span class="pl-en">f</span> <span class="pl-en">s</span> <span class="pl-k">in</span> <span class="pl-en">sorted</span> <span class="pl-c1">(</span><span class="pl-smi">List.Tot.Base.</span><span class="pl-en">bool_of_compare</span> <span class="pl-en">f</span><span class="pl-c1">)</span> <span class="pl-en">s'</span> <span class="pl-c1">/\</span> <span class="pl-en">permutation</span> <span class="pl-en">a</span> <span class="pl-en">s</span> <span class="pl-en">s'</span><span class="pl-c1">))</span></pre></div>
+<p>sort_lseq:
+A wrapper of Seq.sortWith which proves that the output sequences
+is a sorted permutation of the input sequence with the same length</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">sort_lseq</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">tot_ord</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">lseq</span> <span class="pl-en">a</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-en">s'</span><span class="pl-c1">:</span><span class="pl-en">lseq</span> <span class="pl-en">a</span> <span class="pl-en">n</span><span class="pl-c1">{</span><span class="pl-en">sorted</span> <span class="pl-en">f</span> <span class="pl-en">s'</span> <span class="pl-c1">/\</span> <span class="pl-en">permutation</span> <span class="pl-en">a</span> <span class="pl-en">s</span> <span class="pl-en">s'</span><span class="pl-c1">}</span> <span class="pl-c1">=</span>
+  <span class="pl-en">lemma_seq_sortwith_correctness</span> <span class="pl-c1">(</span><span class="pl-smi">L.</span><span class="pl-en">compare_of_bool</span> <span class="pl-en">f</span><span class="pl-c1">)</span> <span class="pl-en">s</span><span class="pl-c1">;</span>
+  <span class="pl-k">let</span> <span class="pl-en">s'</span> <span class="pl-c1">=</span> <span class="pl-en">sortWith</span> <span class="pl-c1">(</span><span class="pl-smi">L.</span><span class="pl-en">compare_of_bool</span> <span class="pl-en">f</span><span class="pl-c1">)</span> <span class="pl-en">s</span> <span class="pl-k">in</span>
+  <span class="pl-en">perm_len</span> <span class="pl-en">s</span> <span class="pl-en">s'</span><span class="pl-c1">;</span>
+  <span class="pl-en">sorted_feq</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-smi">L.</span><span class="pl-en">bool_of_compare</span> <span class="pl-c1">(</span><span class="pl-smi">L.</span><span class="pl-en">compare_of_bool</span> <span class="pl-en">f</span><span class="pl-c1">))</span> <span class="pl-en">s'</span><span class="pl-c1">;</span>
+  <span class="pl-en">s'</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">foldr</span> <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">init</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-k">if</span> <span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-en">init</span>
+    <span class="pl-k">else</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">head</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">foldr</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">tail</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">init</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">foldr_snoc</span> <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">init</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-k">if</span> <span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-en">init</span>
+    <span class="pl-k">else</span> <span class="pl-k">let</span> <span class="pl-en">s</span><span class="pl-c1">,</span> <span class="pl-en">last</span> <span class="pl-c1">=</span> <span class="pl-en">un_snoc</span> <span class="pl-en">s</span> <span class="pl-k">in</span>
+         <span class="pl-en">f</span> <span class="pl-en">last</span> <span class="pl-c1">(</span><span class="pl-en">foldr_snoc</span> <span class="pl-en">f</span> <span class="pl-en">s</span> <span class="pl-en">init</span><span class="pl-c1">)</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Seq.Sorted.html b/docs/FStar.Seq.Sorted.html
index 6fd2658..505237c 100644
--- a/docs/FStar.Seq.Sorted.html
+++ b/docs/FStar.Seq.Sorted.html
@@ -1,16 +1,117 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Seq.Sorted</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.seq.sorted">module FStar.Seq.Sorted</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarseqsorted" class="anchor" href="#fstarseqsorted" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Seq.Sorted</h1>
+<ul>
+<li>Opens module <a href="FStar.Seq.html">FStar.Seq</a>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">sorted_pred</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">tot_ord</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Type0</span> <span class="pl-c1">=</span>
+  <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:nat{</span><span class="pl-en">k</span>&lt;<span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">})).</span> <span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">j</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sorted_pred_tail</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">tot_ord</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">s</span> &gt; <span class="pl-c1">0</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">sorted_pred</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">s</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">sorted_pred</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">tail</span> <span class="pl-en">s</span><span class="pl-c1">)))</span>
+<span class="pl-k">let</span> <span class="pl-en">sorted_pred_tail</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sorted_pred_sorted_lemma</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">tot_ord</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">sorted_pred</span> <span class="pl-en">f</span> <span class="pl-en">s</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">sorted</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">s</span> <span class="pl-c1">==</span> <span class="pl-c1">true</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">sorted_pred_sorted_lemma</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">s</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">length</span> <span class="pl-en">s</span> &lt;<span class="pl-c1">=</span> <span class="pl-c1">1</span> <span class="pl-k">then</span> <span class="pl-c1">()</span>
+  <span class="pl-k">else</span> <span class="pl-k">begin</span>
+    <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-c1">0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-c1">1</span><span class="pl-c1">))</span> <span class="pl-c1">;</span>
+    <span class="pl-en">sorted_pred_tail</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">s</span><span class="pl-c1">;</span>
+    <span class="pl-en">sorted_pred_sorted_lemma</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">tail</span> <span class="pl-en">s</span><span class="pl-c1">)</span>
+  <span class="pl-k">end</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">intro_sorted_pred</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">tot_ord</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">($</span><span class="pl-en">g</span><span class="pl-c1">:(</span><span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">j</span><span class="pl-c1">:nat{</span><span class="pl-en">j</span> &lt; <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">j</span><span class="pl-c1">)))))</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">sorted_pred</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">s</span><span class="pl-c1">)</span>
+<span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-en">aux</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-en">j</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:nat{</span><span class="pl-en">k</span> &lt; <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}))</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span><span class="pl-c1">))</span> <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">j</span><span class="pl-c1">)))</span> <span class="pl-c1">=</span>
+    <span class="pl-smi">FStar.Squash.</span><span class="pl-en">give_proof</span> <span class="pl-en">p</span> <span class="pl-c1">;</span>
+    <span class="pl-en">g</span> <span class="pl-en">i</span> <span class="pl-en">j</span> <span class="pl-c1">;</span>
+    <span class="pl-smi">FStar.Squash.</span><span class="pl-en">get_proof</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">j</span><span class="pl-c1">))</span>
+  <span class="pl-k">in</span>
+  <span class="pl-smi">FStar.Classical.</span><span class="pl-en">forall_intro_2</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">:(</span><span class="pl-en">k</span><span class="pl-c1">:nat{</span><span class="pl-en">k</span> &lt; <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}))</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-smi">FStar.Classical.</span><span class="pl-en">give_witness</span> <span class="pl-c1">(</span><span class="pl-smi">FStar.Classical.</span><span class="pl-en">arrow_to_impl</span> <span class="pl-c1">(</span><span class="pl-en">aux</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">))</span> <span class="pl-c1">&lt;:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">j</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sorted_pred_cons_lemma</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">tot_ord</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">s</span> &gt; <span class="pl-c1">1</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-c1">0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">sorted_pred</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">tail</span> <span class="pl-en">s</span><span class="pl-c1">)))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">sorted_pred</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">sorted_pred_cons_lemma</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">s</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">aux</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-en">j</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:nat{</span><span class="pl-en">k</span> &lt; <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}))</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">j</span><span class="pl-c1">)))</span> <span class="pl-c1">=</span>
+    <span class="pl-k">if</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span>
+      <span class="pl-k">if</span> <span class="pl-en">j</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-c1">()</span>
+      <span class="pl-k">else</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-c1">0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">tail</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">0</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">tail</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">tail</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">j</span><span class="pl-c1">-</span><span class="pl-c1">1</span><span class="pl-c1">)))</span>
+    <span class="pl-k">else</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">tail</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">tail</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">j</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)))</span>
+  <span class="pl-k">in</span>
+  <span class="pl-en">intro_sorted_pred</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">s</span> <span class="pl-en">aux</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sorted_sorted_pred_lemma</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">tot_ord</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">sorted</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">s</span> <span class="pl-c1">==</span> <span class="pl-c1">true</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">sorted_pred</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">s</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">sorted_sorted_pred_lemma</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">s</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-c1">()</span>
+  <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-c1">1</span> <span class="pl-k">then</span> <span class="pl-c1">()</span>
+  <span class="pl-k">else</span> <span class="pl-c1">(</span><span class="pl-en">sorted_sorted_pred_lemma</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">tail</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">;</span> <span class="pl-en">sorted_pred_cons_lemma</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">s</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sorted_pred_slice_lemma</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">tot_ord</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">j</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span> <span class="pl-c1">/\</span> <span class="pl-en">j</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">sorted_pred</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">s</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">sorted_pred</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)))</span>
+<span class="pl-k">let</span> <span class="pl-en">sorted_pred_slice_lemma</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">j</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sorted_slice_lemma</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">tot_ord</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">j</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span> <span class="pl-c1">/\</span> <span class="pl-en">j</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">sorted</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">s</span> <span class="pl-c1">==</span> <span class="pl-c1">true</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">sorted</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">true</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">sorted_slice_lemma</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">j</span> <span class="pl-c1">=</span>
+  <span class="pl-en">sorted_sorted_pred_lemma</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">s</span> <span class="pl-c1">;</span>
+  <span class="pl-en">sorted_pred_slice_lemma</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">j</span> <span class="pl-c1">;</span>
+  <span class="pl-en">sorted_pred_sorted_lemma</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sorted_split_lemma</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">tot_ord</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">sorted</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">s</span> <span class="pl-c1">==</span> <span class="pl-c1">true</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-en">s1</span><span class="pl-c1">,</span> <span class="pl-en">s2</span> <span class="pl-c1">=</span> <span class="pl-en">split</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-k">in</span> <span class="pl-en">sorted</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">s1</span> <span class="pl-c1">==</span> <span class="pl-c1">true</span> <span class="pl-c1">/\</span> <span class="pl-en">sorted</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">s2</span> <span class="pl-c1">==</span> <span class="pl-c1">true</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">sorted_split_lemma</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-c1">=</span>
+  <span class="pl-en">sorted_slice_lemma</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">s</span> <span class="pl-c1">0</span> <span class="pl-en">i</span> <span class="pl-c1">;</span>
+  <span class="pl-en">sorted_slice_lemma</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">s</span> <span class="pl-en">i</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sorted_pred_append_lemma</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">tot_ord</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">seq</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">sorted_pred</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">s1</span> <span class="pl-c1">/\</span> <span class="pl-en">sorted_pred</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">s2</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">s1</span> &gt; <span class="pl-c1">0</span> <span class="pl-c1">/\</span> <span class="pl-en">length</span> <span class="pl-en">s2</span> &gt; <span class="pl-c1">0</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">last</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">head</span> <span class="pl-en">s2</span><span class="pl-c1">))))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">sorted_pred</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)))</span>
+<span class="pl-k">let</span> <span class="pl-en">sorted_pred_append_lemma</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-en">append</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">aux</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">:(</span><span class="pl-en">k</span><span class="pl-c1">:nat{</span><span class="pl-en">k</span> &lt; <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}))</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">j</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">j</span><span class="pl-c1">)))</span> <span class="pl-c1">=</span>
+    <span class="pl-k">if</span> <span class="pl-en">i</span> &lt; <span class="pl-en">length</span> <span class="pl-en">s1</span> <span class="pl-k">then</span>
+      <span class="pl-k">if</span> <span class="pl-en">j</span> &lt; <span class="pl-en">length</span> <span class="pl-en">s1</span> <span class="pl-k">then</span>
+        <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s1</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s1</span> <span class="pl-en">j</span><span class="pl-c1">))</span>
+      <span class="pl-k">else</span>
+        <span class="pl-c1">(</span><span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s1</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">last</span> <span class="pl-en">s1</span><span class="pl-c1">))</span> <span class="pl-c1">;</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">head</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s2</span> <span class="pl-c1">(</span><span class="pl-en">j</span> <span class="pl-c1">-</span> <span class="pl-en">length</span> <span class="pl-en">s1</span><span class="pl-c1">))))</span>
+    <span class="pl-k">else</span>
+      <span class="pl-c1">(</span><span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">j</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">;</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s2</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">-</span> <span class="pl-en">length</span> <span class="pl-en">s1</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-en">s2</span> <span class="pl-c1">(</span><span class="pl-en">j</span> <span class="pl-c1">-</span> <span class="pl-en">length</span> <span class="pl-en">s1</span><span class="pl-c1">))))</span>
+  <span class="pl-k">in</span>
+  <span class="pl-en">intro_sorted_pred</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">f</span> <span class="pl-en">s</span> <span class="pl-en">aux</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Seq.html b/docs/FStar.Seq.html
index 948f236..f98e8d2 100644
--- a/docs/FStar.Seq.html
+++ b/docs/FStar.Seq.html
@@ -1,16 +1,19 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Seq</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.seq">module FStar.Seq</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarseq" class="anchor" href="#fstarseq" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Seq</h1>
+<ul>
+<li>Includes module <a href="FStar.Seq.Base.html">FStar.Seq.Base</a>
+</li>
+<li>Includes module <a href="FStar.Seq.Properties.html">FStar.Seq.Properties</a>
+</li>
+</ul>
+
 </body>
 </html>
diff --git a/docs/FStar.Set.html b/docs/FStar.Set.html
index 4282799..3520319 100644
--- a/docs/FStar.Set.html
+++ b/docs/FStar.Set.html
@@ -1,55 +1,96 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Set</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.set">module FStar.Set</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">pragma</code></pre></div>
+<h1>
+<a id="user-content-fstarset" class="anchor" href="#fstarset" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Set</h1>
 <p>Computational sets (on eqtypes): membership is a boolean function</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#set-options</span> "<span class="pl-s">--initial_fuel 0 --max_fuel 0 --initial_ifuel 0 --max_ifuel 0</span>"</pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">set</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Type0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">equal</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Type0</span></pre></div>
+<p>destructors</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mem</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span></pre></div>
+<p>constructors</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">empty</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">singleton</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">union</span>      <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-k">val</span> <span class="pl-en">intersect</span>  <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-k">val</span> <span class="pl-en">complement</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<p>a property about sets</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">disjoint</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span> <span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-en">intersect</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-en">empty</span></pre></div>
+<p>ops</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">subset</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s1</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s2</span></pre></div>
+<p>Properties</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mem_empty</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+   <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+   <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">empty</span><span class="pl-c1">)))</span>
+   <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">empty</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mem_singleton</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+   <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+   <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">y</span> <span class="pl-c1">(</span><span class="pl-en">singleton</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">=</span><span class="pl-en">y</span><span class="pl-c1">)))</span>
+   <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">y</span> <span class="pl-c1">(</span><span class="pl-en">singleton</span> <span class="pl-en">x</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mem_union</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+   <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+   <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">union</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s1</span> <span class="pl-c1">||</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s2</span><span class="pl-c1">)))</span>
+   <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">union</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mem_intersect</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+   <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+   <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">intersect</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s1</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s2</span><span class="pl-c1">)))</span>
+   <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">intersect</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mem_complement</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+   <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+   <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">complement</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s</span><span class="pl-c1">)))</span>
+   <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">complement</span> <span class="pl-en">s</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mem_subset</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+   <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s1</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+   <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">subset</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+   <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">subset</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">subset_mem</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+   <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">subset</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+   <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s1</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+   <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">subset</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)]</span></pre></div>
+<p>extensionality</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_equal_intro</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span>  <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s1</span> <span class="pl-c1">=</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_equal_elim</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-c1">==</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_equal_refl</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-c1">==</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">disjoint_not_in_both</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+      <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">disjoint</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+      <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">\/</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s2</span><span class="pl-c1">)}</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s1</span> <span class="pl-c1">==&gt;</span> <span class="pl-c1">~(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s2</span><span class="pl-c1">)))</span>
+      <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">disjoint</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)]</span></pre></div>
+<p>Converting lists to sets</p>
+<p>WHY IS THIS HERE? It is not strictly part of the interface</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">#</span><span class="pl-en">reset</span><span class="pl-c1">-</span><span class="pl-en">options</span> <span class="pl-c">//restore fuel usage here</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">as_set'</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">empty</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">union</span> <span class="pl-c1">(</span><span class="pl-en">singleton</span> <span class="pl-en">hd</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">as_set'</span> <span class="pl-en">tl</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">as_set</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">normalize_term</span> <span class="pl-c1">(</span><span class="pl-en">as_set'</span> <span class="pl-en">l</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lemma_disjoint_subset</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s3</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">disjoint</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span> <span class="pl-c1">/\</span> <span class="pl-en">subset</span> <span class="pl-en">s3</span> <span class="pl-en">s1</span><span class="pl-c1">))</span>
+          <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">disjoint</span> <span class="pl-en">s3</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Squash.html b/docs/FStar.Squash.html
index dae0852..a589c74 100644
--- a/docs/FStar.Squash.html
+++ b/docs/FStar.Squash.html
@@ -1,16 +1,95 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Squash</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.squash">module FStar.Squash</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarsquash" class="anchor" href="#fstarsquash" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Squash</h1>
+<blockquote>
+<p>The module provides an interface to work with <code>squash</code> types, F*'s
+representation for proof-irrelevant propositions.</p>
+<p>The type <code>squash p</code> is defined in <code>Prims</code> as <code>_:unit{p}</code>. As such,
+the <code>squash</code> type captures the classical logic used in F*'s
+refinement types, although the interface in this module isn't
+specifically classical. The module <code>FStar.Classical</code> provides
+further derived forms to manipulate <code>squash</code> types.</p>
+<p>This is inspired in part by: Quotient Types: A Modular
+Approach. Aleksey Nogin, TPHOLs 2002.
+<a href="http://www.nuprl.org/documents/Nogin/QuotientTypes_02.pdf" rel="nofollow">http://www.nuprl.org/documents/Nogin/QuotientTypes_02.pdf</a></p>
+<p>Broadly, <code>squash</code> is a monad, support the usual <code>return</code> and
+<code>bind</code> operations.</p>
+<p>Additionally, it supports a <a href="#push_squash"><code>push_squash</code></a> operation that relates
+arrow types and <code>squash</code>.</p>
+</blockquote>
+<h4>
+<a id="user-content-return_squash" class="anchor" href="#return_squash" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>return_squash</h4>
+<p>A proof of <code>a</code> can be forgotten to create a squashed proof of <code>a</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">return_squash</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-bind_squash" class="anchor" href="#bind_squash" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>bind_squash</h4>
+<p>Sequential composition of squashed proofs</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">bind_squash</span> <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-k">squash</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-en">b</span><span class="pl-c1">)))</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-push_squash" class="anchor" href="#push_squash" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>push_squash</h4>
+<p>The <code>push</code> operation, together with <a href="#bind_squash"><code>bind_squash</code></a>, allow deriving
+some of the other operations, notably <a href="#squash_double_arrow"><code>squash_double_arrow</code></a>. We
+rarely use the <a href="#push_squash"><code>push_squash</code></a> operation directly.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">push_squash</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">))))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">)))</span></pre></div>
+<p>One reading of <code>push f</code> is that for a function <code>f</code> that builds a
+proof-irrelevant prooof of <code>b x</code> for all <code>x:a</code>, there exists a
+proof-irrelevant proof of <code>forall (x:a). b x</code>.</p>
+<p>Note: since <code>f</code> is not itself squashed, <code>push_squash f</code> is not
+equal to <code>f</code>.</p>
+<blockquote>
+<p>The pre- and postconditions of of <code>Pure</code> are equivalent to
+squashed arguments and results.</p>
+</blockquote>
+<h4>
+<a id="user-content-get_proof" class="anchor" href="#get_proof" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>get_proof</h4>
+<p><code>get_proof p</code>, in a context requiring <code>p</code> is equivalent to a proof
+of <code>squash p</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">get_proof</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-give_proof" class="anchor" href="#give_proof" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>give_proof</h4>
+<p><code>give_proof x</code>, for <code>x:squash p</code> is a equivalent to ensuring
+<code>p</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">give_proof</span> <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-k">squash</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">unit</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-proof_irrelevance" class="anchor" href="#proof_irrelevance" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>proof_irrelevance</h4>
+<p>All proofs of <code>squash p</code> are equal</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">proof_irrelevance</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-k">squash</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">y</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-squash_double_arrow" class="anchor" href="#squash_double_arrow" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>squash_double_arrow</h4>
+<p>Squashing the proof of the co-domain of squashed universal
+quantifier is redundant---<a href="#squash_double_arrow"><code>squash_double_arrow</code></a> allows removing
+it.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">squash_double_arrow</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">($</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)))))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)))</span></pre></div>
+<h4>
+<a id="user-content-push_sum" class="anchor" href="#push_sum" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>push_sum</h4>
+<p>The analog of <a href="#push_squash"><code>push_squash</code></a> for sums (existential quantification</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">push_sum</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">($</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">dtuple2</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">))))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">dtuple2</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-squash_double_sum" class="anchor" href="#squash_double_sum" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>squash_double_sum</h4>
+<p>The analog of <a href="#squash_double_arrow"><code>squash_double_arrow</code></a> for sums (existential quantification)</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">squash_double_sum</span>
+      <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+      <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span>
+      <span class="pl-c1">($</span><span class="pl-en">p</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">dtuple2</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">)))))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">dtuple2</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-map_squash" class="anchor" href="#map_squash" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>map_squash</h4>
+<p><code>squash</code> is functorial; a ghost function can be mapped over a squash</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">map_squash</span> <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-k">squash</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-join_squash" class="anchor" href="#join_squash" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>join_squash</h4>
+<p><code>squash</code> is a monad: double squashing is redundant and can be removed.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">join_squash</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-en">a</span><span class="pl-c1">))</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.SquashProperties.html b/docs/FStar.SquashProperties.html
index 3b61489..6c4ceca 100644
--- a/docs/FStar.SquashProperties.html
+++ b/docs/FStar.SquashProperties.html
@@ -1,16 +1,149 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.SquashProperties</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.squashproperties">module FStar.SquashProperties</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarsquashproperties" class="anchor" href="#fstarsquashproperties" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.SquashProperties</h1>
+<ul>
+<li>
+<p>Opens module <a href="FStar.Constructive.html">FStar.Constructive</a></p>
+</li>
+<li>
+<p>Opens module <a href="FStar.Squash.html">FStar.Squash</a></p>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">join_squash</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">join_squash</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-en">bind_squash</span> <span class="pl-c1">#(</span><span class="pl-k">squash</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">squash_arrow</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">$</span><span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)))</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)))</span>
+<span class="pl-k">let</span> <span class="pl-en">squash_arrow</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-en">f</span> <span class="pl-c1">=</span> <span class="pl-en">squash_double_arrow</span> <span class="pl-c1">(</span><span class="pl-en">return_squash</span> <span class="pl-en">f</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">forall_intro</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">$</span><span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">))</span><span class="pl-c"><span class="pl-c">(*</span> (forall (x:a). p x) <span class="pl-c">*)</span></span>
+<span class="pl-k">let</span> <span class="pl-en">forall_intro</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-en">f</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">ff</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)))</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">;</span> <span class="pl-en">get_proof</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">))</span> <span class="pl-k">in</span>
+  <span class="pl-en">give_proof</span> <span class="pl-c1">#(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">squash_arrow</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-en">ff</span><span class="pl-c1">)</span></pre></div>
+<p>currently unused
+val squash_elim : a:Type -&gt; #b:Type -&gt; t1:b -&gt; t2:b -&gt;
+(       a -&gt; Tot (ceq t1 t2)) -&gt;
+Tot (squash a -&gt; Tot (ceq t1 t2))</p>
+<p>assume val tt (t:Type) : squash t</p>
+<p>assume val squash_mem_elim : a:Type -&gt; #b:Type -&gt; t1:b -&gt; t2:b -&gt;</p>
+<p>(x:squash a -&gt; t:(squash a -&gt; Type) -&gt; Tot (t ())) -&gt;</p>
+<p>Tot (x:squash a -&gt; t:(squash a -&gt; Type) -&gt; Tot (t x))</p>
+<p>get_proof and give_proof are phrased in terms of squash</p>
+<p>The whole point of defining squash is to soundly allow define excluded_middle;
+here this follows from get_proof and give_proof</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">bool_of_or</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">p</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">q</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c_or</span> <span class="pl-en">p</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:bool{(</span><span class="pl-en">b</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-en">not</span><span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">q</span><span class="pl-c1">)})</span>
+<span class="pl-k">let</span> <span class="pl-en">bool_of_or</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">#</span><span class="pl-en">q</span> <span class="pl-en">t</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">t</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Left</span>  <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">true</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Right</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">false</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">excluded_middle</span> <span class="pl-c1">:</span> <span class="pl-en">p</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:bool{</span><span class="pl-en">b</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">p</span><span class="pl-c1">}))</span>
+<span class="pl-k">let</span> <span class="pl-en">excluded_middle</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-en">map_squash</span> <span class="pl-c1">(</span><span class="pl-en">join_squash</span> <span class="pl-c1">(</span><span class="pl-en">get_proof</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">\/</span> <span class="pl-c1">(~</span><span class="pl-en">p</span><span class="pl-c1">))))</span> <span class="pl-en">bool_of_or</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">excluded_middle_squash</span> <span class="pl-c1">:</span> <span class="pl-en">p</span><span class="pl-c1">:Type0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">\/</span> <span class="pl-c1">~</span><span class="pl-en">p</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">excluded_middle_squash</span> <span class="pl-en">p</span> <span class="pl-c1">=</span>
+  <span class="pl-en">bind_squash</span> <span class="pl-c1">(</span><span class="pl-en">excluded_middle</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-k">if</span> <span class="pl-en">x</span> <span class="pl-k">then</span>
+    <span class="pl-en">map_squash</span> <span class="pl-c1">(</span><span class="pl-en">get_proof</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-c1">Left</span> <span class="pl-c1">#</span><span class="pl-en">p</span><span class="pl-c1">)</span>
+  <span class="pl-k">else</span>
+    <span class="pl-en">return_squash</span> <span class="pl-c1">(</span><span class="pl-c1">Right</span> <span class="pl-c1">#</span><span class="pl-c1">_</span> <span class="pl-c1">#(~</span><span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">return_squash</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+                                   <span class="pl-en">give_proof</span> <span class="pl-c1">(</span><span class="pl-en">return_squash</span> <span class="pl-en">h</span><span class="pl-c1">);</span>
+                                   <span class="pl-en">false_elim</span> <span class="pl-c1">#</span><span class="pl-c1">False</span> <span class="pl-c1">()))))</span></pre></div>
+<p>we thought we might prove proof irrelevance by Berardi ... but didn't manage</p>
+<p>Conditional on any Type -- unused below</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">ifProp</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">p</span><span class="pl-c1">:Type0</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:Type0</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">e1</span><span class="pl-c1">:</span><span class="pl-k">squash</span> <span class="pl-en">p</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">e2</span><span class="pl-c1">:</span><span class="pl-k">squash</span> <span class="pl-en">p</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-en">p</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">ifProp</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-en">b</span> <span class="pl-en">e1</span> <span class="pl-en">e2</span> <span class="pl-c1">=</span>
+   <span class="pl-en">bind_squash</span> <span class="pl-c1">(</span><span class="pl-en">excluded_middle_squash</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+           <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">c_or</span> <span class="pl-en">b</span> <span class="pl-c1">(~</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">match</span> <span class="pl-en">x</span> <span class="pl-k">with</span>
+            <span class="pl-c1">|</span> <span class="pl-c1">Left</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">e1</span>
+        <span class="pl-c1">|</span> <span class="pl-c1">Right</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">e2</span><span class="pl-c1">)</span></pre></div>
+<p>The powerset operator</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">pow</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-en">p</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">bool</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">noeq</span> <span class="pl-k">type</span> <span class="pl-en">retract</span> <span class="pl-smi">'a</span> <span class="pl-smi">'b</span> <span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">MkR</span><span class="pl-c1">:</span> <span class="pl-en">i</span><span class="pl-c1">:(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+         <span class="pl-en">j</span><span class="pl-c1">:(</span><span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+         <span class="pl-en">inv</span><span class="pl-c1">:(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">ceq</span> <span class="pl-c1">(</span><span class="pl-en">j</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-en">x</span><span class="pl-c1">))</span> <span class="pl-en">x</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span>
+         <span class="pl-en">retract</span> <span class="pl-smi">'a</span> <span class="pl-smi">'b</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">noeq</span> <span class="pl-k">type</span> <span class="pl-en">retract_cond</span> <span class="pl-smi">'a</span> <span class="pl-smi">'b</span> <span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">MkC</span><span class="pl-c1">:</span> <span class="pl-en">i2</span><span class="pl-c1">:(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+         <span class="pl-en">j2</span><span class="pl-c1">:(</span><span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+         <span class="pl-en">inv2</span><span class="pl-c1">:(</span><span class="pl-en">retract</span> <span class="pl-smi">'a</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">ceq</span> <span class="pl-c1">(</span><span class="pl-en">j2</span> <span class="pl-c1">(</span><span class="pl-en">i2</span> <span class="pl-en">x</span><span class="pl-c1">))</span> <span class="pl-en">x</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span>
+         <span class="pl-en">retract_cond</span> <span class="pl-smi">'a</span> <span class="pl-smi">'b</span></pre></div>
+<p>unused below</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">ac</span><span class="pl-c1">:</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">retract_cond</span> <span class="pl-smi">'a</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">retract</span> <span class="pl-smi">'a</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span>
+          <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">ceq</span> <span class="pl-c1">((</span><span class="pl-c1">MkC</span><span class="pl-c1">?.</span><span class="pl-en">j2</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-c1">MkC</span><span class="pl-c1">?.</span><span class="pl-en">i2</span> <span class="pl-en">r</span> <span class="pl-en">x</span><span class="pl-c1">))</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">ac</span> <span class="pl-c1">(</span><span class="pl-c1">MkC</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-en">inv2</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">inv2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">false_elim</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-c1">False</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span>
+  <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">f</span> <span class="pl-k">with</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">l1</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">retract_cond</span> <span class="pl-c1">(</span><span class="pl-en">pow</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">pow</span> <span class="pl-en">b</span><span class="pl-c1">)))</span>
+<span class="pl-k">let</span> <span class="pl-en">l1</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span>
+   <span class="pl-en">bind_squash</span> <span class="pl-c1">(</span><span class="pl-en">excluded_middle_squash</span> <span class="pl-c1">(</span><span class="pl-en">retract</span> <span class="pl-c1">(</span><span class="pl-en">pow</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">pow</span> <span class="pl-en">b</span><span class="pl-c1">)))</span>
+          <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">c_or</span> <span class="pl-c1">(</span><span class="pl-en">retract</span> <span class="pl-c1">(</span><span class="pl-en">pow</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">pow</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">(~</span> <span class="pl-c1">(</span><span class="pl-en">retract</span> <span class="pl-c1">(</span><span class="pl-en">pow</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">pow</span> <span class="pl-en">b</span><span class="pl-c1">))))</span> <span class="pl-c1">-&gt;</span>
+             <span class="pl-k">match</span> <span class="pl-en">x</span> <span class="pl-k">with</span>
+         <span class="pl-c1">|</span> <span class="pl-c1">Left</span> <span class="pl-c1">(</span><span class="pl-c1">MkR</span> <span class="pl-en">f0</span> <span class="pl-en">g0</span> <span class="pl-en">e</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+           <span class="pl-en">return_squash</span> <span class="pl-c1">(</span><span class="pl-c1">MkC</span> <span class="pl-en">f0</span> <span class="pl-en">g0</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">e</span><span class="pl-c1">))</span>
+         <span class="pl-c1">|</span> <span class="pl-c1">Right</span> <span class="pl-en">nr</span> <span class="pl-c1">-&gt;</span>
+           <span class="pl-k">let</span> <span class="pl-en">f0</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">pow</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">false</span> <span class="pl-k">in</span>
+           <span class="pl-k">let</span> <span class="pl-en">g0</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">pow</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">false</span> <span class="pl-k">in</span>
+           <span class="pl-en">map_squash</span> <span class="pl-en">nr</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-en">retract</span> <span class="pl-c1">(</span><span class="pl-en">pow</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">pow</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">False</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span>
+                  <span class="pl-c1">MkC</span> <span class="pl-en">f0</span> <span class="pl-en">g0</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">r</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">false_elim</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">r</span><span class="pl-c1">))))</span></pre></div>
+<p>The paradoxical set</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">u</span> <span class="pl-c1">=</span> <span class="pl-en">p</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">pow</span> <span class="pl-en">p</span><span class="pl-c1">))</span></pre></div>
+<p>NS: FAILS TO CHECK BEYOND HERE ... TODO, revisit</p>
+<p>Bijection between U and (pow U)</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">f</span> <span class="pl-c1">:</span> <span class="pl-en">u</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">pow</span> <span class="pl-en">u</span><span class="pl-c1">))</span>
+<span class="pl-k">#set-options</span> "<span class="pl-s">--print_universes</span>"</pre></div>
+<p>let f x = x u  *) //fails here without a means of denoting univers</p>
+<p>val g : squash (pow U) -&gt; Tot U
+let g sh = fun (x:Type) -&gt;
+let (slX:squash (pow U -&gt; Tot (pow x))) = map_squash (l1 x U) MkC?.j2 in
+let (srU:squash (pow U -&gt; Tot (pow U))) = map_squash (l1 U U) MkC?.i2 in
+bind_squash srU (fun rU -&gt;
+bind_squash slX (fun lX -&gt;
+bind_squash sh (fun h -&gt;
+return_squash (lX (rU h)))))</p>
+<p>(* This only works if importing FStar.All.fst, which is nonsense *)
+val r : U
+let r =
+let ff : (U -&gt; Tot (squash bool)) =
+(fun (u:U) -&gt; map_squash (u U) (fun uu -&gt; not (uu u))) in
+g (squash_arrow ff)</p>
+<p>CH: stopped here</p>
+<p>val not_has_fixpoint : squash (ceq (r U r) (not (r U r)))</p>
+<p>let not_has_fixpoint = Refl #bool #(r U r)</p>
+<p>otherwise we could assume proof irrelevance as an axiom;
+note that proof relevance shouldn't be derivable for squash types
+val not_provable : unit -&gt;</p>
+<p>Tot (cnot (ceq (return_squash true) (return_squash false)))</p>
+<p>val not_provable : unit -&gt;</p>
+<p>Tot (squash (cnot (ceq (return_squash true) (return_squash false))))</p>
+<p>type cheq (#a:Type) (x:a) : #b:Type -&gt; b -&gt; Type =
+| HRefl : cheq #a x #a x</p>
+<p>val not_provable : unit -&gt;</p>
+<p>Tot (cimp (cheq (return_squash #(b:bool{b=true})  true)</p>
+<p>(return_squash #(b:bool{b=false}) false)) (squash cfalse))</p>
+<p>let not_provable () =</p>
+<p>(fun h -&gt; match h with</p>
+<p>| HRefl -&gt;</p>
+<p>assert(return_squash #(b:bool{b=true}) true ==</p>
+<p>return_squash #(b:bool{b=false}) false);</p>
+<p>bind_squash (return_squash #(b:bool{b=true})  true) (fun btrue -&gt;</p>
+<p>bind_squash (return_squash #(b:bool{b=false}) false) (fun bfalse -&gt;</p>
+<p>assert (btrue &lt;&gt; bfalse); magic())))</p>
+<p>TODO:</p>
+<ul>
+<li>play with this a bit more; try out some examples
+<ul>
+<li>search for give_proof / get_proof</li>
+</ul>
+</li>
+</ul>
+
 </body>
 </html>
diff --git a/docs/FStar.String.html b/docs/FStar.String.html
index 4e93510..3ea89b0 100644
--- a/docs/FStar.String.html
+++ b/docs/FStar.String.html
@@ -1,16 +1,144 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.String</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.string">module FStar.String</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarstring" class="anchor" href="#fstarstring" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.String</h1>
+<ul>
+<li>Opens module <a href="FStar.List.Tot.html">FStar.List.Tot</a>
+</li>
+</ul>
+<p>String is a primitive type in F*.</p>
+<p>Most of the functions in this interface have a special status in
+that they are:</p>
+<ol>
+<li>
+<p>All the total functions in this module are handled by F*'s
+normalizers and can be reduced during typechecking</p>
+</li>
+<li>
+<p>All the total functions, plus two functions in the ML effect,
+have native OCaml implementations in FStar_String.ml</p>
+</li>
+</ol>
+<p>These functions are, however, not suitable for use in Low* code,
+since many of them incur implicit allocations that must be garbage
+collected.</p>
+<p>For strings in Low*, see LowStar.String, LowStar.Literal etc.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">char</span> <span class="pl-c1">=</span> <span class="pl-smi">FStar.Char.</span><span class="pl-en">char</span></pre></div>
+<blockquote>
+<p><code>list_of_string</code> and <code>string_of_list</code>: A pair of coercions to
+expose and pack a string as a list of characters</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">list_of_string</span> <span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-en">char</span><span class="pl-c1">)</span>
+<span class="pl-k">val</span> <span class="pl-en">string_of_list</span> <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">char</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">string</span></pre></div>
+<blockquote>
+<p>A pair</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">string_of_list_of_string</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:string)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">string_of_list</span> <span class="pl-c1">(</span><span class="pl-en">list_of_string</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">s</span><span class="pl-c1">)</span>
+<span class="pl-k">val</span> <span class="pl-en">list_of_string_of_list</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">char</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">list_of_string</span> <span class="pl-c1">(</span><span class="pl-en">string_of_list</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">l</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<p><code>strlen s</code> counts the number of utf8 values in a string
+It is not the byte length of a string</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">strlen</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-smi">List.</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">list_of_string</span> <span class="pl-en">s</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<p><code>length</code>, an alias for <code>strlen</code></p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-en">strlen</span> <span class="pl-en">s</span></pre></div>
+<blockquote>
+<p><code>maxlen</code>: When applied to a literal s of less than n characters,
+<code>maxlen s n</code> reduces to <code>True</code> before going to the SMT solver.
+Otherwise, the left disjunct reduces partially but the right
+disjunct remains as is, allowing to keep <code>strlen s &lt;= n</code> in the
+context.</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">maxlen</span> <span class="pl-en">s</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-en">b2t</span> <span class="pl-c1">(</span><span class="pl-en">normalize_term</span> <span class="pl-c1">(</span><span class="pl-en">strlen</span> <span class="pl-en">s</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">))</span> <span class="pl-c1">\/</span> <span class="pl-en">strlen</span> <span class="pl-en">s</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">n</span></pre></div>
+<blockquote>
+<p><code>make l c</code>: builds a string of length <code>l</code> with each character set
+to <code>c</code></p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">make</span><span class="pl-c1">:</span> <span class="pl-en">l</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">char</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:string</span> <span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-en">l</span><span class="pl-c1">})</span></pre></div>
+<blockquote>
+<p><code>string_of_char</code>: A convenient abbreviation for <code>make 1 c</code></p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">string_of_char</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span><span class="pl-en">char</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">string</span> <span class="pl-c1">=</span> <span class="pl-en">make</span> <span class="pl-c1">1</span> <span class="pl-en">c</span></pre></div>
+<blockquote>
+<p><code>split cs s</code>: splits the string by delimiters in <code>cs</code></p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">split</span><span class="pl-c1">:</span>   <span class="pl-en">list</span> <span class="pl-en">char</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-c1">string)</span></pre></div>
+<blockquote>
+<p><code>concat s l</code> concatentates the strings in <code>l</code> delimited by <code>s</code></p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">concat</span><span class="pl-c1">:</span>  <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">string</span></pre></div>
+<blockquote>
+<p><code>compare s0 s1</code>: lexicographic ordering on strings</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">compare</span><span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">int</span></pre></div>
+<blockquote>
+<p><code>lowercase</code>: transform each character to its lowercase variant</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lowercase</span><span class="pl-c1">:</span>  <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">string</span></pre></div>
+<blockquote>
+<p><code>uppercase</code>: transform each character to its uppercase variant</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">uppercase</span><span class="pl-c1">:</span>  <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">string</span></pre></div>
+<blockquote>
+<p><code>index s n</code>: returns the nth character in <code>s</code></p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">index</span><span class="pl-c1">:</span> <span class="pl-en">s</span><span class="pl-c1">:string</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">n</span><span class="pl-c1">:nat</span> <span class="pl-c1">{</span><span class="pl-en">n</span> &lt; <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">char</span></pre></div>
+<blockquote>
+<p><code>index_of s c</code>:
+The first index of <code>c</code> in <code>s</code>
+returns -1 if the char is not found, for compatibility with C</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">index_of</span><span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">char</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">int</span></pre></div>
+<blockquote>
+<p><code>sub s i len</code>
+Second argument is a length, not an index.
+Returns a substring of length <code>len</code> beginning at <code>i</code></p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sub</span><span class="pl-c1">:</span> <span class="pl-en">s</span><span class="pl-c1">:string</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> <span class="pl-c1">+</span> <span class="pl-en">l</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">r</span> <span class="pl-c1">=</span> <span class="pl-en">l</span><span class="pl-c1">})</span></pre></div>
+<blockquote>
+<p><code>collect f s</code>: maps <code>f</code> over each character of <code>s</code>
+from left to right, appending and flattening the result</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-c1">(</span><span class="pl-en">deprecated</span> <span class="pl-s"><span class="pl-pds">"</span>FStar.String.collect can be defined using list_of_string and List.collect<span class="pl-pds">"</span></span><span class="pl-c1">)]</span>
+<span class="pl-k">val</span> <span class="pl-en">collect</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">char</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.All.</span><span class="pl-c1">ML</span> <span class="pl-c1">string)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.All.</span><span class="pl-c1">ML</span> <span class="pl-c1">string</span></pre></div>
+<blockquote>
+<p><code>substring s i len</code>
+A partial variant of <code>sub s i len</code> without bounds checks.
+May fail with index out of bounds</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">substring</span><span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Ex</span> <span class="pl-c1">string</span></pre></div>
+<blockquote>
+<p><code>get s i</code>: Similar to <code>index</code> except it may fail
+if <code>i</code> is out of bounds</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">get</span><span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Ex</span> <span class="pl-en">char</span></pre></div>
+<blockquote>
+<p>Some lemmas (admitted for now as we don't have a model)</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">concat_length</span> <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-c1">string):</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-c1">^</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">s1</span> <span class="pl-c1">+</span> <span class="pl-en">length</span> <span class="pl-en">s2</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">list_of_concat</span> <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">:</span> <span class="pl-c1">string):</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">list_of_string</span> <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-c1">^</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">list_of_string</span> <span class="pl-en">s1</span> @ <span class="pl-en">list_of_string</span> <span class="pl-en">s2</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">index_string_of_list</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">char</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">:</span> <span class="pl-c1">nat{</span><span class="pl-en">i</span> &lt; <span class="pl-smi">List.Tot.</span><span class="pl-en">length</span> <span class="pl-en">l</span><span class="pl-c1">})</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span></pre></div>
+<p>*) list_of_string_of_list l; // necessary to get equality between the lengt</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">string_of_list</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-smi">List.Tot.</span><span class="pl-en">index</span> <span class="pl-en">l</span> <span class="pl-en">i</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">index_list_of_string</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:string)</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">:</span> <span class="pl-c1">nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">})</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-smi">List.Tot.</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">list_of_string</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-en">index</span> <span class="pl-en">s</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">index_string_of_list</span> <span class="pl-c1">(</span><span class="pl-en">list_of_string</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">;</span>
+  <span class="pl-en">string_of_list_of_string</span> <span class="pl-en">s</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.StrongExcludedMiddle.html b/docs/FStar.StrongExcludedMiddle.html
index b10d2dc..8d62bd7 100644
--- a/docs/FStar.StrongExcludedMiddle.html
+++ b/docs/FStar.StrongExcludedMiddle.html
@@ -1,16 +1,15 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.StrongExcludedMiddle</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.strongexcludedmiddle">module FStar.StrongExcludedMiddle</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarstrongexcludedmiddle" class="anchor" href="#fstarstrongexcludedmiddle" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.StrongExcludedMiddle</h1>
+<p>WARNING: this breaks parametricity; use with care</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">strong_excluded_middle</span> <span class="pl-c1">:</span> <span class="pl-en">p</span><span class="pl-c1">:Type0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:bool{</span><span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-c1">true</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">p</span><span class="pl-c1">})</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.TSet.html b/docs/FStar.TSet.html
index 79487cc..f4e897a 100644
--- a/docs/FStar.TSet.html
+++ b/docs/FStar.TSet.html
@@ -1,16 +1,100 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.TSet</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.tset">module FStar.TSet</h1>
-<p>fsdoc: no-summary-found</p>
+<h1>
+<a id="user-content-fstartset" class="anchor" href="#fstartset" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.TSet</h1>
 <p>Propositional sets (on any types): membership is a predicate</p>
+<ul>
+<li>Aliases module <a href="FStar.PropositionalExtensionality.html"> FStar.PropositionalExtensionality</a> as <code>P </code>
+</li>
+<li>Aliases module <a href="FStar.FunctionalExtensionality.html"> FStar.FunctionalExtensionality</a> as <code>F </code>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#set-options</span> "<span class="pl-s">--initial_fuel 0 --max_fuel 0 --initial_ifuel 0 --max_ifuel 0</span>"</pre></div>
+<ul>
+<li>AR: mark it must_erase_for_extraction temporarily until CMI comes in</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">must_erase_for_extraction</span><span class="pl-c1">]</span>
+<span class="pl-k">val</span> <span class="pl-en">set</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#(</span><span class="pl-en">max</span> <span class="pl-c1">1</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">equal</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Type0</span></pre></div>
+<p>destructors</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mem</span> <span class="pl-c1">:</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">set</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type0</span></pre></div>
+<p>constructors</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">empty</span>      <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-k">val</span> <span class="pl-en">singleton</span>  <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-k">val</span> <span class="pl-en">union</span>      <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-k">val</span> <span class="pl-en">intersect</span>  <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-k">val</span> <span class="pl-en">complement</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<p>ops</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">subset</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Type0</span> <span class="pl-c1">=</span> <span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s1</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s2</span></pre></div>
+<p>Properties</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mem_empty</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+   <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+   <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(~</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">empty</span><span class="pl-c1">)))</span>
+   <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">empty</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mem_singleton</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+   <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+   <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">y</span> <span class="pl-c1">(</span><span class="pl-en">singleton</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">==</span><span class="pl-en">y</span><span class="pl-c1">)))</span>
+   <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">y</span> <span class="pl-c1">(</span><span class="pl-en">singleton</span> <span class="pl-en">x</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mem_union</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+   <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+   <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">union</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s1</span> <span class="pl-c1">\/</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s2</span><span class="pl-c1">)))</span>
+   <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">union</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mem_intersect</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+   <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+   <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">intersect</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s1</span> <span class="pl-c1">/\</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s2</span><span class="pl-c1">)))</span>
+   <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">intersect</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mem_complement</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+   <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+   <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">complement</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">~(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s</span><span class="pl-c1">)))</span>
+   <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">complement</span> <span class="pl-en">s</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mem_subset</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+   <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s1</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+   <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">subset</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+   <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">subset</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">subset_mem</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+   <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">subset</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+   <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s1</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+   <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">subset</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)]</span></pre></div>
+<p>extensionality</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_equal_intro</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span>  <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s1</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_equal_elim</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-c1">==</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_equal_refl</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-c1">==</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">tset_of_set</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_mem_tset_of_set</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">tset_of_set</span> <span class="pl-en">s</span><span class="pl-c1">)))</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">tset_of_set</span> <span class="pl-en">s</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">filter</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_mem_filter</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0))</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">filter</span> <span class="pl-en">f</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-en">s</span> <span class="pl-c1">/\</span> <span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">filter</span> <span class="pl-en">f</span> <span class="pl-en">s</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">map</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">set</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_mem_map</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span><span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-k">exists</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-c1">{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">y</span> <span class="pl-en">s</span><span class="pl-c1">)}</span> <span class="pl-en">mem</span> <span class="pl-en">y</span> <span class="pl-en">s</span> <span class="pl-c1">/\</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">f</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+         <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">mem</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-en">s</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">#</span><span class="pl-en">reset</span><span class="pl-c1">-</span><span class="pl-en">options</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">as_set'</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">set</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">empty</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">union</span> <span class="pl-c1">(</span><span class="pl-en">singleton</span> <span class="pl-en">hd</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">as_set'</span> <span class="pl-en">tl</span><span class="pl-c1">)</span></pre></div>
+<p>unfold let as_set (#a:Type) (l:list a) : set a =</p>
+<p>Prims.norm <code>zeta; iota; delta_only </code>"FStar.TSet.as_set'"`` (as_set' l)</p>
+
 </body>
 </html>
diff --git a/docs/FStar.Tactics.Arith.html b/docs/FStar.Tactics.Arith.html
index 6dbeaad..469f35c 100644
--- a/docs/FStar.Tactics.Arith.html
+++ b/docs/FStar.Tactics.Arith.html
@@ -1,16 +1,51 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Tactics.Arith</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.tactics.arith">module FStar.Tactics.Arith</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstartacticsarith" class="anchor" href="#fstartacticsarith" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Tactics.Arith</h1>
+<ul>
+<li>Opens module <a href="FStar.Tactics.html">FStar.Tactics</a>
+</li>
+<li>Opens module <a href="FStar.Reflection.Formula.html">FStar.Reflection.Formula</a>
+</li>
+<li>Opens module <a href="FStar.Reflection.Arith.html">FStar.Reflection.Arith</a>
+</li>
+</ul>
+<p>decide if the current goal is arith, drop the built representation of it</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">is_arith_goal</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">g</span> <span class="pl-c1">=</span> <span class="pl-en">cur_goal</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+    <span class="pl-k">match</span> <span class="pl-en">run_tm</span> <span class="pl-c1">(</span><span class="pl-en">is_arith_prop</span> <span class="pl-en">g</span><span class="pl-c1">)</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Inr</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">true</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">false</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">split_arith</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">split_arith</span> <span class="pl-c1">()</span> <span class="pl-c1">=</span>
+    <span class="pl-k">if</span> <span class="pl-en">is_arith_goal</span> <span class="pl-c1">()</span> <span class="pl-k">then</span>
+        <span class="pl-k">begin</span>
+        <span class="pl-en">prune</span> <span class="pl-s"><span class="pl-pds">"</span><span class="pl-pds">"</span></span><span class="pl-c1">;</span>
+        <span class="pl-en">addns</span> <span class="pl-s"><span class="pl-pds">"</span>Prims<span class="pl-pds">"</span></span><span class="pl-c1">;</span>
+        <span class="pl-en">smt</span> <span class="pl-c1">()</span>
+        <span class="pl-k">end</span>
+    <span class="pl-k">else</span> <span class="pl-k">begin</span>
+        <span class="pl-k">let</span> <span class="pl-en">g</span> <span class="pl-c1">=</span> <span class="pl-en">cur_goal</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+        <span class="pl-k">match</span> <span class="pl-en">term_as_formula</span> <span class="pl-en">g</span> <span class="pl-k">with</span>
+        <span class="pl-c1">|</span> <span class="pl-c1">True_</span> <span class="pl-c1">-&gt;</span>
+            <span class="pl-en">trivial</span> <span class="pl-c1">()</span>
+        <span class="pl-c1">|</span> <span class="pl-c1">And</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span>
+            <span class="pl-en">seq</span> <span class="pl-smi">FStar.Tactics.</span><span class="pl-en">split</span> <span class="pl-en">split_arith</span>
+        <span class="pl-c1">|</span> <span class="pl-c1">Implies</span> <span class="pl-en">p</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span>
+            <span class="pl-k">let</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-en">implies_intro</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+            <span class="pl-en">seq</span> <span class="pl-en">split_arith</span> <span class="pl-en">l_revert</span>
+        <span class="pl-c1">|</span> <span class="pl-c1">Forall</span> <span class="pl-en">x</span> <span class="pl-en">p</span> <span class="pl-c1">-&gt;</span>
+            <span class="pl-k">let</span> <span class="pl-en">bs</span> <span class="pl-c1">=</span> <span class="pl-en">forall_intros</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+            <span class="pl-en">seq</span> <span class="pl-en">split_arith</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l_revert_all</span> <span class="pl-en">bs</span><span class="pl-c1">)</span>
+        <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+            <span class="pl-c1">()</span>
+    <span class="pl-k">end</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Tactics.BV.html b/docs/FStar.Tactics.BV.html
index 605eb6b..e6ac77a 100644
--- a/docs/FStar.Tactics.BV.html
+++ b/docs/FStar.Tactics.BV.html
@@ -1,16 +1,188 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Tactics.BV</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.tactics.bv">module FStar.Tactics.BV</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstartacticsbv" class="anchor" href="#fstartacticsbv" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Tactics.BV</h1>
+<ul>
+<li>Opens module <a href="FStar.Tactics.html">FStar.Tactics</a>
+</li>
+<li>Opens module <a href="FStar.Reflection.Formula.html">FStar.Reflection.Formula</a>
+</li>
+<li>Opens module <a href="FStar.Reflection.Arith.html">FStar.Reflection.Arith</a>
+</li>
+<li>Opens module <a href="FStar.BV.html">FStar.BV</a>
+</li>
+<li>Opens module <a href="FStar.UInt.html">FStar.UInt</a>
+</li>
+</ul>
+<p>using uint_t' instead of uint_t breaks the tactic (goes to inl).</p>
+<p>Congruence lemmas</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">cong_bvand</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">w</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+                   <span class="pl-c1">(#</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">z</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+                   <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">w</span> <span class="pl-c1">==</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">z</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+                   <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">bvand</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">w</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">bvand</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">cong_bvand</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">#</span><span class="pl-en">w</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">#</span><span class="pl-en">y</span> <span class="pl-c1">#</span><span class="pl-en">z</span> <span class="pl-en">pf1</span> <span class="pl-en">pf2</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">cong_bvxor</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">w</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+                   <span class="pl-c1">(#</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">z</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+                   <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">w</span> <span class="pl-c1">==</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">z</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+                   <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">bvxor</span> <span class="pl-en">w</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">bvxor</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">cong_bvxor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">#</span><span class="pl-en">w</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">#</span><span class="pl-en">y</span> <span class="pl-c1">#</span><span class="pl-en">z</span> <span class="pl-en">pf1</span> <span class="pl-en">pf2</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">cong_bvor</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">w</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+                   <span class="pl-c1">(#</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">z</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+                   <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">w</span> <span class="pl-c1">==</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">z</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+                   <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">bvor</span> <span class="pl-en">w</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">bvor</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">cong_bvor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">#</span><span class="pl-en">w</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">#</span><span class="pl-en">y</span> <span class="pl-c1">#</span><span class="pl-en">z</span> <span class="pl-en">pf1</span> <span class="pl-en">pf2</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">cong_bvshl</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">w</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+                 <span class="pl-c1">(#</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">w</span> <span class="pl-c1">==</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+                 <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">bvshl</span> <span class="pl-en">w</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">bvshl</span> <span class="pl-en">y</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">cong_bvshl</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">#</span><span class="pl-en">w</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">#</span><span class="pl-en">y</span> <span class="pl-en">pf</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">cong_bvshr</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">w</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+               <span class="pl-c1">#</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">w</span> <span class="pl-c1">==</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+               <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">bvshr</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">w</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">bvshr</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">y</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">cong_bvshr</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">#</span><span class="pl-en">w</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">#</span><span class="pl-en">y</span> <span class="pl-en">pf</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">cong_bvdiv</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">w</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">{</span><span class="pl-en">x</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">-&gt;</span>
+              <span class="pl-c1">#</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">w</span> <span class="pl-c1">==</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+               <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">bvdiv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">w</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">bvdiv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">y</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">cong_bvdiv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">#</span><span class="pl-en">w</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">#</span><span class="pl-en">y</span> <span class="pl-en">pf</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">cong_bvmod</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">w</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">{</span><span class="pl-en">x</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">-&gt;</span>
+              <span class="pl-c1">#</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">w</span> <span class="pl-c1">==</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+               <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">bvmod</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">w</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">bvmod</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">y</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">cong_bvmod</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">#</span><span class="pl-en">w</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">#</span><span class="pl-en">y</span> <span class="pl-en">pf</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">cong_bvmul</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">w</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+              <span class="pl-c1">#</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">w</span> <span class="pl-c1">==</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+               <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">bvmul</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">w</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">bvmul</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">y</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">cong_bvmul</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">#</span><span class="pl-en">w</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">#</span><span class="pl-en">y</span> <span class="pl-en">pf</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">cong_bvadd</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">w</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+              <span class="pl-c1">(#</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">z</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+              <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">w</span> <span class="pl-c1">==</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">z</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+              <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">bvadd</span> <span class="pl-en">w</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">bvadd</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">cong_bvadd</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">#</span><span class="pl-en">w</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">#</span><span class="pl-en">y</span> <span class="pl-c1">#</span><span class="pl-en">z</span> <span class="pl-en">pf1</span> <span class="pl-en">pf2</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">cong_bvsub</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">w</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+              <span class="pl-c1">(#</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">z</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+              <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">w</span> <span class="pl-c1">==</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">z</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+              <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">bvsub</span> <span class="pl-en">w</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">bvsub</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">cong_bvsub</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">#</span><span class="pl-en">w</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">#</span><span class="pl-en">y</span> <span class="pl-c1">#</span><span class="pl-en">z</span> <span class="pl-en">pf1</span> <span class="pl-en">pf2</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<p>Used to reduce the initial equation to an equation on bitvectors</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">eq_to_bv</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+              <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">eq_to_bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">#</span><span class="pl-en">y</span> <span class="pl-en">pf</span> <span class="pl-c1">=</span> <span class="pl-en">int2bv_lemma_2</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">x</span> <span class="pl-en">y</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lt_to_bv</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+              <span class="pl-c1">(</span><span class="pl-en">b2t</span> <span class="pl-c1">(</span><span class="pl-en">bvult</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">y</span><span class="pl-c1">)))</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">x</span> &lt; <span class="pl-en">y</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lt_to_bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">#</span><span class="pl-en">y</span> <span class="pl-en">pf</span> <span class="pl-c1">=</span> <span class="pl-en">int2bv_lemma_ult_2</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">x</span> <span class="pl-en">y</span></pre></div>
+<p>Creates two fresh variables and two equations of the form int2bv
+x = z /\ int2bv y = w. The above lemmas transform these two
+equations before finally instantiating them through reflexivity,
+leaving Z3 to solve z = w</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">trans</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">z</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">w</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+          <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">z</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">w</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">z</span> <span class="pl-c1">==</span> <span class="pl-en">w</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+          <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">trans</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">#</span><span class="pl-en">y</span> <span class="pl-c1">#</span><span class="pl-en">z</span> <span class="pl-c1">#</span><span class="pl-en">w</span> <span class="pl-en">pf1</span> <span class="pl-en">pf2</span> <span class="pl-en">pf3</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">trans_lt</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">z</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">w</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+          <span class="pl-c1">(</span><span class="pl-en">eq2</span> <span class="pl-c1">#(</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-en">x</span> <span class="pl-en">z</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">eq2</span> <span class="pl-c1">#(</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-en">y</span> <span class="pl-en">w</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">bvult</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">z</span> <span class="pl-en">w</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+          <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">bvult</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">trans_lt</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">#</span><span class="pl-en">y</span> <span class="pl-c1">#</span><span class="pl-en">z</span> <span class="pl-c1">#</span><span class="pl-en">w</span> <span class="pl-en">pf1</span> <span class="pl-en">pf2</span> <span class="pl-en">pf3</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">trans_lt2</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">z</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">w</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+          <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">z</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">int2bv</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">w</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">b2t</span> <span class="pl-c1">(</span><span class="pl-en">bvult</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">z</span> <span class="pl-en">w</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span>
+          <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">x</span> &lt; <span class="pl-en">y</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">trans_lt2</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">#</span><span class="pl-en">y</span> <span class="pl-c1">#</span><span class="pl-en">z</span> <span class="pl-c1">#</span><span class="pl-en">w</span> <span class="pl-en">pf1</span> <span class="pl-en">pf2</span> <span class="pl-en">pf3</span> <span class="pl-c1">=</span> <span class="pl-en">int2bv_lemma_ult_2</span> <span class="pl-en">x</span> <span class="pl-en">y</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">arith_expr_to_bv</span> <span class="pl-c1">(</span><span class="pl-en">e</span><span class="pl-c1">:</span><span class="pl-en">expr</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">e</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">NatToBv</span> <span class="pl-c1">(</span><span class="pl-c1">MulMod</span> <span class="pl-en">e1</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">|</span> <span class="pl-c1">MulMod</span> <span class="pl-en">e1</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">int2bv_mul</span><span class="pl-c1">);</span>
+        <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">cong_bvmul</span><span class="pl-c1">);</span>
+        <span class="pl-en">arith_expr_to_bv</span> <span class="pl-en">e1</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">NatToBv</span> <span class="pl-c1">(</span><span class="pl-c1">Umod</span> <span class="pl-en">e1</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">|</span> <span class="pl-c1">Umod</span> <span class="pl-en">e1</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">int2bv_mod</span><span class="pl-c1">);</span>
+        <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">cong_bvmod</span><span class="pl-c1">);</span>
+        <span class="pl-en">arith_expr_to_bv</span> <span class="pl-en">e1</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">NatToBv</span> <span class="pl-c1">(</span><span class="pl-c1">Udiv</span> <span class="pl-en">e1</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">|</span> <span class="pl-c1">Udiv</span> <span class="pl-en">e1</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">int2bv_div</span><span class="pl-c1">);</span>
+        <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">cong_bvdiv</span><span class="pl-c1">);</span>
+        <span class="pl-en">arith_expr_to_bv</span> <span class="pl-en">e1</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">NatToBv</span> <span class="pl-c1">(</span><span class="pl-c1">Shl</span> <span class="pl-en">e1</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">|</span> <span class="pl-c1">Shl</span> <span class="pl-en">e1</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">int2bv_shl</span><span class="pl-c1">);</span>
+        <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">cong_bvshl</span><span class="pl-c1">);</span>
+        <span class="pl-en">arith_expr_to_bv</span> <span class="pl-en">e1</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">NatToBv</span> <span class="pl-c1">(</span><span class="pl-c1">Shr</span> <span class="pl-en">e1</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">|</span> <span class="pl-c1">Shr</span> <span class="pl-en">e1</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">int2bv_shr</span><span class="pl-c1">);</span>
+        <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">cong_bvshr</span><span class="pl-c1">);</span>
+        <span class="pl-en">arith_expr_to_bv</span> <span class="pl-en">e1</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">NatToBv</span> <span class="pl-c1">(</span><span class="pl-c1">Land</span> <span class="pl-en">e1</span> <span class="pl-en">e2</span><span class="pl-c1">)</span> <span class="pl-c1">|</span> <span class="pl-c1">(</span><span class="pl-c1">Land</span> <span class="pl-en">e1</span> <span class="pl-en">e2</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">int2bv_logand</span><span class="pl-c1">);</span>
+        <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">cong_bvand</span><span class="pl-c1">);</span>
+        <span class="pl-en">arith_expr_to_bv</span> <span class="pl-en">e1</span><span class="pl-c1">;</span>
+        <span class="pl-en">arith_expr_to_bv</span> <span class="pl-en">e2</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">NatToBv</span> <span class="pl-c1">(</span><span class="pl-c1">Lxor</span> <span class="pl-en">e1</span> <span class="pl-en">e2</span><span class="pl-c1">)</span> <span class="pl-c1">|</span> <span class="pl-c1">(</span><span class="pl-c1">Lxor</span> <span class="pl-en">e1</span> <span class="pl-en">e2</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">int2bv_logxor</span><span class="pl-c1">);</span>
+        <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">cong_bvxor</span><span class="pl-c1">);</span>
+        <span class="pl-en">arith_expr_to_bv</span> <span class="pl-en">e1</span><span class="pl-c1">;</span>
+        <span class="pl-en">arith_expr_to_bv</span> <span class="pl-en">e2</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">NatToBv</span> <span class="pl-c1">(</span><span class="pl-c1">Lor</span> <span class="pl-en">e1</span> <span class="pl-en">e2</span><span class="pl-c1">)</span> <span class="pl-c1">|</span> <span class="pl-c1">(</span><span class="pl-c1">Lor</span> <span class="pl-en">e1</span> <span class="pl-en">e2</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">int2bv_logor</span><span class="pl-c1">);</span>
+        <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">cong_bvor</span><span class="pl-c1">);</span>
+        <span class="pl-en">arith_expr_to_bv</span> <span class="pl-en">e1</span><span class="pl-c1">;</span>
+        <span class="pl-en">arith_expr_to_bv</span> <span class="pl-en">e2</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">NatToBv</span> <span class="pl-c1">(</span><span class="pl-c1">Ladd</span> <span class="pl-en">e1</span> <span class="pl-en">e2</span><span class="pl-c1">)</span> <span class="pl-c1">|</span> <span class="pl-c1">(</span><span class="pl-c1">Ladd</span> <span class="pl-en">e1</span> <span class="pl-en">e2</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">int2bv_add</span><span class="pl-c1">);</span>
+        <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">cong_bvadd</span><span class="pl-c1">);</span>
+        <span class="pl-en">arith_expr_to_bv</span> <span class="pl-en">e1</span><span class="pl-c1">;</span>
+        <span class="pl-en">arith_expr_to_bv</span> <span class="pl-en">e2</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">NatToBv</span> <span class="pl-c1">(</span><span class="pl-c1">Lsub</span> <span class="pl-en">e1</span> <span class="pl-en">e2</span><span class="pl-c1">)</span> <span class="pl-c1">|</span> <span class="pl-c1">(</span><span class="pl-c1">Lsub</span> <span class="pl-en">e1</span> <span class="pl-en">e2</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">int2bv_sub</span><span class="pl-c1">);</span>
+        <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">cong_bvsub</span><span class="pl-c1">);</span>
+        <span class="pl-en">arith_expr_to_bv</span> <span class="pl-en">e1</span><span class="pl-c1">;</span>
+        <span class="pl-en">arith_expr_to_bv</span> <span class="pl-en">e2</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-en">trefl</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">arith_to_bv_tac</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span> <span class="pl-en">focus</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">norm</span> <span class="pl-c1">[</span><span class="pl-en">delta_only</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>FStar.BV.bvult<span class="pl-pds">"</span></span><span class="pl-c1">]];</span>
+    <span class="pl-k">let</span> <span class="pl-en">g</span> <span class="pl-c1">=</span> <span class="pl-en">cur_goal</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">f</span> <span class="pl-c1">=</span> <span class="pl-en">term_as_formula</span> <span class="pl-en">g</span> <span class="pl-k">in</span>
+    <span class="pl-k">match</span> <span class="pl-en">f</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Comp</span> <span class="pl-c1">(</span><span class="pl-c1">Eq</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span>
+     <span class="pl-k">begin</span> <span class="pl-k">match</span> <span class="pl-en">run_tm</span> <span class="pl-c1">(</span><span class="pl-en">as_arith_expr</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-k">with</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Inl</span> <span class="pl-en">s</span> <span class="pl-c1">-&gt;</span>
+          <span class="pl-en">dump</span> <span class="pl-en">s</span><span class="pl-c1">;</span>
+          <span class="pl-en">trefl</span> <span class="pl-c1">()</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Inr</span> <span class="pl-en">e</span> <span class="pl-c1">-&gt;</span></pre></div>
+<p>dump "inr arith_to_bv";</p>
+<div class="highlight highlight-source-fstar"><pre>            <span class="pl-en">seq</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">arith_expr_to_bv</span> <span class="pl-en">e</span><span class="pl-c1">)</span> <span class="pl-en">trefl</span>
+        <span class="pl-en">end</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-en">fail</span> <span class="pl-c1">(</span><span class="pl-s"><span class="pl-pds">"</span>arith_to_bv_tac: unexpected: <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">g</span><span class="pl-c1">)</span>
+<span class="pl-c1">)</span></pre></div>
+<p>As things are right now, we need to be able to parse NatToBv
+too. This can be useful, if we have mixed expressions so I'll leave it
+as is for now</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">bv_tac</span> <span class="pl-c1">()</span> <span class="pl-c1">=</span> <span class="pl-en">focus</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">mapply</span> <span class="pl-c1">(`</span><span class="pl-en">eq_to_bv</span><span class="pl-c1">);</span>
+  <span class="pl-en">mapply</span> <span class="pl-c1">(`</span><span class="pl-en">trans</span><span class="pl-c1">);</span>
+  <span class="pl-en">arith_to_bv_tac</span> <span class="pl-c1">();</span>
+  <span class="pl-en">arith_to_bv_tac</span> <span class="pl-c1">();</span>
+  <span class="pl-en">set_options</span> <span class="pl-s"><span class="pl-pds">"</span>--smtencoding.elim_box true<span class="pl-pds">"</span></span><span class="pl-c1">;</span>
+  <span class="pl-en">norm</span> <span class="pl-c1">[</span><span class="pl-en">delta</span><span class="pl-c1">]</span> <span class="pl-c1">;</span>
+  <span class="pl-en">smt</span> <span class="pl-c1">()</span>
+<span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">bv_tac_lt</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-en">focus</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-k">let</span> <span class="pl-en">nn</span> <span class="pl-c1">=</span> <span class="pl-en">pack_ln</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_Const</span> <span class="pl-c1">(</span><span class="pl-c1">C_Int</span> <span class="pl-en">n</span><span class="pl-c1">))</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">t</span> <span class="pl-c1">=</span> <span class="pl-en">mk_app</span> <span class="pl-c1">(`</span><span class="pl-en">trans_lt2</span><span class="pl-c1">)</span> <span class="pl-c1">[(</span><span class="pl-en">nn</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Implicit</span><span class="pl-c1">)]</span> <span class="pl-k">in</span>
+  <span class="pl-en">apply_lemma</span> <span class="pl-en">t</span><span class="pl-c1">;</span>
+  <span class="pl-en">arith_to_bv_tac</span> <span class="pl-c1">();</span>
+  <span class="pl-en">arith_to_bv_tac</span> <span class="pl-c1">();</span>
+  <span class="pl-en">set_options</span> <span class="pl-s"><span class="pl-pds">"</span>--smtencoding.elim_box true<span class="pl-pds">"</span></span><span class="pl-c1">;</span>
+  <span class="pl-en">smt</span> <span class="pl-c1">()</span>
+<span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">to_bv_tac</span> <span class="pl-c1">()</span>  <span class="pl-c1">=</span> <span class="pl-en">focus</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">eq_to_bv</span><span class="pl-c1">);</span>
+  <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">trans</span><span class="pl-c1">);</span>
+  <span class="pl-en">arith_to_bv_tac</span> <span class="pl-c1">();</span>
+  <span class="pl-en">arith_to_bv_tac</span> <span class="pl-c1">()</span>
+<span class="pl-c1">)</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Tactics.Builtins.html b/docs/FStar.Tactics.Builtins.html
index 11f1772..06d34ab 100644
--- a/docs/FStar.Tactics.Builtins.html
+++ b/docs/FStar.Tactics.Builtins.html
@@ -1,170 +1,420 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Tactics.Builtins</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.tactics.builtins">module FStar.Tactics.Builtins</h1>
-<p>Tactic primitives</p>
-<p>Every tactic primitive, i.e., those built into the compiler</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> top_env:Unidentified product: [<span class="dt">unit</span>] (Tac env)</code></pre></div>
-<p>[top_env] returns the environment where the tactic started running. * This works even if no goals are present.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> push_binder:Unidentified product: [env] Unidentified product: [binder] env</code></pre></div>
-<p>[push_binder] extends the environment with a single binder. This is useful as one traverses the syntax of a term, pushing binders as one traverses a binder in a lambda, match, etc. Note, the environment here is disconnected to (though perhaps derived from) the environment in the proofstate</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> fresh:Unidentified product: [<span class="dt">unit</span>] (Tac <span class="dt">int</span>)</code></pre></div>
-<p>[fresh ()] returns a fresh integer. It does not get reset when catching a failure.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> refine_intro:Unidentified product: [<span class="dt">unit</span>] (Tac <span class="dt">unit</span>)</code></pre></div>
-<p>[refine_intro] will turn a goal of shape [w : x:t{phi}] into [w : t] and [phi{w/x}]</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> tc:Unidentified product: [env] Unidentified product: [term] (Tac term)</code></pre></div>
-<p>[tc] returns the type of a term in [env], or fails if it is untypeable.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> tcc:Unidentified product: [env] Unidentified product: [term] (Tac comp)</code></pre></div>
-<p>[tcc] like [tc], but returns the full computation type with the effect label and its arguments (WPs, etc) as well</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> unshelve:Unidentified product: [term] (Tac <span class="dt">unit</span>)</code></pre></div>
-<p>[unshelve] creates a goal from a term for its given type. It can be used when the system decided not to present a goal, but you want one anyway. For example, if you request a uvar through [uvar_env] or [fresh_uvar], you might want to instantiate it explicitly.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> unquote:Unidentified product: [#a:Type] Unidentified product: [term] (Tac a)</code></pre></div>
-<p>[unquote t] with turn a quoted term [t] into an actual value, of any type. This will fail at tactic runtime if the quoted term does not typecheck to type [a].</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> catch:Unidentified product: [#a:Type] Unidentified product: [(Unidentified product: [<span class="dt">unit</span>] (Tac a))] (TacS (either exn a))</code></pre></div>
-<p>[catch t] will attempt to run [t] and allow to recover from a failure. If [t] succeeds with return value [a], [catch t] returns [Inr a]. On failure, it returns [Inl msg], where [msg] is the error [t] raised. See also [or_else].</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> trivial:Unidentified product: [<span class="dt">unit</span>] (Tac <span class="dt">unit</span>)</code></pre></div>
-<p>[trivial] will discharge the goal if it's exactly [True] after doing normalization and simplification of it.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> norm:Unidentified product: [list norm_step] (Tac <span class="dt">unit</span>)</code></pre></div>
-<p>[norm steps] will call the normalizer on the current goal's type and witness, with its reduction behaviour parameterized by the flags in [steps]. Currently, the flags (provided in Prims) are [simpl] (do logical simplifications) [whnf] (only reduce until weak head-normal-form) [primops] (performing primitive reductions, such as arithmetic and string operations) [delta] (unfold names) [zeta] (inline let bindings) [iota] (reduce match statements over constructors) [delta_only] (restrict delta to only unfold this list of fully-qualfied identifiers)</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> norm_term_env:Unidentified product: [env] Unidentified product: [list norm_step] Unidentified product: [term] (Tac term)</code></pre></div>
-<p>[norm_term_env e steps t] will call the normalizer on the term [t] using the list of steps [steps], over environment [e]. The list has the same meaning as for [norm].</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> norm_binder_type:Unidentified product: [list norm_step] Unidentified product: [binder] (Tac <span class="dt">unit</span>)</code></pre></div>
-<p>[norm_binder_type steps b] will call the normalizer on the type of the [b] binder for the current goal. Notably, this cannot be done via binder_retype and norm, because of uvars being resolved to lambda-abstractions.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> intro:Unidentified product: [<span class="dt">unit</span>] (Tac binder)</code></pre></div>
-<p>[intro] pushes the first argument of an arrow goal into the environment, turning [Gamma |- ?u : x:a -&gt; b] into [Gamma, x:a |- ?u' : b]. Note that this does not work for logical implications/forall. See FStar.Tactics.Logic for that.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> intro_rec:Unidentified product: [<span class="dt">unit</span>] (Tac <span class="co">(*(binder, binder)))</span></code></pre></div>
-<p>Similar to intros, but allows to build a recursive function. Currently broken (c.f. issue #1103)</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> rename_to:Unidentified product: [binder] Unidentified product: [<span class="dt">string</span>] (Tac <span class="dt">unit</span>)</code></pre></div>
-<p>[rename_to b nm] will rename the binder [b] to [nm] in the environment, goal, and witness in a safe manner. The only use of this is to make goals and terms more user readable.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> revert:Unidentified product: [<span class="dt">unit</span>] (Tac <span class="dt">unit</span>)</code></pre></div>
-<p>[revert] pushes out a binder from the environment into the goal type, so a behaviour opposite to [intros].</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> binder_retype:Unidentified product: [binder] (Tac <span class="dt">unit</span>)</code></pre></div>
-<p>[binder_retype] changes the type of a binder in the context. After calling it with a binder of type <code>t</code>, the user is presented with a goal of the form <code>t == ?u</code> to be filled. The original goal (following that one) has the type of <code>b</code> in the context replaced by <code>?u</code>.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> clear_top:Unidentified product: [<span class="dt">unit</span>] (Tac <span class="dt">unit</span>)</code></pre></div>
-<p>[clear_top] will drop the outermost binder from the environment. Can only be used if the goal does not at all depend on it.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> clear:Unidentified product: [binder] (Tac <span class="dt">unit</span>)</code></pre></div>
-<p>[clear] will drop the given binder from the context, is nothing depends on it.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> rewrite:Unidentified product: [binder] (Tac <span class="dt">unit</span>)</code></pre></div>
-<p>If [b] is a binder of type [v == r], [rewrite b] will rewrite the variable [v] for [r] everywhere in the current goal type and witness/</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> t_exact:Unidentified product: [<span class="dt">bool</span>] Unidentified product: [<span class="dt">bool</span>] Unidentified product: [term] (Tac <span class="dt">unit</span>)</code></pre></div>
-<p>First boolean is whether to attempt to intrpoduce a refinement before solving. In that case, a goal for the refinement formula will be added. Second boolean is whether to set the expected type internally. Just use <code>exact</code> from FStar.Tactics.Derived if you don't know what's up with all this.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> t_apply:Unidentified product: [<span class="dt">bool</span>] Unidentified product: [<span class="dt">bool</span>] Unidentified product: [term] (Tac <span class="dt">unit</span>)</code></pre></div>
-<p>Inner primitive for [apply], takes a boolean specifying whether to not ask for implicits that appear free in posterior goals. Example: when the boolean is true, applying transitivity to [|- a = c] will give two goals, [|- a = ?u] and [|- ?u = c] without asking to instantiate [?u] since it will most likely be constrained later by solving these goals. In any case, we track [?u] and will fail if it's not solved later.</p>
-<p>You probably want [apply] from FStar.Tactics.Derived.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> apply_lemma:Unidentified product: [term] (Tac <span class="dt">unit</span>)</code></pre></div>
-<p>[apply_lemma l] will solve a goal of type [squash phi] when [l] is a Lemma ensuring [phi]. The arguments to [l] and its requires clause are introduced as new goals. As a small optimization, [unit] arguments are discharged by the engine.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> print:Unidentified product: [<span class="dt">string</span>] (Tac <span class="dt">unit</span>)</code></pre></div>
-<p>[print str] has no effect on the proofstate, but will have the side effect of printing [str] on the compiler's standard output.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> debugging:Unidentified product: [<span class="dt">unit</span>] (Tac <span class="dt">bool</span>)</code></pre></div>
-<p>[debugging ()] returns true if the current module has the debug flag on, i.e. when [--debug MyModule --debug_level Tac] was passed in.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> dump:Unidentified product: [<span class="dt">string</span>] (Tac <span class="dt">unit</span>)</code></pre></div>
-<p>Similar to [print], but will dump a text representation of the proofstate along with the message.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> trefl:Unidentified product: [<span class="dt">unit</span>] (Tac <span class="dt">unit</span>)</code></pre></div>
-<p>Solves a goal [Gamma |= squash (l == r)] by attempting to unify [l] with [r]. This currently only exists because of some universe problems when trying to [apply] a reflexivity lemma.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> t_pointwise:Unidentified product: [direction] Unidentified product: [(Unidentified product: [<span class="dt">unit</span>] (Tac <span class="dt">unit</span>))] (Tac <span class="dt">unit</span>)</code></pre></div>
-<p>(TODO: explain bettter) When running [pointwise tau] For every subterm [t'] of the goal's type [t], the engine will build a goal [Gamma |= t' == ?u] and run [tau] on it. When the tactic proves the goal, the engine will rewrite [t'] for [?u] in the original goal type. This is done for every subterm, bottom-up. This allows to recurse over an unknown goal type. By inspecting the goal, the [tau] can then decide what to do (to not do anything, use [trefl]).</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> topdown_rewrite:Unidentified product: [(Unidentified product: [ctrl:term] (Tac <span class="co">(*(bool, int))))] Unidentified product: [(Unidentified product: [rw:unit] (Tac unit))] (Tac unit)</span></code></pre></div>
-<p>[topdown_rewrite ctrl rw] is used to rewrite those sub-terms [t] of the goal on which [fst (ctrl t)] returns true.</p>
-<pre><code>On each such sub-term, [rw] is presented with an equality of goal
-of the form [Gamma |= t == ?u]. When [rw] proves the goal,
-the engine will rewrite [t] for [?u] in the original goal
-type.
-
-The goal formula is traversed top-down and the traversal can be
-controlled by [snd (ctrl t)]:
-
-When [snd (ctrl t) = 0], the traversal continues down through the
-position in the goal term.
-
-When [snd (ctrl t) = 1], the traversal continues to the next
-sub-tree of the goal.
-
-When [snd (ctrl t) = 2], no more rewrites are performed in the
-goal.</code></pre>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> dup:Unidentified product: [<span class="dt">unit</span>] (Tac <span class="dt">unit</span>)</code></pre></div>
-<p>Given the current goal [Gamma |- w : t], [dup] will turn this goal into [Gamma |- ?u : t] and [Gamma |= ?u == w]. It can thus be used to change a goal's witness in any way needed, by choosing some [?u] (possibly with exact) and then solving the other goal.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> prune:Unidentified product: [<span class="dt">string</span>] (Tac <span class="dt">unit</span>)</code></pre></div>
-<p>[prune &quot;A.B.C&quot;] will mark all top-level definitions in module [A.B.C] (and submodules of it) to not be encoded to the SMT, for the current goal. The string is a namespace prefix. [prune &quot;&quot;] will prune everything, but note that [prune &quot;FStar.S&quot;] will not prune [&quot;FStar.Set&quot;].</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> addns:Unidentified product: [<span class="dt">string</span>] (Tac <span class="dt">unit</span>)</code></pre></div>
-<p>The opposite operation of [prune]. The latest one takes precedence.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> t_destruct:Unidentified product: [term] (Tac (list <span class="co">(*(fv, nat))))</span></code></pre></div>
-<p>Destruct a value of an inductive type by matching on it. The generated match has one branch for each constructor and is therefore trivially exhaustive, no VC is generated for that purpose. It returns a list with the fvars of each constructor and their arities, in the order they appear as goals.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> set_options:Unidentified product: [<span class="dt">string</span>] (Tac <span class="dt">unit</span>)</code></pre></div>
-<p>Set command line options for the current goal. Mostly useful to change SMT encoding options such as [set_options &quot;--z3rlimit 20&quot;].</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> uvar_env:Unidentified product: [env] Unidentified product: [<span class="dt">option</span> typ] (Tac term)</code></pre></div>
-<p>Creates a new, unconstrained unification variable in environment [env]. The type of the uvar can optionally be provided in [o]. If not provided, a second uvar is created for the type.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> unify_env:Unidentified product: [env] Unidentified product: [term] Unidentified product: [term] (Tac <span class="dt">bool</span>)</code></pre></div>
-<p>Call the unifier on two terms. The returned boolean specifies whether unification was possible. When the tactic returns true, the terms have been unified, instantiating uvars as needed. When false, unification was not possible and no change to uvars occurs.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> launch_process:Unidentified product: [<span class="dt">string</span>] Unidentified product: [list <span class="dt">string</span>] Unidentified product: [<span class="dt">string</span>] (Tac <span class="dt">string</span>)</code></pre></div>
-<p>Launches an external process [prog] with arguments [args] and input [input] and returns the output. For security reasons, this can only be performed when the <code>--unsafe_tactic_exec</code> options was provided for the current F* invocation. The tactic will fail if this is not so.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> fresh_bv_named:Unidentified product: [<span class="dt">string</span>] Unidentified product: [typ] (Tac bv)</code></pre></div>
-<p>Get a fresh bv of some name and type. The name is only useful for pretty-printing, since there is a fresh unaccessible integer within the bv too.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> change:Unidentified product: [typ] (Tac <span class="dt">unit</span>)</code></pre></div>
-<p>Change the goal to another type, given that it is convertible to the current type.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> get_guard_policy:Unidentified product: [<span class="dt">unit</span>] (Tac guard_policy)</code></pre></div>
-<p>Get the current guard policy. The guard policy specifies what should be done when a VC arises internally from the tactic engine. Options are SMT (mark it as an SMT goal), Goal (add it as an extra goal) and Force (only allow trivial guards, that need no SMT.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> set_guard_policy:Unidentified product: [guard_policy] (Tac <span class="dt">unit</span>)</code></pre></div>
+<h1>
+<a id="user-content-fstartacticsbuiltins" class="anchor" href="#fstartacticsbuiltins" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Tactics.Builtins</h1>
+<p>Every tactic primitive, i.e., those built into the compiler
+@summary Tactic primitives</p>
+<ul>
+<li>Opens module <a href="FStar.Tactics.Effect.html">FStar.Tactics.Effect</a>
+</li>
+<li>Opens module <a href="FStar.Reflection.Types.html">FStar.Reflection.Types</a>
+</li>
+<li>Opens module <a href="FStar.Reflection.Data.html">FStar.Reflection.Data</a>
+</li>
+<li>Opens module <a href="FStar.Tactics.Types.html">FStar.Tactics.Types</a>
+</li>
+<li>Opens module <a href="FStar.Tactics.Result.html">FStar.Tactics.Result</a>
+</li>
+</ul>
+<h4>
+<a id="user-content-top_env" class="anchor" href="#top_env" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>top_env</h4>
+<p><a href="#top_env"><code>top_env</code></a> returns the environment where the tactic started running.</p>
+<ul>
+<li>This works even if no goals are present.</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">top_env</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">env</span></pre></div>
+<h4>
+<a id="user-content-fresh" class="anchor" href="#fresh" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>fresh</h4>
+<p><code>fresh ()</code> returns a fresh integer. It does not get reset when
+catching a failure.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">fresh</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">int</span></pre></div>
+<h4>
+<a id="user-content-refine_intro" class="anchor" href="#refine_intro" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>refine_intro</h4>
+<p><a href="#refine_intro"><code>refine_intro</code></a> will turn a goal of shape <code>w : x:t{phi}</code>
+into <code>w : t</code> and <code>phi{w/x}</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">refine_intro</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-tc" class="anchor" href="#tc" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>tc</h4>
+<p><a href="#tc"><code>tc</code></a> returns the type of a term in <code>env</code>,
+or fails if it is untypeable.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">tc</span> <span class="pl-c1">:</span> <span class="pl-en">env</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span></pre></div>
+<h4>
+<a id="user-content-tcc" class="anchor" href="#tcc" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>tcc</h4>
+<p><a href="#tcc"><code>tcc</code></a> like <a href="#tc"><code>tc</code></a>, but returns the full computation type
+with the effect label and its arguments (WPs, etc) as well</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">tcc</span> <span class="pl-c1">:</span> <span class="pl-en">env</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">comp</span></pre></div>
+<h4>
+<a id="user-content-unshelve" class="anchor" href="#unshelve" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>unshelve</h4>
+<p><a href="#unshelve"><code>unshelve</code></a> creates a goal from a term for its given type.
+It can be used when the system decided not to present a goal, but
+you want one anyway. For example, if you request a uvar through
+<a href="#uvar_env"><code>uvar_env</code></a> or <code>fresh_uvar</code>, you might want to instantiate it
+explicitly.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">unshelve</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-unquote" class="anchor" href="#unquote" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>unquote</h4>
+<p><code>unquote t</code> with turn a quoted term <code>t</code> into an actual value, of
+any type. This will fail at tactic runtime if the quoted term does not
+typecheck to type <code>a</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">unquote</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">a</span></pre></div>
+<h4>
+<a id="user-content-catch" class="anchor" href="#catch" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>catch</h4>
+<p><code>catch t</code> will attempt to run <code>t</code> and allow to recover from a
+failure. If <code>t</code> succeeds with return value <code>a</code>, <code>catch t</code> returns <code>Inr a</code>. On failure, it returns <code>Inl msg</code>, where <code>msg</code> is the error <code>t</code>
+raised, and all unionfind effects are reverted. See also <a href="#recover"><code>recover</code></a> and
+<code>or_else</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">catch</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">TacS</span> <span class="pl-c1">(</span><span class="pl-en">either</span> <span class="pl-en">exn</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-recover" class="anchor" href="#recover" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>recover</h4>
+<p>Like <code>catch t</code>, but will not discard unionfind effects on failure.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">recover</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">TacS</span> <span class="pl-c1">(</span><span class="pl-en">either</span> <span class="pl-en">exn</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-norm" class="anchor" href="#norm" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>norm</h4>
+<p><code>norm steps</code> will call the normalizer on the current goal's
+type and witness, with its reduction behaviour parameterized
+by the flags in <code>steps</code>.
+Currently, the flags (provided in Prims) are
+<code>simpl</code> (do logical simplifications)
+<code>whnf</code> (only reduce until weak head-normal-form)
+<code>primops</code> (performing primitive reductions, such as arithmetic and
+string operations)
+<code>delta</code> (unfold names)
+<code>zeta</code> (unroll let rec bindings, but with heuristics to avoid loops)
+<code>zeta_full</code> (unroll let rec bindings fully)
+<code>iota</code> (reduce match statements over constructors)
+<code>delta_only</code> (restrict delta to only unfold this list of fully-qualfied identifiers)</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">norm</span>  <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">norm_step</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-norm_term_env" class="anchor" href="#norm_term_env" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>norm_term_env</h4>
+<p><code>norm_term_env e steps t</code> will call the normalizer on the term <code>t</code>
+using the list of steps <code>steps</code>, over environment <code>e</code>. The list has the same meaning as for <a href="#norm"><code>norm</code></a>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">norm_term_env</span>  <span class="pl-c1">:</span> <span class="pl-en">env</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-en">norm_step</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span></pre></div>
+<h4>
+<a id="user-content-norm_binder_type" class="anchor" href="#norm_binder_type" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>norm_binder_type</h4>
+<p><code>norm_binder_type steps b</code> will call the normalizer on the type of the <code>b</code>
+binder for the current goal. Notably, this cannot be done via binder_retype and norm,
+because of uvars being resolved to lambda-abstractions.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">norm_binder_type</span>  <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">norm_step</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">binder</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-intro" class="anchor" href="#intro" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>intro</h4>
+<p><a href="#intro"><code>intro</code></a> pushes the first argument of an arrow goal into the
+environment, turning <code>Gamma |- ?u : x:a -&gt; b</code> into <code>Gamma, x:a |- ?u' : b</code>.
+Note that this does not work for logical implications/forall. See
+FStar.Tactics.Logic for that.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">intro</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">binder</span></pre></div>
+<h4>
+<a id="user-content-intro_rec" class="anchor" href="#intro_rec" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>intro_rec</h4>
+<p>Similar to intros, but allows to build a recursive function.
+Currently broken (c.f. issue #1103)</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">intro_rec</span>  <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">binder</span> * <span class="pl-en">binder</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-rename_to" class="anchor" href="#rename_to" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>rename_to</h4>
+<p><code>rename_to b nm</code> will rename the binder <code>b</code> to <code>nm</code> in
+the environment, goal, and witness in a safe manner. The only use of this
+is to make goals and terms more user readable. The primitive returns
+the new binder, since the old one disappears from the context.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">rename_to</span>  <span class="pl-c1">:</span> <span class="pl-en">binder</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">binder</span></pre></div>
+<h4>
+<a id="user-content-revert" class="anchor" href="#revert" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>revert</h4>
+<p><a href="#revert"><code>revert</code></a> pushes out a binder from the environment into the goal type,
+so a behaviour opposite to <code>intros</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">revert</span>  <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-binder_retype" class="anchor" href="#binder_retype" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>binder_retype</h4>
+<p><a href="#binder_retype"><code>binder_retype</code></a> changes the type of a binder in the context. After calling it
+with a binder of type <code>t</code>, the user is presented with a goal of the form <code>t == ?u</code>
+to be filled. The original goal (following that one) has the type of <code>b</code> in the
+context replaced by <code>?u</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">binder_retype</span>  <span class="pl-c1">:</span> <span class="pl-en">binder</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-clear_top" class="anchor" href="#clear_top" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>clear_top</h4>
+<p><a href="#clear_top"><code>clear_top</code></a> will drop the outermost binder from the environment.
+Can only be used if the goal does not at all depend on it.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">clear_top</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-clear" class="anchor" href="#clear" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>clear</h4>
+<p><a href="#clear"><code>clear</code></a> will drop the given binder from the context, is
+nothing depends on it.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">clear</span> <span class="pl-c1">:</span> <span class="pl-en">binder</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-rewrite" class="anchor" href="#rewrite" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>rewrite</h4>
+<p>If <code>b</code> is a binder of type <code>v == r</code>, <code>rewrite b</code> will rewrite
+the variable <code>v</code> for <code>r</code> everywhere in the current goal type and witness/</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">rewrite</span> <span class="pl-c1">:</span> <span class="pl-en">binder</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-t_exact" class="anchor" href="#t_exact" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>t_exact</h4>
+<p>First boolean is whether to attempt to intrpoduce a refinement
+before solving. In that case, a goal for the refinement formula will be
+added. Second boolean is whether to set the expected type internally.
+Just use <code>exact</code> from FStar.Tactics.Derived if you don't know what's up
+with all this.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">t_exact</span> <span class="pl-c1">:</span> <span class="pl-c1">bool</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">bool</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-t_apply" class="anchor" href="#t_apply" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>t_apply</h4>
+<p>Inner primitive for <code>apply</code>, takes a boolean specifying whether
+to not ask for implicits that appear free in posterior goals, and a
+boolean specifying whether it's forbidden to instantiate uvars in the
+goal.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">t_apply</span> <span class="pl-c1">:</span> <span class="pl-en">uopt</span><span class="pl-c1">:bool</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">noinst</span><span class="pl-c1">:bool</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span></pre></div>
+<p>Example: when <code>uopt</code> is true, applying transitivity to <code>|- a = c</code>
+will give two goals, <code>|- a = ?u</code> and <code>|- ?u = c</code> without asking to
+instantiate <code>?u</code> since it will most likely be constrained later by
+solving these goals. In any case, we track <code>?u</code> and will fail if it's
+not solved later.</p>
+<p>Example: when <code>noinst</code> is true, applying a function returning
+<code>1 = 2</code> will fail on a goal of the shape <code>1 = ?u</code> since it must
+instantiate <code>?u</code>. We use this in typeclass resolution.</p>
+<p>You may want <code>apply</code> from FStar.Tactics.Derived, or one of
+the other user facing variants.</p>
+<h4>
+<a id="user-content-t_apply_lemma" class="anchor" href="#t_apply_lemma" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>t_apply_lemma</h4>
+<p><code>t_apply_lemma ni nilhs l</code> will solve a goal of type <code>squash phi</code>
+when <code>l</code> is a Lemma ensuring <code>phi</code>. The arguments to <code>l</code> and its
+requires clause are introduced as new goals. As a small optimization,
+<code>unit</code> arguments are discharged by the engine. For the meanining of
+the <code>noinst</code> boolean arg see <a href="#t_apply"><code>t_apply</code></a>, briefly, it does not allow to
+instantiate uvars in the goal. The <code>noinst_lhs</code> flag is similar, it
+forbids instantiating uvars <em>but only on the LHS of the goal</em>, provided
+the goal is an equality. It is meant to be useful for rewrite-goals, of
+the shape <code>X = ?u</code>. Setting <code>noinst</code> means <code>noinst_lhs</code> is ignored.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">t_apply_lemma</span> <span class="pl-c1">:</span> <span class="pl-en">noinst</span><span class="pl-c1">:bool</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">noinst_lhs</span><span class="pl-c1">:bool</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span></pre></div>
+<p>TODO: do the unit thing too for <code>apply</code>.</p>
+<h4>
+<a id="user-content-print" class="anchor" href="#print" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>print</h4>
+<p><code>print str</code> has no effect on the proofstate, but will have the side effect
+of printing <code>str</code> on the compiler's standard output.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">print</span> <span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-debugging" class="anchor" href="#debugging" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>debugging</h4>
+<p><code>debugging ()</code> returns true if the current module has the debug flag
+on, i.e. when <code>--debug MyModule --debug_level Tac</code> was passed in.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">debugging</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">bool</span></pre></div>
+<h4>
+<a id="user-content-dump" class="anchor" href="#dump" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>dump</h4>
+<p>Similar to <a href="#print"><code>print</code></a>, but will dump a text representation of the proofstate
+along with the message.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">dump</span> <span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-dump_all" class="anchor" href="#dump_all" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>dump_all</h4>
+<p>Similar to <a href="#dump"><code>dump</code></a>, but will print <em>every</em> unsolved implicit
+in the proofstate, not only the visible/focused goals. When the
+<code>print_resolved</code> boolean is true, it will also print every solved goal.
+Warning, these can be a <em>lot</em>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">dump_all</span> <span class="pl-c1">:</span> <span class="pl-en">print_resolved</span><span class="pl-c1">:bool</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-dump_uvars_of" class="anchor" href="#dump_uvars_of" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>dump_uvars_of</h4>
+<p>Will print a goal for every unresolved implicit in the provided goal.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">dump_uvars_of</span> <span class="pl-c1">:</span> <span class="pl-en">goal</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-t_trefl" class="anchor" href="#t_trefl" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>t_trefl</h4>
+<p>Solves a goal <code>Gamma |= squash (l == r)</code> by attempting to unify
+<code>l</code> with <code>r</code>. This currently only exists because of some universe
+problems when trying to <code>apply</code> a reflexivity lemma. When <code>allow_guards</code>
+is <code>true</code>, it is allowed that (some) guards are raised during the
+unification process and added as a single goal to be discharged later.
+Currently, the only guards allowed here are for equating refinement
+types (e.g. <code>x:int{x&gt;0}</code> and <code>x:int{0&lt;x}</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">t_trefl</span> <span class="pl-c1">:</span> <span class="pl-en">allow_guards</span><span class="pl-c1">:bool</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-t_commute_applied_match" class="anchor" href="#t_commute_applied_match" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>t_commute_applied_match</h4>
+<p>Provides a proof for the equality
+[(match e with ... | pi -&gt; ei ...) a1 .. an
+== (match e with ... | pi -&gt; e1 a1 .. an)].
+This is particularly useful to rewrite the expression on the left to the
+one on the right when the RHS is actually a unification variable.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">t_commute_applied_match</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-ctrl_rewrite" class="anchor" href="#ctrl_rewrite" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>ctrl_rewrite</h4>
+<p><a href="#ctrl_rewrite"><code>ctrl_rewrite</code></a> will traverse the current goal, and call <code>ctrl</code></p>
+<ul>
+<li>repeatedly on subterms. When <code>ctrl t</code> returns <code>(true, _)</code>, the</li>
+<li>tactic will call <code>rw</code> with a goal of type <code>t = ?u</code>, which once</li>
+<li>solved will rewrite <code>t</code> to the solution of <code>?u</code>. No goal is</li>
+<li>made if <code>ctrl t</code> returns <code>(false, _)</code>.</li>
+<li>
+</li>
+<li>The second component of the return value of <code>ctrl</code> specifies</li>
+<li>whether for continue descending in the goal or not. It can</li>
+<li>either be:</li>
+<li>
+<ul>
+<li>Continue: keep on with further subterms</li>
+</ul>
+</li>
+<li>
+<ul>
+<li>Skip: stop descending in this tree</li>
+</ul>
+</li>
+<li>
+<ul>
+<li>Abort: stop everything</li>
+</ul>
+</li>
+<li>
+</li>
+<li>The first argument is the direction, <code>TopDown</code> or <code>BottomUp</code>. It</li>
+<li>specifies how the AST of the goal is traversed (preorder or postorder).</li>
+<li>
+</li>
+<li>Note: for <code>BottomUp</code> a <code>Skip</code> means to stop trying to rewrite everything</li>
+<li>from the current node up to the root, but still consider sibilings. This</li>
+<li>means that <code>ctrl_rewrite BottomUp (fun _ -&gt; (true, Skip)) t</code> will call <code>t</code>
+</li>
+<li>for every leaf node in the AST.</li>
+<li>
+</li>
+<li>See <code>pointwise</code> and <code>topdown_rewrite</code> for more friendly versions.</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">ctrl_rewrite</span> <span class="pl-c1">:</span>
+    <span class="pl-en">direction</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">ctrl</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(bool</span> <span class="pl-c1">&amp;</span> <span class="pl-en">ctrl_flag</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">rw</span><span class="pl-c1">:unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-dup" class="anchor" href="#dup" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>dup</h4>
+<p>Given the current goal <code>Gamma |- w : t</code>,
+<a href="#dup"><code>dup</code></a> will turn this goal into
+<code>Gamma |- ?u : t</code> and
+<code>Gamma |= ?u == w</code>. It can thus be used to change
+a goal's witness in any way needed, by choosing
+some <code>?u</code> (possibly with exact) and then solving the other goal.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">dup</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span></pre></div>
+<p>Proof namespace management</p>
+<h4>
+<a id="user-content-prune" class="anchor" href="#prune" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>prune</h4>
+<p><code>prune "A.B.C"</code> will mark all top-level definitions in module
+<code>A.B.C</code> (and submodules of it) to not be encoded to the SMT, for the current goal.
+The string is a namespace prefix. <code>prune ""</code> will prune everything, but note
+that <code>prune "FStar.S"</code> will not prune <code>"FStar.Set"</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">prune</span> <span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-addns" class="anchor" href="#addns" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>addns</h4>
+<p>The opposite operation of <a href="#prune"><code>prune</code></a>. The latest one takes precedence.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">addns</span> <span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-t_destruct" class="anchor" href="#t_destruct" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>t_destruct</h4>
+<p>Destruct a value of an inductive type by matching on it. The generated
+match has one branch for each constructor and is therefore trivially
+exhaustive, no VC is generated for that purpose. It returns a list
+with the fvars of each constructor and their arities, in the order
+they appear as goals.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">t_destruct</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">fv</span> * <span class="pl-c1">nat))</span></pre></div>
+<h4>
+<a id="user-content-set_options" class="anchor" href="#set_options" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>set_options</h4>
+<p>Set command line options for the current goal. Mostly useful to
+change SMT encoding options such as <code>set_options "--z3rlimit 20"</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">set_options</span> <span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-uvar_env" class="anchor" href="#uvar_env" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>uvar_env</h4>
+<p>Creates a new, unconstrained unification variable in environment
+<code>env</code>. The type of the uvar can optionally be provided in <code>o</code>. If not
+provided, a second uvar is created for the type.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">uvar_env</span> <span class="pl-c1">:</span> <span class="pl-en">env</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">option</span> <span class="pl-en">typ</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span></pre></div>
+<h4>
+<a id="user-content-unify_env" class="anchor" href="#unify_env" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>unify_env</h4>
+<p>Call the unifier on two terms. The returned boolean specifies
+whether unification was possible. When the tactic returns true, the
+terms have been unified, instantiating uvars as needed. When false,
+unification was not possible and no change to uvars occurs.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">unify_env</span> <span class="pl-c1">:</span> <span class="pl-en">env</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t1</span><span class="pl-c1">:</span><span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t2</span><span class="pl-c1">:</span><span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">bool</span></pre></div>
+<h4>
+<a id="user-content-unify_guard_env" class="anchor" href="#unify_guard_env" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>unify_guard_env</h4>
+<p>Similar to <a href="#unify_env"><code>unify_env</code></a>, but allows for some guards to be raised
+during unification (see <a href="#t_trefl"><code>t_trefl</code></a> for an explanation). Will add a new
+goal with the guard.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">unify_guard_env</span> <span class="pl-c1">:</span> <span class="pl-en">env</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t1</span><span class="pl-c1">:</span><span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t2</span><span class="pl-c1">:</span><span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">bool</span></pre></div>
+<h4>
+<a id="user-content-match_env" class="anchor" href="#match_env" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>match_env</h4>
+<p>Check if <code>t1</code> matches <code>t2</code>, i.e., whether <code>t2</code> can have its uvars
+instantiated into unifying with <code>t1</code>. When the tactic returns true, the
+terms have been unified, instantiating uvars as needed. When false,
+matching was not possible and no change to uvars occurs.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">match_env</span> <span class="pl-c1">:</span> <span class="pl-en">env</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t1</span><span class="pl-c1">:</span><span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t2</span><span class="pl-c1">:</span><span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">bool</span></pre></div>
+<h4>
+<a id="user-content-launch_process" class="anchor" href="#launch_process" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>launch_process</h4>
+<p>Launches an external process <code>prog</code> with arguments <code>args</code> and input
+<code>input</code> and returns the output. For security reasons, this can only be
+performed when the <code>--unsafe_tactic_exec</code> options was provided for the
+current F* invocation. The tactic will fail if this is not so.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">launch_process</span> <span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">string</span></pre></div>
+<h4>
+<a id="user-content-fresh_bv_named" class="anchor" href="#fresh_bv_named" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>fresh_bv_named</h4>
+<p>Get a fresh bv of some name and type. The name is only useful
+for pretty-printing, since there is a fresh unaccessible integer within
+the bv too.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">fresh_bv_named</span> <span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">typ</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">bv</span></pre></div>
+<h4>
+<a id="user-content-change" class="anchor" href="#change" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>change</h4>
+<p>Change the goal to another type, given that it is convertible
+to the current type.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">change</span> <span class="pl-c1">:</span> <span class="pl-en">typ</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-get_guard_policy" class="anchor" href="#get_guard_policy" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>get_guard_policy</h4>
+<p>Get the current guard policy. The guard policy specifies what should
+be done when a VC arises internally from the tactic engine. Options
+are SMT (mark it as an SMT goal), Goal (add it as an extra goal)
+and Force (only allow trivial guards, that need no SMT.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">get_guard_policy</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">guard_policy</span></pre></div>
+<h4>
+<a id="user-content-set_guard_policy" class="anchor" href="#set_guard_policy" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>set_guard_policy</h4>
 <p>Set the current guard policy. See [get_guard_policy} for an explanation</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> lax_on:Unidentified product: [<span class="dt">unit</span>] (Tac <span class="dt">bool</span>)</code></pre></div>
-<p>[lax_on] returns true iff the current environment has the <code>--lax</code> option set, and thus drops all verification conditions.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> tadmit_t:Unidentified product: [term] (Tac <span class="dt">unit</span>)</code></pre></div>
-<p>Admit the current goal and set the witness to the given term. Absolutely unsafe. Raises a warning.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> inspect:Unidentified product: [term] (Tac term_view)</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">set_guard_policy</span> <span class="pl-c1">:</span> <span class="pl-en">guard_policy</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-lax_on" class="anchor" href="#lax_on" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lax_on</h4>
+<p><a href="#lax_on"><code>lax_on</code></a> returns true iff the current environment has the
+<code>--lax</code> option set, and thus drops all verification conditions.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lax_on</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">bool</span></pre></div>
+<h4>
+<a id="user-content-tadmit_t" class="anchor" href="#tadmit_t" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>tadmit_t</h4>
+<p>Admit the current goal and set the witness to the given term.
+Absolutely unsafe. Raises a warning.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">tadmit_t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-inspect" class="anchor" href="#inspect" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>inspect</h4>
 <p>View a term in a fully-named representation</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> pack:Unidentified product: [term_view] (Tac term)</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">inspect</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">term_view</span></pre></div>
+<h4>
+<a id="user-content-pack" class="anchor" href="#pack" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>pack</h4>
 <p>Pack a term view on a fully-named representation back into a term</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> join:Unidentified product: [<span class="dt">unit</span>] (Tac <span class="dt">unit</span>)</code></pre></div>
-<p>Join the first two goals, which must be irrelevant, in a single one by finding a maximal prefix of their environment and reverting appropriately. Useful to minimize SMT queries that share internal obligations.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> set_goals:Unidentified product: [list goal] (Tac <span class="dt">unit</span>)</code></pre></div>
-<p>Set the current set of active goals at will. Obligations remain in the implicits.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> set_smt_goals:Unidentified product: [list goal] (Tac <span class="dt">unit</span>)</code></pre></div>
-<p>Set the current set of SMT goals at will. Obligations remain in the implicits. TODO: This is a really bad name, there's no special &quot;SMT&quot; about these goals.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> curms:Unidentified product: [<span class="dt">unit</span>] (Tac <span class="dt">int</span>)</code></pre></div>
-<p>[curms ()] returns the current (wall) time in millseconds</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">pack</span>    <span class="pl-c1">:</span> <span class="pl-en">term_view</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span></pre></div>
+<h4>
+<a id="user-content-join" class="anchor" href="#join" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>join</h4>
+<p>Join the first two goals, which must be irrelevant, in a single
+one by finding a maximal prefix of their environment and reverting
+appropriately. Useful to minimize SMT queries that share internal
+obligations.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">join</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span></pre></div>
+<p>Local metastate via a string-keyed map. <code>lget</code> fails if the
+found element is not typeable at the requested type.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lget</span>     <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">a</span>
+<span class="pl-k">val</span> <span class="pl-en">lset</span>     <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-set_goals" class="anchor" href="#set_goals" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>set_goals</h4>
+<p>Set the current set of active goals at will. Obligations remain
+in the implicits.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">set_goals</span>     <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">goal</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-set_smt_goals" class="anchor" href="#set_smt_goals" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>set_smt_goals</h4>
+<p>Set the current set of SMT goals at will. Obligations remain in the
+implicits. TODO: This is a really bad name, there's no special "SMT"
+about these goals.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">set_smt_goals</span> <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">goal</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span></pre></div>
+<h4>
+<a id="user-content-curms" class="anchor" href="#curms" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>curms</h4>
+<p><code>curms ()</code> returns the current (wall) time in millseconds</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">curms</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">int</span></pre></div>
+<h4>
+<a id="user-content-set_urgency" class="anchor" href="#set_urgency" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>set_urgency</h4>
+<p><code>set_urgency u</code> sets the urgency of error messages. Usually set just
+before raising an exception (see e.g. <code>fail_silently</code>).</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">set_urgency</span> <span class="pl-c1">:</span> <span class="pl-c1">int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Tactics.Canon.html b/docs/FStar.Tactics.Canon.html
index 35c0ec3..d7f89ac 100644
--- a/docs/FStar.Tactics.Canon.html
+++ b/docs/FStar.Tactics.Canon.html
@@ -1,16 +1,235 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Tactics.Canon</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.tactics.canon">module FStar.Tactics.Canon</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstartacticscanon" class="anchor" href="#fstartacticscanon" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Tactics.Canon</h1>
+<ul>
+<li>Opens module <a href="FStar.Tactics.html">FStar.Tactics</a>
+</li>
+<li>Opens module <a href="FStar.Reflection.html">FStar.Reflection</a>
+</li>
+<li>Opens module <a href="FStar.Reflection.Arith.html">FStar.Reflection.Arith</a>
+</li>
+<li>Opens module <a href="FStar.Mul.html">FStar.Mul</a>
+</li>
+<li>Aliases module <a href="FStar.Order.html"> FStar.Order</a> as <code>O </code>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">val</span> <span class="pl-en">distr</span> <span class="pl-c1">:</span> <span class="pl-c1">(#</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">y</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">z</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">x</span> * <span class="pl-c1">(</span><span class="pl-en">y</span> <span class="pl-c1">+</span> <span class="pl-en">z</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">x</span> * <span class="pl-en">y</span> <span class="pl-c1">+</span> <span class="pl-en">x</span> * <span class="pl-en">z</span><span class="pl-c1">)</span>
+<span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">distr</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">#</span><span class="pl-en">y</span> <span class="pl-c1">#</span><span class="pl-en">z</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">val</span> <span class="pl-en">distl</span> <span class="pl-c1">:</span> <span class="pl-c1">(#</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">y</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">z</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">x</span> <span class="pl-c1">+</span> <span class="pl-en">y</span><span class="pl-c1">)</span> * <span class="pl-en">z</span> <span class="pl-c1">==</span> <span class="pl-en">x</span> * <span class="pl-en">z</span> <span class="pl-c1">+</span> <span class="pl-en">y</span> * <span class="pl-en">z</span><span class="pl-c1">)</span>
+<span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">distl</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">#</span><span class="pl-en">y</span> <span class="pl-c1">#</span><span class="pl-en">z</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">val</span> <span class="pl-en">ass_plus_l</span> <span class="pl-c1">:</span> <span class="pl-c1">(#</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">y</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">z</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">+</span> <span class="pl-c1">(</span><span class="pl-en">y</span> <span class="pl-c1">+</span> <span class="pl-en">z</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">+</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-en">z</span><span class="pl-c1">)</span>
+<span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">ass_plus_l</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">#</span><span class="pl-en">y</span> <span class="pl-c1">#</span><span class="pl-en">z</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">val</span> <span class="pl-en">ass_mult_l</span> <span class="pl-c1">:</span> <span class="pl-c1">(#</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">y</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">z</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">x</span> * <span class="pl-c1">(</span><span class="pl-en">y</span> * <span class="pl-en">z</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-en">x</span> * <span class="pl-en">y</span><span class="pl-c1">)</span> * <span class="pl-en">z</span><span class="pl-c1">)</span>
+<span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">ass_mult_l</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">#</span><span class="pl-en">y</span> <span class="pl-c1">#</span><span class="pl-en">z</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">val</span> <span class="pl-en">comm_plus</span> <span class="pl-c1">:</span> <span class="pl-c1">(#</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">y</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">+</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">y</span> <span class="pl-c1">+</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+<span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">comm_plus</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">#</span><span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">val</span> <span class="pl-en">sw_plus</span> <span class="pl-c1">:</span> <span class="pl-c1">(#</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">y</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">z</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">x</span> <span class="pl-c1">+</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-en">z</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">+</span> <span class="pl-en">z</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+<span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">sw_plus</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">#</span><span class="pl-en">y</span> <span class="pl-c1">#</span><span class="pl-en">z</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">val</span> <span class="pl-en">sw_mult</span> <span class="pl-c1">:</span> <span class="pl-c1">(#</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">y</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">z</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">x</span> * <span class="pl-en">y</span><span class="pl-c1">)</span> * <span class="pl-en">z</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-en">x</span> * <span class="pl-en">z</span><span class="pl-c1">)</span> * <span class="pl-en">y</span><span class="pl-c1">)</span>
+<span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">sw_mult</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">#</span><span class="pl-en">y</span> <span class="pl-c1">#</span><span class="pl-en">z</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">val</span> <span class="pl-en">comm_mult</span> <span class="pl-c1">:</span> <span class="pl-c1">(#</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">y</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">x</span> * <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">y</span> * <span class="pl-en">x</span><span class="pl-c1">)</span>
+<span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">comm_mult</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">#</span><span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">val</span> <span class="pl-en">trans</span> <span class="pl-c1">:</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">z</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+                    <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">z</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">z</span><span class="pl-c1">)</span>
+<span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">trans</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">#</span><span class="pl-en">z</span> <span class="pl-c1">#</span><span class="pl-en">y</span> <span class="pl-en">e1</span> <span class="pl-en">e2</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">val</span> <span class="pl-en">cong_plus</span> <span class="pl-c1">:</span> <span class="pl-c1">(#</span><span class="pl-en">w</span><span class="pl-c1">:int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">x</span><span class="pl-c1">:int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">y</span><span class="pl-c1">:int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">z</span><span class="pl-c1">:int)</span> <span class="pl-c1">-&gt;</span>
+                <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">w</span> <span class="pl-c1">==</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">z</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+                <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">w</span> <span class="pl-c1">+</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">y</span> <span class="pl-c1">+</span> <span class="pl-en">z</span><span class="pl-c1">)</span>
+<span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">cong_plus</span> <span class="pl-c1">#</span><span class="pl-en">w</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">#</span><span class="pl-en">y</span> <span class="pl-c1">#</span><span class="pl-en">z</span> <span class="pl-en">p</span> <span class="pl-en">q</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">val</span> <span class="pl-en">cong_mult</span> <span class="pl-c1">:</span> <span class="pl-c1">(#</span><span class="pl-en">w</span><span class="pl-c1">:int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">x</span><span class="pl-c1">:int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">y</span><span class="pl-c1">:int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">z</span><span class="pl-c1">:int)</span> <span class="pl-c1">-&gt;</span>
+                <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">w</span> <span class="pl-c1">==</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">z</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+                <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">w</span> * <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">y</span> * <span class="pl-en">z</span><span class="pl-c1">)</span>
+<span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">cong_mult</span> <span class="pl-c1">#</span><span class="pl-en">w</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">#</span><span class="pl-en">y</span> <span class="pl-c1">#</span><span class="pl-en">z</span> <span class="pl-en">p</span> <span class="pl-en">q</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">val</span> <span class="pl-en">neg_minus_one</span> <span class="pl-c1">:</span> <span class="pl-c1">(#</span><span class="pl-en">x</span><span class="pl-c1">:int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(-</span><span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-c1">(-</span><span class="pl-c1">1</span><span class="pl-c1">)</span> * <span class="pl-en">x</span><span class="pl-c1">)</span>
+<span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">neg_minus_one</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">val</span> <span class="pl-en">x_plus_zero</span> <span class="pl-c1">:</span> <span class="pl-c1">(#</span><span class="pl-en">x</span><span class="pl-c1">:int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">+</span> <span class="pl-c1">0</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+<span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">x_plus_zero</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">val</span> <span class="pl-en">zero_plus_x</span> <span class="pl-c1">:</span> <span class="pl-c1">(#</span><span class="pl-en">x</span><span class="pl-c1">:int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-c1">0</span> <span class="pl-c1">+</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+<span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">zero_plus_x</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">val</span> <span class="pl-en">x_mult_zero</span> <span class="pl-c1">:</span> <span class="pl-c1">(#</span><span class="pl-en">x</span><span class="pl-c1">:int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">x</span> * <span class="pl-c1">0</span> <span class="pl-c1">==</span> <span class="pl-c1">0</span><span class="pl-c1">)</span>
+<span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">x_mult_zero</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">val</span> <span class="pl-en">zero_mult_x</span> <span class="pl-c1">:</span> <span class="pl-c1">(#</span><span class="pl-en">x</span><span class="pl-c1">:int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-c1">0</span> * <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-c1">0</span><span class="pl-c1">)</span>
+<span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">zero_mult_x</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">val</span> <span class="pl-en">x_mult_one</span> <span class="pl-c1">:</span> <span class="pl-c1">(#</span><span class="pl-en">x</span><span class="pl-c1">:int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">x</span> * <span class="pl-c1">1</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+<span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">x_mult_one</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">val</span> <span class="pl-en">one_mult_x</span> <span class="pl-c1">:</span> <span class="pl-c1">(#</span><span class="pl-en">x</span><span class="pl-c1">:int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-c1">1</span> * <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+<span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">one_mult_x</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">val</span> <span class="pl-en">minus_is_plus</span> <span class="pl-c1">:</span> <span class="pl-c1">(#</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">y</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">-</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">x</span> <span class="pl-c1">+</span> <span class="pl-c1">(-</span><span class="pl-en">y</span><span class="pl-c1">))</span>
+<span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">minus_is_plus</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">#</span><span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">step</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">trans</span><span class="pl-c1">);</span>
+    <span class="pl-en">t</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">step_lemma</span> <span class="pl-c1">(</span><span class="pl-en">lem</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">step</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">apply_lemma</span> <span class="pl-en">lem</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">canon_point</span> <span class="pl-c1">:</span> <span class="pl-en">expr</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">expr</span>
+<span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">canon_point</span> <span class="pl-en">e</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">skip</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">expr</span> <span class="pl-c1">=</span>
+        <span class="pl-en">trefl</span> <span class="pl-c1">();</span> <span class="pl-en">e</span>
+    <span class="pl-k">in</span>
+    <span class="pl-k">match</span> <span class="pl-en">e</span> <span class="pl-k">with</span></pre></div>
+<p>Evaluate constants</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Plus</span> <span class="pl-c1">(</span><span class="pl-c1">Lit</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-c1">Lit</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">norm</span> <span class="pl-c1">[</span><span class="pl-en">primops</span><span class="pl-c1">];</span>
+    <span class="pl-en">trefl</span> <span class="pl-c1">();</span>
+    <span class="pl-c1">Lit</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Mult</span> <span class="pl-c1">(</span><span class="pl-c1">Lit</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-c1">Lit</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">norm</span> <span class="pl-c1">[</span><span class="pl-en">delta</span><span class="pl-c1">;</span> <span class="pl-en">primops</span><span class="pl-c1">];</span> <span class="pl-c">// Need delta to turn op_Star into op_Multiply, as there's no primop for it</span>
+    <span class="pl-en">trefl</span> <span class="pl-c1">();</span>
+    <span class="pl-c1">Lit</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<p>Forget about negations</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Neg</span> <span class="pl-en">e</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">step_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">neg_minus_one</span><span class="pl-c1">);</span>
+    <span class="pl-en">canon_point</span> <span class="pl-c1">(</span><span class="pl-c1">Mult</span> <span class="pl-c1">(</span><span class="pl-c1">Lit</span> <span class="pl-c1">(-</span><span class="pl-c1">1</span><span class="pl-c1">))</span> <span class="pl-en">e</span><span class="pl-c1">)</span></pre></div>
+<p>Distribute</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Mult</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-c1">Plus</span> <span class="pl-en">b</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">step_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">distr</span><span class="pl-c1">);</span>
+    <span class="pl-en">step_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">cong_plus</span><span class="pl-c1">);</span>
+    <span class="pl-k">let</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-en">canon_point</span> <span class="pl-c1">(</span><span class="pl-c1">Mult</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">r</span> <span class="pl-c1">=</span> <span class="pl-en">canon_point</span> <span class="pl-c1">(</span><span class="pl-c1">Mult</span> <span class="pl-en">a</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+    <span class="pl-en">canon_point</span> <span class="pl-c1">(</span><span class="pl-c1">Plus</span> <span class="pl-en">l</span> <span class="pl-en">r</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Mult</span> <span class="pl-c1">(</span><span class="pl-c1">Plus</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">step_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">distl</span><span class="pl-c1">);</span>
+    <span class="pl-en">step_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">cong_plus</span><span class="pl-c1">);</span>
+    <span class="pl-k">let</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-en">canon_point</span> <span class="pl-c1">(</span><span class="pl-c1">Mult</span> <span class="pl-en">a</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">r</span> <span class="pl-c1">=</span> <span class="pl-en">canon_point</span> <span class="pl-c1">(</span><span class="pl-c1">Mult</span> <span class="pl-en">b</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+    <span class="pl-en">canon_point</span> <span class="pl-c1">(</span><span class="pl-c1">Plus</span> <span class="pl-en">l</span> <span class="pl-en">r</span><span class="pl-c1">)</span></pre></div>
+<p>Associate to the left</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Mult</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-c1">Mult</span> <span class="pl-en">b</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">step_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">ass_mult_l</span><span class="pl-c1">);</span>
+    <span class="pl-en">step_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">cong_mult</span><span class="pl-c1">);</span>
+    <span class="pl-k">let</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-en">canon_point</span> <span class="pl-c1">(</span><span class="pl-c1">Mult</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">r</span> <span class="pl-c1">=</span> <span class="pl-en">canon_point</span> <span class="pl-en">c</span> <span class="pl-k">in</span>
+    <span class="pl-en">canon_point</span> <span class="pl-c1">(</span><span class="pl-c1">Mult</span> <span class="pl-en">l</span> <span class="pl-en">r</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Plus</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-c1">Plus</span> <span class="pl-en">b</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">step_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">ass_plus_l</span><span class="pl-c1">);</span>
+    <span class="pl-en">step_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">cong_plus</span><span class="pl-c1">);</span>
+    <span class="pl-k">let</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-en">canon_point</span> <span class="pl-c1">(</span><span class="pl-c1">Plus</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">r</span> <span class="pl-c1">=</span> <span class="pl-en">canon_point</span> <span class="pl-en">c</span> <span class="pl-k">in</span>
+    <span class="pl-en">canon_point</span> <span class="pl-c1">(</span><span class="pl-c1">Plus</span> <span class="pl-en">l</span> <span class="pl-en">r</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Plus</span> <span class="pl-c1">(</span><span class="pl-c1">Plus</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">if</span> <span class="pl-smi">O.</span><span class="pl-en">gt</span> <span class="pl-c1">(</span><span class="pl-en">compare_expr</span> <span class="pl-en">b</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+    <span class="pl-k">then</span> <span class="pl-k">begin</span>
+        <span class="pl-en">step_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">sw_plus</span><span class="pl-c1">);</span>
+        <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">cong_plus</span><span class="pl-c1">);</span>
+        <span class="pl-k">let</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-en">canon_point</span> <span class="pl-c1">(</span><span class="pl-c1">Plus</span> <span class="pl-en">a</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+        <span class="pl-en">trefl</span><span class="pl-c1">()</span> <span class="pl-c1">;</span>
+        <span class="pl-c1">Plus</span> <span class="pl-en">l</span> <span class="pl-en">b</span>
+    <span class="pl-k">end</span>
+    <span class="pl-k">else</span> <span class="pl-en">skip</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Mult</span> <span class="pl-c1">(</span><span class="pl-c1">Mult</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">if</span> <span class="pl-smi">O.</span><span class="pl-en">gt</span> <span class="pl-c1">(</span><span class="pl-en">compare_expr</span> <span class="pl-en">b</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+    <span class="pl-k">then</span> <span class="pl-k">begin</span>
+        <span class="pl-en">step_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">sw_mult</span><span class="pl-c1">);</span>
+        <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">cong_mult</span><span class="pl-c1">);</span>
+        <span class="pl-k">let</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-en">canon_point</span> <span class="pl-c1">(</span><span class="pl-c1">Mult</span> <span class="pl-en">a</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+        <span class="pl-en">trefl</span> <span class="pl-c1">();</span>
+        <span class="pl-c1">Mult</span> <span class="pl-en">l</span> <span class="pl-en">b</span>
+    <span class="pl-k">end</span>
+    <span class="pl-k">else</span> <span class="pl-en">skip</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Plus</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-c1">Lit</span> <span class="pl-c1">0</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">x_plus_zero</span><span class="pl-c1">);</span>
+    <span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Plus</span> <span class="pl-c1">(</span><span class="pl-c1">Lit</span> <span class="pl-c1">0</span><span class="pl-c1">)</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">zero_plus_x</span><span class="pl-c1">);</span>
+    <span class="pl-en">b</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Plus</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">if</span> <span class="pl-smi">O.</span><span class="pl-en">gt</span> <span class="pl-c1">(</span><span class="pl-en">compare_expr</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+    <span class="pl-k">then</span> <span class="pl-c1">(</span><span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">comm_plus</span><span class="pl-c1">);</span> <span class="pl-c1">Plus</span> <span class="pl-en">b</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-k">else</span> <span class="pl-en">skip</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Mult</span> <span class="pl-c1">(</span><span class="pl-c1">Lit</span> <span class="pl-c1">0</span><span class="pl-c1">)</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">zero_mult_x</span><span class="pl-c1">);</span>
+    <span class="pl-c1">Lit</span> <span class="pl-c1">0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Mult</span> <span class="pl-c1">_</span> <span class="pl-c1">(</span><span class="pl-c1">Lit</span> <span class="pl-c1">0</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">x_mult_zero</span><span class="pl-c1">);</span>
+    <span class="pl-c1">Lit</span> <span class="pl-c1">0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Mult</span> <span class="pl-c1">(</span><span class="pl-c1">Lit</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">one_mult_x</span><span class="pl-c1">);</span>
+    <span class="pl-en">r</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Mult</span> <span class="pl-en">l</span> <span class="pl-c1">(</span><span class="pl-c1">Lit</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">x_mult_one</span><span class="pl-c1">);</span>
+    <span class="pl-en">l</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Mult</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">if</span> <span class="pl-smi">O.</span><span class="pl-en">gt</span> <span class="pl-c1">(</span><span class="pl-en">compare_expr</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+    <span class="pl-k">then</span> <span class="pl-c1">(</span><span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">comm_mult</span><span class="pl-c1">);</span> <span class="pl-c1">Mult</span> <span class="pl-en">b</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-k">else</span> <span class="pl-en">skip</span> <span class="pl-c1">()</span></pre></div>
+<p>Forget about subtraction</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Minus</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">step_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">minus_is_plus</span><span class="pl-c1">);</span>
+    <span class="pl-en">step_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">cong_plus</span><span class="pl-c1">);</span>
+    <span class="pl-en">trefl</span> <span class="pl-c1">();</span>
+    <span class="pl-k">let</span> <span class="pl-en">r</span> <span class="pl-c1">=</span> <span class="pl-en">canon_point</span> <span class="pl-c1">(</span><span class="pl-c1">Neg</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+    <span class="pl-en">canon_point</span> <span class="pl-c1">(</span><span class="pl-c1">Plus</span> <span class="pl-en">a</span> <span class="pl-en">r</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">skip</span> <span class="pl-c1">()</span></pre></div>
+<p>On canon_point_entry, we interpret the LHS of the goal as an
+arithmetic expression, of which we keep track in canon_point so we
+avoid reinterpreting the goal, which gives a good speedup.</p>
+<p>However, we are repeating work between canon_point_entry calls, since
+in (L + R), we are called once for L, once for R, and once for the
+sum which traverses both (their canonized forms, actually).</p>
+<p>The proper way to solve this is have some state-passing in pointwise,
+maybe having the inner tactic be of type (list a -&gt; tactic a), where
+the list is the collected results for all child calls.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">canon_point_entry</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">norm</span> <span class="pl-c1">[];</span>
+    <span class="pl-k">let</span> <span class="pl-en">g</span> <span class="pl-c1">=</span> <span class="pl-en">cur_goal</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+    <span class="pl-k">match</span> <span class="pl-en">term_as_formula</span> <span class="pl-en">g</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Comp</span> <span class="pl-c1">(</span><span class="pl-c1">Eq</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">begin</span> <span class="pl-k">match</span> <span class="pl-en">run_tm</span> <span class="pl-c1">(</span><span class="pl-en">is_arith_expr</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-k">with</span>
+        <span class="pl-c1">|</span> <span class="pl-c1">Inr</span> <span class="pl-en">e</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-en">_e</span> <span class="pl-c1">=</span> <span class="pl-en">canon_point</span> <span class="pl-en">e</span> <span class="pl-k">in</span> <span class="pl-c1">())</span>
+        <span class="pl-c1">|</span> <span class="pl-c1">Inl</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">trefl</span> <span class="pl-c1">()</span>
+        <span class="pl-k">end</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-en">fail</span> <span class="pl-c1">(</span><span class="pl-s"><span class="pl-pds">"</span>impossible: <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">g</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">canon</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">pointwise</span> <span class="pl-en">canon_point_entry</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Tactics.CanonCommSemiring.html b/docs/FStar.Tactics.CanonCommSemiring.html
index 8495a10..a4cd251 100644
--- a/docs/FStar.Tactics.CanonCommSemiring.html
+++ b/docs/FStar.Tactics.CanonCommSemiring.html
@@ -1,130 +1,1655 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Tactics.CanonCommSemiring</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.tactics.canoncommsemiring">module FStar.Tactics.CanonCommSemiring</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> canon_attr:()</code></pre></div>
+<h1>
+<a id="user-content-fstartacticscanoncommsemiring" class="anchor" href="#fstartacticscanoncommsemiring" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Tactics.CanonCommSemiring</h1>
+<blockquote>
+<p>A tactic to solve equalities on a commutative semiring (a, +, *, 0, 1)</p>
+<p>The tactic <code>canon_semiring</code> is parameterized by the base type <code>a</code> and
+a semiring theory <code>cr a</code>. This requires:</p>
+<ul>
+<li>A commutative monoid (a, +, 0) for addition
+That is, + is associative, commutative and has identity element 0</li>
+<li>An additive inverse operator for (a, +, 0), making it an Abelian group
+That is, a + -a = 0</li>
+<li>A commutative monoid (a, *, 1) for multiplication
+That is, * is associative, commutative and has identity element 1</li>
+<li>Multipication left-distributes over addition
+That is, a * (b + c) == a * b + a * c</li>
+<li>0 is an absorbing element of multiplication
+That is, 0 * a = 0</li>
+</ul>
+<p>In contrast to the previous version of FStar.Tactics.CanonCommSemiring,
+the tactic defined here canonizes products, additions and additive inverses,
+collects coefficients in monomials, and eliminates trivial expressions.</p>
+<p>This is based on the legacy (second) version of Coq's ring tactic:</p>
+<ul>
+<li><a href="https://github.com/coq-contribs/legacy-ring/">https://github.com/coq-contribs/legacy-ring/</a></li>
+</ul>
+<p>See also the newest ring tactic in Coq, which is even more general
+and efficient:</p>
+<ul>
+<li><a href="https://coq.inria.fr/refman/addendum/ring.html" rel="nofollow">https://coq.inria.fr/refman/addendum/ring.html</a></li>
+<li><a href="http://www.cs.ru.nl/~freek/courses/tt-2014/read/10.1.1.61.3041.pdf" rel="nofollow">http://www.cs.ru.nl/~freek/courses/tt-2014/read/10.1.1.61.3041.pdf</a></li>
+</ul>
+</blockquote>
+<ul>
+<li>Opens module <a href="FStar.List.html">FStar.List</a>
+</li>
+<li>Opens module <a href="FStar.Tactics.html">FStar.Tactics</a>
+</li>
+<li>Opens module <a href="FStar.Reflection.html">FStar.Reflection</a>
+</li>
+<li>Opens module <a href="FStar.Algebra.CommMonoid.html">FStar.Algebra.CommMonoid</a>
+</li>
+</ul>
+<h4>
+<a id="user-content-canon_attr" class="anchor" href="#canon_attr" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>canon_attr</h4>
 <p>An attribute for marking definitions to unfold by the tactic</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> (norm_fully (#a:Type) (x:a)):x</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">irreducible</span> <span class="pl-k">let</span> <span class="pl-en">canon_attr</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<blockquote>
+<p>Commutative semiring theory</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">distribute_left_lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">cm_add</span><span class="pl-c1">:</span><span class="pl-en">cm</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">cm_mult</span><span class="pl-c1">:</span><span class="pl-en">cm</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-c1">(</span> <span class="pl-c1">+</span> <span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-c1">(</span> * <span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">z</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">x</span> * <span class="pl-c1">(</span><span class="pl-en">y</span> <span class="pl-c1">+</span> <span class="pl-en">z</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">x</span> * <span class="pl-en">y</span> <span class="pl-c1">+</span> <span class="pl-en">x</span> * <span class="pl-en">z</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">distribute_right_lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">cm_add</span><span class="pl-c1">:</span><span class="pl-en">cm</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">cm_mult</span><span class="pl-c1">:</span><span class="pl-en">cm</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-c1">(</span> <span class="pl-c1">+</span> <span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-c1">(</span> * <span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">z</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">x</span> <span class="pl-c1">+</span> <span class="pl-en">y</span><span class="pl-c1">)</span> * <span class="pl-en">z</span> <span class="pl-c1">==</span> <span class="pl-en">x</span> * <span class="pl-en">z</span> <span class="pl-c1">+</span> <span class="pl-en">y</span> * <span class="pl-en">z</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mult_zero_l_lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">cm_add</span><span class="pl-c1">:</span><span class="pl-en">cm</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">cm_mult</span><span class="pl-c1">:</span><span class="pl-en">cm</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-en">cm_add</span><span class="pl-c1">.unit</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">cm_add</span><span class="pl-c1">.unit)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">add_opp_r_lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">cm_add</span><span class="pl-c1">:</span><span class="pl-en">cm</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">opp</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">))</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-c1">(</span> <span class="pl-c1">+</span> <span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">+</span> <span class="pl-en">opp</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">cm_add</span><span class="pl-c1">.unit)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">canon_attr</span><span class="pl-c1">]</span>
+<span class="pl-k">unopteq</span>
+<span class="pl-k">type</span> <span class="pl-en">cr</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">CR</span> <span class="pl-c1">:</span>
+    <span class="pl-en">cm_add</span><span class="pl-c1">:</span> <span class="pl-en">cm</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">cm_mult</span><span class="pl-c1">:</span> <span class="pl-en">cm</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">opp</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">add_opp</span><span class="pl-c1">:</span> <span class="pl-en">add_opp_r_lemma</span> <span class="pl-en">a</span> <span class="pl-en">cm_add</span> <span class="pl-en">opp</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">distribute</span><span class="pl-c1">:</span> <span class="pl-en">distribute_left_lemma</span> <span class="pl-en">a</span> <span class="pl-en">cm_add</span> <span class="pl-en">cm_mult</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">mult_zero_l</span><span class="pl-c1">:</span> <span class="pl-en">mult_zero_l_lemma</span> <span class="pl-en">a</span> <span class="pl-en">cm_add</span> <span class="pl-en">cm_mult</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">cr</span> <span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">distribute_right</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">distribute_right_lemma</span> <span class="pl-en">a</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span> <span class="pl-c1">=</span>
+  <span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">commutativity</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-en">z</span><span class="pl-c1">;</span>
+    <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">distribute</span> <span class="pl-en">z</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">;</span>
+    <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">commutativity</span> <span class="pl-en">x</span> <span class="pl-en">z</span><span class="pl-c1">;</span>
+    <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">commutativity</span> <span class="pl-en">y</span> <span class="pl-en">z</span></pre></div>
+<blockquote>
+<p>Syntax of canonical ring expressions</p>
+</blockquote>
+<h4>
+<a id="user-content-norm_fully" class="anchor" href="#norm_fully" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>norm_fully</h4>
 <ul>
 <li>Marking expressions we would like to normalize fully.</li>
 <li>This does not do anything at the moment, but it would be nice</li>
 <li>to have a cheap mechanism to make this work without traversing the</li>
 <li>whole goal.</li>
-<li></li>
+<li>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">canon_attr</span><span class="pl-c1">]</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">norm_fully</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">x</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">index</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype</span> <span class="pl-c1">=</span> <span class="pl-c1">nat</span></pre></div>
+<ul>
+<li>A list of variables represents a sorted product of one or more variables.</li>
+<li>We do not need to prove sortedness to prove correctness, so we never</li>
+<li>make it explicit.</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">varlist</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Nil_var</span> <span class="pl-c1">:</span> <span class="pl-en">varlist</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_var</span> <span class="pl-c1">:</span> <span class="pl-en">index</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">varlist</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">varlist</span></pre></div>
+<ul>
+<li>A canonical expression represents an ordered sum of monomials.</li>
+<li>Each monomial is either:</li>
+<li>
+<ul>
+<li>a varlist (a product of variables): x1 * ... * xk</li>
+</ul>
+</li>
+<li>
+<ul>
+<li>a product of a scalar and a varlist: c * x1 * ... * xk</li>
+</ul>
+</li>
+<li>
+</li>
+<li>The order on monomials is the lexicographic order on varlist, with the</li>
+<li>additional convention that monomials with a scalar are less than monomials</li>
+<li>without a scalar.</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">canonical_sum</span> <span class="pl-en">a</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Nil_monom</span> <span class="pl-c1">:</span> <span class="pl-en">canonical_sum</span> <span class="pl-en">a</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_monom</span> <span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">varlist</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">canonical_sum</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">canonical_sum</span> <span class="pl-en">a</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_varlist</span> <span class="pl-c1">:</span> <span class="pl-en">varlist</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">canonical_sum</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">canonical_sum</span> <span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">canon_attr</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">varlist_lt</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">varlist</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-en">y</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Nil_var</span><span class="pl-c1">,</span> <span class="pl-c1">Cons_var</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">true</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_var</span> <span class="pl-en">i</span> <span class="pl-en">xs</span><span class="pl-c1">,</span> <span class="pl-c1">Cons_var</span> <span class="pl-en">j</span> <span class="pl-en">ys</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">if</span> <span class="pl-en">i</span> &lt; <span class="pl-en">j</span> <span class="pl-k">then</span> <span class="pl-c1">true</span> <span class="pl-k">else</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">j</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">varlist_lt</span> <span class="pl-en">xs</span> <span class="pl-en">ys</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">false</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">canon_attr</span><span class="pl-c1">]</span>
+<span class="pl-k">val</span> <span class="pl-en">varlist_merge</span><span class="pl-c1">:</span> <span class="pl-en">l1</span><span class="pl-c1">:</span><span class="pl-en">varlist</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l2</span><span class="pl-c1">:</span><span class="pl-en">varlist</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">varlist</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">%[</span><span class="pl-en">l1</span><span class="pl-c1">;</span> <span class="pl-en">l2</span><span class="pl-c1">;</span> <span class="pl-c1">0</span><span class="pl-c1">]</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">canon_attr</span><span class="pl-c1">]</span>
+<span class="pl-k">val</span> <span class="pl-en">vm_aux</span><span class="pl-c1">:</span> <span class="pl-en">index</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t1</span><span class="pl-c1">:</span><span class="pl-en">varlist</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l2</span><span class="pl-c1">:</span><span class="pl-en">varlist</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">varlist</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">%[</span><span class="pl-en">t1</span><span class="pl-c1">;</span> <span class="pl-en">l2</span><span class="pl-c1">;</span> <span class="pl-c1">1</span><span class="pl-c1">]</span><span class="pl-c1">)</span></pre></div>
+<p>Merges two lists of variables, preserving sortedness</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">canon_attr</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">varlist_merge</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">l2</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">Nil_var</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l1</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Nil_var</span><span class="pl-c1">,</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l2</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_var</span> <span class="pl-en">v1</span> <span class="pl-en">t1</span><span class="pl-c1">,</span> <span class="pl-c1">Cons_var</span> <span class="pl-en">v2</span> <span class="pl-en">t2</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">vm_aux</span> <span class="pl-en">v1</span> <span class="pl-en">t1</span> <span class="pl-en">l2</span>
+<span class="pl-k">and</span> <span class="pl-en">vm_aux</span> <span class="pl-en">v1</span> <span class="pl-en">t1</span> <span class="pl-en">l2</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">l2</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_var</span> <span class="pl-en">v2</span> <span class="pl-en">t2</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">if</span> <span class="pl-en">v1</span> &lt; <span class="pl-en">v2</span>
+    <span class="pl-k">then</span> <span class="pl-c1">Cons_var</span> <span class="pl-en">v1</span> <span class="pl-c1">(</span><span class="pl-en">varlist_merge</span> <span class="pl-en">t1</span> <span class="pl-en">l2</span><span class="pl-c1">)</span>
+    <span class="pl-k">else</span> <span class="pl-c1">Cons_var</span> <span class="pl-en">v2</span> <span class="pl-c1">(</span><span class="pl-en">vm_aux</span> <span class="pl-en">v1</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Cons_var</span> <span class="pl-en">v1</span> <span class="pl-en">t1</span></pre></div>
+<ul>
+<li>Merges two canonical expressions</li>
+<li>
+</li>
+<li>We require that <code>a</code> is eqtype for better reasons later.</li>
+<li>Here it is convenient to fix the universe of <code>a</code> in</li>
+<li>mutually recursive functions.</li>
 </ul>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> spolynomial_normalize:Unidentified product: [#a:eqtype] Unidentified product: [cr a] Unidentified product: [spolynomial a] canonical_sum a</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">canon_attr</span><span class="pl-c1">]</span>
+<span class="pl-k">val</span> <span class="pl-en">canonical_sum_merge</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">cr</span> <span class="pl-en">a</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">canonical_sum</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">canonical_sum</span> <span class="pl-en">a</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">%[</span><span class="pl-en">s1</span><span class="pl-c1">;</span> <span class="pl-en">s2</span><span class="pl-c1">;</span> <span class="pl-c1">0</span><span class="pl-c1">]</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">canon_attr</span><span class="pl-c1">]</span>
+<span class="pl-k">val</span> <span class="pl-en">csm_aux</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c1</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l1</span><span class="pl-c1">:</span><span class="pl-en">varlist</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t1</span><span class="pl-c1">:</span><span class="pl-en">canonical_sum</span> <span class="pl-en">a</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">canonical_sum</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">%[</span><span class="pl-en">t1</span><span class="pl-c1">;</span> <span class="pl-en">s2</span><span class="pl-c1">;</span> <span class="pl-c1">1</span><span class="pl-c1">]</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">canon_attr</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">canonical_sum_merge</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">aplus</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">aone</span>  <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.unit</span> <span class="pl-k">in</span>
+  <span class="pl-k">match</span> <span class="pl-en">s1</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_monom</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">csm_aux</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span> <span class="pl-en">s2</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_varlist</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span>  <span class="pl-c1">-&gt;</span> <span class="pl-en">csm_aux</span> <span class="pl-en">r</span> <span class="pl-en">aone</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span> <span class="pl-en">s2</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Nil_monom</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">and</span> <span class="pl-en">csm_aux</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span> <span class="pl-en">s2</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">aplus</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">aone</span>  <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.unit</span> <span class="pl-k">in</span>
+  <span class="pl-k">match</span> <span class="pl-en">s2</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_monom</span> <span class="pl-en">c2</span> <span class="pl-en">l2</span> <span class="pl-en">t2</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">if</span> <span class="pl-en">l1</span> <span class="pl-c1">=</span> <span class="pl-en">l2</span>
+    <span class="pl-k">then</span> <span class="pl-c1">Cons_monom</span> <span class="pl-c1">(</span><span class="pl-en">norm_fully</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">c1</span> <span class="pl-en">c2</span><span class="pl-c1">))</span> <span class="pl-en">l1</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_merge</span> <span class="pl-en">r</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">)</span>
+    <span class="pl-k">else</span>
+      <span class="pl-k">if</span> <span class="pl-en">varlist_lt</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span>
+      <span class="pl-k">then</span> <span class="pl-c1">Cons_monom</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_merge</span> <span class="pl-en">r</span> <span class="pl-en">t1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span>
+      <span class="pl-k">else</span> <span class="pl-c1">Cons_monom</span> <span class="pl-en">c2</span> <span class="pl-en">l2</span> <span class="pl-c1">(</span><span class="pl-en">csm_aux</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_varlist</span> <span class="pl-en">l2</span> <span class="pl-en">t2</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">if</span> <span class="pl-en">l1</span> <span class="pl-c1">=</span> <span class="pl-en">l2</span>
+    <span class="pl-k">then</span> <span class="pl-c1">Cons_monom</span> <span class="pl-c1">(</span><span class="pl-en">norm_fully</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">c1</span> <span class="pl-en">aone</span><span class="pl-c1">))</span> <span class="pl-en">l1</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_merge</span> <span class="pl-en">r</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">)</span>
+    <span class="pl-k">else</span>
+      <span class="pl-k">if</span> <span class="pl-en">varlist_lt</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span>
+      <span class="pl-k">then</span> <span class="pl-c1">Cons_monom</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_merge</span> <span class="pl-en">r</span> <span class="pl-en">t1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span>
+      <span class="pl-k">else</span> <span class="pl-c1">Cons_varlist</span> <span class="pl-en">l2</span> <span class="pl-c1">(</span><span class="pl-en">csm_aux</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Nil_monom</span> <span class="pl-c1">-&gt;</span></pre></div>
+<p>if c1 = aone then Cons_varlist l1 t1 else</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">Cons_monom</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span></pre></div>
+<p>Inserts a monomial into the apropriate position in a canonical sum</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">monom_insert</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">c1</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l1</span><span class="pl-c1">:</span><span class="pl-en">varlist</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">canonical_sum</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">canonical_sum</span> <span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">canon_attr</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">monom_insert</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">s2</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">aplus</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">aone</span>  <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.unit</span> <span class="pl-k">in</span>
+  <span class="pl-k">match</span> <span class="pl-en">s2</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_monom</span> <span class="pl-en">c2</span> <span class="pl-en">l2</span> <span class="pl-en">t2</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">if</span> <span class="pl-en">l1</span> <span class="pl-c1">=</span> <span class="pl-en">l2</span>
+    <span class="pl-k">then</span> <span class="pl-c1">Cons_monom</span> <span class="pl-c1">(</span><span class="pl-en">norm_fully</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">c1</span> <span class="pl-en">c2</span><span class="pl-c1">))</span> <span class="pl-en">l1</span> <span class="pl-en">t2</span>
+    <span class="pl-k">else</span>
+      <span class="pl-k">if</span> <span class="pl-en">varlist_lt</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span>
+      <span class="pl-k">then</span> <span class="pl-c1">Cons_monom</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">s2</span>
+      <span class="pl-k">else</span> <span class="pl-c1">Cons_monom</span> <span class="pl-en">c2</span> <span class="pl-en">l2</span> <span class="pl-c1">(</span><span class="pl-en">monom_insert</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t2</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_varlist</span> <span class="pl-en">l2</span> <span class="pl-en">t2</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">if</span> <span class="pl-en">l1</span> <span class="pl-c1">=</span> <span class="pl-en">l2</span>
+    <span class="pl-k">then</span> <span class="pl-c1">Cons_monom</span> <span class="pl-c1">(</span><span class="pl-en">norm_fully</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">c1</span> <span class="pl-en">aone</span><span class="pl-c1">))</span> <span class="pl-en">l1</span> <span class="pl-en">t2</span>
+    <span class="pl-k">else</span>
+      <span class="pl-k">if</span> <span class="pl-en">varlist_lt</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span>
+      <span class="pl-k">then</span> <span class="pl-c1">Cons_monom</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">s2</span>
+      <span class="pl-k">else</span> <span class="pl-c1">Cons_varlist</span> <span class="pl-en">l2</span> <span class="pl-c1">(</span><span class="pl-en">monom_insert</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t2</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Nil_monom</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">if</span> <span class="pl-en">c1</span> <span class="pl-c1">=</span> <span class="pl-en">aone</span>
+    <span class="pl-k">then</span> <span class="pl-c1">Cons_varlist</span> <span class="pl-en">l1</span> <span class="pl-c1">Nil_monom</span>
+    <span class="pl-k">else</span> <span class="pl-c1">Cons_monom</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-c1">Nil_monom</span></pre></div>
+<p>Inserts a monomial without scalar into a canonical sum</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">varlist_insert</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">cr</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">varlist</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">canonical_sum</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">canonical_sum</span> <span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">canon_attr</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">varlist_insert</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">l1</span> <span class="pl-en">s2</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">aone</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.unit</span> <span class="pl-k">in</span>
+  <span class="pl-en">monom_insert</span> <span class="pl-en">r</span> <span class="pl-en">aone</span> <span class="pl-en">l1</span> <span class="pl-en">s2</span></pre></div>
+<p>Multiplies a sum by a scalar c0</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">canonical_sum_scalar</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">cr</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">canonical_sum</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">canonical_sum</span> <span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">canon_attr</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">canonical_sum_scalar</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">c0</span> <span class="pl-en">s</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">amult</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-k">match</span> <span class="pl-en">s</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_monom</span> <span class="pl-en">c</span> <span class="pl-en">l</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Cons_monom</span> <span class="pl-c1">(</span><span class="pl-en">norm_fully</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-en">c</span><span class="pl-c1">))</span> <span class="pl-en">l</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar</span> <span class="pl-en">r</span> <span class="pl-en">c0</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_varlist</span> <span class="pl-en">l</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Cons_monom</span> <span class="pl-en">c0</span> <span class="pl-en">l</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar</span> <span class="pl-en">r</span> <span class="pl-en">c0</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Nil_monom</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Nil_monom</span></pre></div>
+<p>Multiplies a sum by a monomial without scalar</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">canonical_sum_scalar2</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">cr</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">varlist</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">canonical_sum</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">canonical_sum</span> <span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">canon_attr</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">canonical_sum_scalar2</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">l0</span> <span class="pl-en">s</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">s</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_monom</span> <span class="pl-en">c</span> <span class="pl-en">l</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">monom_insert</span> <span class="pl-en">r</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">varlist_merge</span> <span class="pl-en">l0</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar2</span> <span class="pl-en">r</span> <span class="pl-en">l0</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_varlist</span> <span class="pl-en">l</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">varlist_insert</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">varlist_merge</span> <span class="pl-en">l0</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar2</span> <span class="pl-en">r</span> <span class="pl-en">l0</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Nil_monom</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Nil_monom</span></pre></div>
+<p>Multiplies a sum by a monomial with scalar</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">canonical_sum_scalar3</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">cr</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">varlist</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">canonical_sum</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">canonical_sum</span> <span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">canon_attr</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">canonical_sum_scalar3</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">c0</span> <span class="pl-en">l0</span> <span class="pl-en">s</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">amult</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-k">match</span> <span class="pl-en">s</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_monom</span> <span class="pl-en">c</span> <span class="pl-en">l</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">monom_insert</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">norm_fully</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-en">c</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">varlist_merge</span> <span class="pl-en">l0</span> <span class="pl-en">l</span><span class="pl-c1">)</span>
+                 <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar3</span> <span class="pl-en">r</span> <span class="pl-en">c0</span> <span class="pl-en">l0</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_varlist</span> <span class="pl-en">l</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">monom_insert</span> <span class="pl-en">r</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">varlist_merge</span> <span class="pl-en">l0</span> <span class="pl-en">l</span><span class="pl-c1">)</span>
+                 <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar3</span> <span class="pl-en">r</span> <span class="pl-en">c0</span> <span class="pl-en">l0</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Nil_monom</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span></pre></div>
+<p>Multiplies two canonical sums</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">canonical_sum_prod</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">cr</span> <span class="pl-en">a</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">canonical_sum</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">canonical_sum</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">canonical_sum</span> <span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">canon_attr</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">canonical_sum_prod</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">s1</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_monom</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">canonical_sum_merge</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar3</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span>
+                          <span class="pl-c1">(</span><span class="pl-en">canonical_sum_prod</span> <span class="pl-en">r</span> <span class="pl-en">t1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_varlist</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">canonical_sum_merge</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar2</span> <span class="pl-en">r</span> <span class="pl-en">l1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span>
+                          <span class="pl-c1">(</span><span class="pl-en">canonical_sum_prod</span> <span class="pl-en">r</span> <span class="pl-en">t1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Nil_monom</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span></pre></div>
+<blockquote>
+<p>Syntax of concrete semiring polynomials</p>
+</blockquote>
+<p>This is the type where we reflect expressions before normalization</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">spolynomial</span> <span class="pl-en">a</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">SPvar</span>   <span class="pl-c1">:</span> <span class="pl-en">index</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">spolynomial</span> <span class="pl-en">a</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">SPconst</span> <span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">spolynomial</span> <span class="pl-en">a</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">SPplus</span>  <span class="pl-c1">:</span> <span class="pl-en">spolynomial</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">spolynomial</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">spolynomial</span> <span class="pl-en">a</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">SPmult</span>  <span class="pl-c1">:</span> <span class="pl-en">spolynomial</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">spolynomial</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">spolynomial</span> <span class="pl-en">a</span></pre></div>
+<h4>
+<a id="user-content-spolynomial_normalize" class="anchor" href="#spolynomial_normalize" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>spolynomial_normalize</h4>
 <p>Canonize a reflected expression</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> canonical_sum_simplify:Unidentified product: [#a:eqtype] Unidentified product: [cr a] Unidentified product: [canonical_sum a] canonical_sum a</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">spolynomial_normalize</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">cr</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">spolynomial</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">canonical_sum</span> <span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">canon_attr</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">spolynomial_normalize</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">p</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">p</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">SPvar</span> <span class="pl-en">i</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Cons_varlist</span> <span class="pl-c1">(</span><span class="pl-c1">Cons_var</span> <span class="pl-en">i</span> <span class="pl-c1">Nil_var</span><span class="pl-c1">)</span> <span class="pl-c1">Nil_monom</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">SPconst</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Cons_monom</span> <span class="pl-en">c</span> <span class="pl-c1">Nil_var</span> <span class="pl-c1">Nil_monom</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">SPplus</span> <span class="pl-en">l</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">canonical_sum_merge</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">spolynomial_normalize</span> <span class="pl-en">r</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">spolynomial_normalize</span> <span class="pl-en">r</span> <span class="pl-en">q</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">SPmult</span> <span class="pl-en">l</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">canonical_sum_prod</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">spolynomial_normalize</span> <span class="pl-en">r</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">spolynomial_normalize</span> <span class="pl-en">r</span> <span class="pl-en">q</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-canonical_sum_simplify" class="anchor" href="#canonical_sum_simplify" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>canonical_sum_simplify</h4>
 <ul>
 <li>Simplify a canonical sum.</li>
 <li>Removes 0 * x1 * ... * xk and turns 1 * x1 * ... * xk into x1 * ... * xk</li>
-<li></li>
+<li>
+</li>
 </ul>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> spolynomial_simplify:Unidentified product: [#a:eqtype] Unidentified product: [cr a] Unidentified product: [spolynomial a] canonical_sum a</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">canonical_sum_simplify</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">cr</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">canonical_sum</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">canonical_sum</span> <span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">canon_attr</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">canonical_sum_simplify</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">s</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">azero</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.unit</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">aone</span>  <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.unit</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">aplus</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-k">match</span> <span class="pl-en">s</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_monom</span> <span class="pl-en">c</span> <span class="pl-en">l</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">if</span> <span class="pl-en">norm_fully</span> <span class="pl-c1">(</span><span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">azero</span><span class="pl-c1">)</span> <span class="pl-k">then</span> <span class="pl-en">canonical_sum_simplify</span> <span class="pl-en">r</span> <span class="pl-en">t</span>
+    <span class="pl-k">else</span>
+      <span class="pl-k">if</span> <span class="pl-en">norm_fully</span> <span class="pl-c1">(</span><span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">aone</span><span class="pl-c1">)</span>
+      <span class="pl-k">then</span> <span class="pl-c1">Cons_varlist</span> <span class="pl-en">l</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_simplify</span> <span class="pl-en">r</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+      <span class="pl-k">else</span> <span class="pl-c1">Cons_monom</span> <span class="pl-en">c</span> <span class="pl-en">l</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_simplify</span> <span class="pl-en">r</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_varlist</span> <span class="pl-en">l</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Cons_varlist</span> <span class="pl-en">l</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_simplify</span> <span class="pl-en">r</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Nil_monom</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span></pre></div>
+<h4>
+<a id="user-content-spolynomial_simplify" class="anchor" href="#spolynomial_simplify" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>spolynomial_simplify</h4>
 <ul>
 <li>The main canonization algorithm: turn an expression into a sum and</li>
 <li>simplify it.</li>
-<li></li>
+<li>
+</li>
 </ul>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> (vmap a):*(list <span class="co">(*(var, a)), a)</span></code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">spolynomial_simplify</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">cr</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">spolynomial</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">canonical_sum</span> <span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">canon_attr</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">spolynomial_simplify</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">p</span> <span class="pl-c1">=</span>
+  <span class="pl-en">canonical_sum_simplify</span> <span class="pl-en">r</span>
+    <span class="pl-c1">(</span><span class="pl-en">spolynomial_normalize</span> <span class="pl-en">r</span> <span class="pl-en">p</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<p>Interpretation of varlists, monomials and canonical sums</p>
+</blockquote>
+<h4>
+<a id="user-content-vmap" class="anchor" href="#vmap" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>vmap</h4>
 <ul>
 <li>The variable map:</li>
 <li>This maps polynomial variables to ring expressions. That is, any term</li>
 <li>that is not an addition or a multplication is turned into a variable</li>
-<li></li>
+<li>
+</li>
 <li>The representation is inefficient. For large terms it might be worthwhile</li>
 <li>using a better data structure.</li>
-<li></li>
+<li>
+</li>
 </ul>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((update (#a:Type) (x:var) (xa:a) (vm:vmap a)):vmap a):<span class="kw">let</span>  (l, y) = vm <span class="kw">in</span> (FStar<span class="kw">.</span>Pervasives<span class="kw">.</span>Native<span class="kw">.</span>Mktuple2 (Prims<span class="kw">.</span>Cons ((FStar<span class="kw">.</span>Pervasives<span class="kw">.</span>Native<span class="kw">.</span>Mktuple2 x xa)) l) y)</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">vmap</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">var</span> * <span class="pl-en">a</span><span class="pl-c1">)</span> * <span class="pl-en">a</span></pre></div>
+<h4>
+<a id="user-content-update" class="anchor" href="#update" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>update</h4>
 <p>Add a new entry in a variable map</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((quote_list (#a:Type) (ta:term) (quotea:Unidentified product: [a] (Tac term)) (xs:list a)):(Tac term)):<span class="kw">match</span> xs <span class="kw">with</span> []  -&gt; mk_app ((`(Nil))) (Prims<span class="kw">.</span>Cons ((FStar<span class="kw">.</span>Pervasives<span class="kw">.</span>Native<span class="kw">.</span>Mktuple2 ta Q_Implicit)) (Prims<span class="kw">.</span>Nil )) | (Prims<span class="kw">.</span>Cons x xs&#39;)  -&gt; mk_app ((`(Cons))) (Prims<span class="kw">.</span>Cons ((FStar<span class="kw">.</span>Pervasives<span class="kw">.</span>Native<span class="kw">.</span>Mktuple2 ta Q_Implicit)) (Prims<span class="kw">.</span>Cons ((FStar<span class="kw">.</span>Pervasives<span class="kw">.</span>Native<span class="kw">.</span>Mktuple2 quotea x Q_Explicit)) (Prims<span class="kw">.</span>Cons ((FStar<span class="kw">.</span>Pervasives<span class="kw">.</span>Native<span class="kw">.</span>Mktuple2 quote_list ta quotea xs&#39; Q_Explicit)) (Prims<span class="kw">.</span>Nil ))))</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">update</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">var</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">xa</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">vm</span><span class="pl-c1">:</span><span class="pl-en">vmap</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">vmap</span> <span class="pl-en">a</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">l</span><span class="pl-c1">,</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">vm</span> <span class="pl-k">in</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-en">xa</span><span class="pl-c1">)</span> <span class="pl-c1">::</span> <span class="pl-en">l</span><span class="pl-c1">,</span> <span class="pl-en">y</span></pre></div>
+<h4>
+<a id="user-content-quote_list" class="anchor" href="#quote_list" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>quote_list</h4>
 <p>Quotes a list</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((quote_vm (#a:Type) (ta:term) (quotea:Unidentified product: [a] (Tac term)) (vm:vmap a)):(Tac term)):<span class="kw">let</span>  ((quote_map_entry (p:<span class="co">(*(nat, a)))):(Tac term)) = mk_app ((`(Mktuple2))) (Prims.Cons ((FStar.Pervasives.Native.Mktuple2 (`(nat)) Q_Implicit)) (Prims.Cons ((FStar.Pervasives.Native.Mktuple2 ta Q_Implicit)) (Prims.Cons ((FStar.Pervasives.Native.Mktuple2 pack ((Tv_Const ((C_Int (fst p))))) Q_Explicit)) (Prims.Cons ((FStar.Pervasives.Native.Mktuple2 quotea (snd p) Q_Explicit)) (Prims.Nil ))))) in let  tyentry = mk_e_app ((`(tuple2))) (Prims.Cons ((`(nat))) (Prims.Cons ta (Prims.Nil ))) in let  tlist = quote_list tyentry quote_map_entry (fst vm) in let  tylist = mk_e_app ((`(list))) (Prims.Cons tyentry (Prims.Nil )) in mk_app ((`(Mktuple2))) (Prims.Cons ((FStar.Pervasives.Native.Mktuple2 tylist Q_Implicit)) (Prims.Cons ((FStar.Pervasives.Native.Mktuple2 ta Q_Implicit)) (Prims.Cons ((FStar.Pervasives.Native.Mktuple2 tlist Q_Explicit)) (Prims.Cons ((FStar.Pervasives.Native.Mktuple2 quotea (snd vm) Q_Explicit)) (Prims.Nil )))))</span></code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">quote_list</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">ta</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">quotea</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">xs</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span>
+    <span class="pl-c1">Tac</span> <span class="pl-en">term</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">xs</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mk_app</span> <span class="pl-c1">(`</span><span class="pl-c1">Nil</span><span class="pl-c1">)</span> <span class="pl-c1">[(</span><span class="pl-en">ta</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Implicit</span><span class="pl-c1">)]</span>
+  <span class="pl-c1">|</span> <span class="pl-en">x</span><span class="pl-c1">::</span><span class="pl-en">xs'</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mk_app</span> <span class="pl-c1">(`</span><span class="pl-c1">Cons</span><span class="pl-c1">)</span> <span class="pl-c1">[(</span><span class="pl-en">ta</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Implicit</span><span class="pl-c1">);</span>
+                             <span class="pl-c1">(</span><span class="pl-en">quotea</span> <span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">);</span>
+                             <span class="pl-c1">(</span><span class="pl-en">quote_list</span> <span class="pl-en">ta</span> <span class="pl-en">quotea</span> <span class="pl-en">xs'</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">)]</span></pre></div>
+<h4>
+<a id="user-content-quote_vm" class="anchor" href="#quote_vm" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>quote_vm</h4>
 <p>Quotes a variable map</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> (interp_var (#a:Type) (vm:vmap a) (i:index)):<span class="kw">match</span> List<span class="kw">.</span>Tot<span class="kw">.</span>assoc i (fst vm) <span class="kw">with</span> (Some x)  -&gt; x | _  -&gt; snd vm</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">quote_vm</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">ta</span><span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">quotea</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">vm</span><span class="pl-c1">:</span><span class="pl-en">vmap</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">quote_map_entry</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:(nat</span> * <span class="pl-en">a</span><span class="pl-c1">))</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span> <span class="pl-c1">=</span>
+    <span class="pl-en">mk_app</span> <span class="pl-c1">(`</span><span class="pl-c1">Mktuple2</span><span class="pl-c1">)</span> <span class="pl-c1">[(`nat,</span> <span class="pl-c1">Q_Implicit</span><span class="pl-c1">);</span> <span class="pl-c1">(</span><span class="pl-en">ta</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Implicit</span><span class="pl-c1">);</span>
+      <span class="pl-c1">(</span><span class="pl-en">pack</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_Const</span> <span class="pl-c1">(</span><span class="pl-c1">C_Int</span> <span class="pl-c1">(</span><span class="pl-en">fst</span> <span class="pl-en">p</span><span class="pl-c1">))),</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">);</span>
+      <span class="pl-c1">(</span><span class="pl-en">quotea</span> <span class="pl-c1">(</span><span class="pl-en">snd</span> <span class="pl-en">p</span><span class="pl-c1">),</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">)]</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">tyentry</span> <span class="pl-c1">=</span> <span class="pl-en">mk_e_app</span> <span class="pl-c1">(`</span><span class="pl-en">tuple2</span><span class="pl-c1">)</span> <span class="pl-c1">[(`nat);</span> <span class="pl-en">ta</span><span class="pl-c1">]</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">tlist</span> <span class="pl-c1">=</span> <span class="pl-en">quote_list</span> <span class="pl-en">tyentry</span> <span class="pl-en">quote_map_entry</span> <span class="pl-c1">(</span><span class="pl-en">fst</span> <span class="pl-en">vm</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">tylist</span> <span class="pl-c1">=</span> <span class="pl-en">mk_e_app</span> <span class="pl-c1">(`</span><span class="pl-en">list</span><span class="pl-c1">)</span> <span class="pl-c1">[</span><span class="pl-en">tyentry</span><span class="pl-c1">]</span> <span class="pl-k">in</span>
+  <span class="pl-en">mk_app</span> <span class="pl-c1">(`</span><span class="pl-c1">Mktuple2</span><span class="pl-c1">)</span> <span class="pl-c1">[(</span><span class="pl-en">tylist</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Implicit</span><span class="pl-c1">);</span> <span class="pl-c1">(</span><span class="pl-en">ta</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Implicit</span><span class="pl-c1">);</span>
+                      <span class="pl-c1">(</span><span class="pl-en">tlist</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">);</span> <span class="pl-c1">(</span><span class="pl-en">quotea</span> <span class="pl-c1">(</span><span class="pl-en">snd</span> <span class="pl-en">vm</span><span class="pl-c1">),</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">)]</span></pre></div>
+<h4>
+<a id="user-content-interp_var" class="anchor" href="#interp_var" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>interp_var</h4>
 <ul>
 <li>A varlist is interpreted as the product of the entries in the variable map</li>
-<li></li>
+<li>
+</li>
 <li>Unbound variables are mapped to the default value according to the map.</li>
 <li>This would normally never occur, but it makes it easy to prove correctness.</li>
 </ul>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((interp_cs (#a:Type) (r:cr a) (vm:vmap a) (s:canonical_sum a)):a):<span class="kw">let</span>  azero = r.cm_add.<span class="dt">unit</span> <span class="kw">in</span> <span class="kw">match</span> s <span class="kw">with</span> Nil_monom  -&gt; azero | (Cons_varlist l t)  -&gt; ics_aux r vm (interp_vl r vm l) t | (Cons_monom c l t)  -&gt; ics_aux r vm (interp_m r vm c l) t</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">canon_attr</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">interp_var</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">vm</span><span class="pl-c1">:</span><span class="pl-en">vmap</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">index</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-smi">List.Tot.Base.</span><span class="pl-en">assoc</span> <span class="pl-en">i</span> <span class="pl-c1">(</span><span class="pl-en">fst</span> <span class="pl-en">vm</span><span class="pl-c1">)</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">snd</span> <span class="pl-en">vm</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">canon_attr</span><span class="pl-c1">]</span>
+<span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">ivl_aux</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">vm</span><span class="pl-c1">:</span><span class="pl-en">vmap</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">index</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">varlist</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">amult</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-k">match</span> <span class="pl-en">t</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Nil_var</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">interp_var</span> <span class="pl-en">vm</span> <span class="pl-en">x</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_var</span> <span class="pl-en">x'</span> <span class="pl-en">t'</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">interp_var</span> <span class="pl-en">vm</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ivl_aux</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">x'</span> <span class="pl-en">t'</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">canon_attr</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">interp_vl</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">vm</span><span class="pl-c1">:</span><span class="pl-en">vmap</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">varlist</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">aone</span>  <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.unit</span> <span class="pl-k">in</span>
+  <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Nil_var</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">aone</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_var</span> <span class="pl-en">x</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">ivl_aux</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">x</span> <span class="pl-en">t</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">canon_attr</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">interp_m</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">vm</span><span class="pl-c1">:</span><span class="pl-en">vmap</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">varlist</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">amult</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Nil_var</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_var</span> <span class="pl-en">x</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">amult</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">ivl_aux</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">x</span> <span class="pl-en">t</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">canon_attr</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">ics_aux</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">vm</span><span class="pl-c1">:</span><span class="pl-en">vmap</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">canonical_sum</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">aplus</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-k">match</span> <span class="pl-en">s</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Nil_monom</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_varlist</span> <span class="pl-en">l</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">aplus</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">ics_aux</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_monom</span> <span class="pl-en">c</span> <span class="pl-en">l</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">aplus</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">ics_aux</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">interp_m</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-en">t</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-interp_cs" class="anchor" href="#interp_cs" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>interp_cs</h4>
 <p>Interpretation of a canonical sum</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((interp_sp (#a:Type) (r:cr a) (vm:vmap a) (p:spolynomial a)):a):<span class="kw">let</span>  aplus = r.cm_add.mult <span class="kw">in</span> <span class="kw">let</span>  amult = r.cm_mult.mult <span class="kw">in</span> <span class="kw">match</span> p <span class="kw">with</span> (SPconst c)  -&gt; c | (SPvar i)  -&gt; interp_var vm i | (SPplus p1 p2)  -&gt; aplus (interp_sp r vm p1) (interp_sp r vm p2) | (SPmult p1 p2)  -&gt; amult (interp_sp r vm p1) (interp_sp r vm p2)</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">canon_attr</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">interp_cs</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">vm</span><span class="pl-c1">:</span><span class="pl-en">vmap</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">canonical_sum</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">azero</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.unit</span> <span class="pl-k">in</span>
+  <span class="pl-k">match</span> <span class="pl-en">s</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Nil_monom</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">azero</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_varlist</span> <span class="pl-en">l</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">ics_aux</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-en">t</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_monom</span> <span class="pl-en">c</span> <span class="pl-en">l</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">ics_aux</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">interp_m</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-en">t</span></pre></div>
+<h4>
+<a id="user-content-interp_sp" class="anchor" href="#interp_sp" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>interp_sp</h4>
 <p>Interpretation of a polynomial</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">typepolynomial = Pvar:Unidentified product: [index] polynomial a | Pconst:Unidentified product: [a] polynomial a | Pplus:Unidentified product: [polynomial a] Unidentified product: [polynomial a] polynomial a | Pmult:Unidentified product: [polynomial a] Unidentified product: [polynomial a] polynomial a | Popp:Unidentified product: [polynomial a] polynomial a </code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">canon_attr</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">interp_sp</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">vm</span><span class="pl-c1">:</span><span class="pl-en">vmap</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">spolynomial</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">aplus</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">amult</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-k">match</span> <span class="pl-en">p</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">SPconst</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">SPvar</span> <span class="pl-en">i</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">interp_var</span> <span class="pl-en">vm</span> <span class="pl-en">i</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">SPplus</span> <span class="pl-en">p1</span> <span class="pl-en">p2</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_sp</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">p1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_sp</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">p2</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">SPmult</span> <span class="pl-en">p1</span> <span class="pl-en">p2</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">interp_sp</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">p1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_sp</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">p2</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<p>Proof of correctness</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mult_one_l</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.unit</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.unit</span> <span class="pl-en">x</span><span class="pl-c1">)]</span>
+<span class="pl-k">let</span> <span class="pl-en">mult_one_l</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">x</span> <span class="pl-c1">=</span>
+  <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">identity</span> <span class="pl-en">x</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mult_one_r</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-en">x</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.unit</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-en">x</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.unit)]</span>
+<span class="pl-k">let</span> <span class="pl-en">mult_one_r</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">x</span> <span class="pl-c1">=</span>
+  <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">commutativity</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.unit</span> <span class="pl-en">x</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mult_zero_l</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.unit</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.unit)</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.unit</span> <span class="pl-en">x</span><span class="pl-c1">)]</span>
+<span class="pl-k">let</span> <span class="pl-en">mult_zero_l</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">x</span> <span class="pl-c1">=</span>
+  <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">mult_zero_l</span> <span class="pl-en">x</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mult_zero_r</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-en">x</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.unit</span> <span class="pl-c1">==</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.unit)</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-en">x</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.unit)]</span>
+<span class="pl-k">let</span> <span class="pl-en">mult_zero_r</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">x</span> <span class="pl-c1">=</span>
+  <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">commutativity</span> <span class="pl-en">x</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.unit</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">add_zero_l</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.unit</span> <span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.unit</span> <span class="pl-en">x</span><span class="pl-c1">)]</span>
+<span class="pl-k">let</span> <span class="pl-en">add_zero_l</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">x</span> <span class="pl-c1">=</span>
+  <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">identity</span>  <span class="pl-en">x</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">add_zero_r</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-en">x</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.unit</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-en">x</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.unit)]</span>
+<span class="pl-k">let</span> <span class="pl-en">add_zero_r</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">x</span> <span class="pl-c1">=</span>
+  <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">commutativity</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.unit</span> <span class="pl-en">x</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">opp_unique</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.unit)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">opp</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">opp_unique</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-c1">(</span> <span class="pl-c1">+</span> <span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">zero</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.unit</span> <span class="pl-k">in</span>
+  <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+    <span class="pl-en">y</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">add_opp</span> <span class="pl-en">x</span> <span class="pl-c1">}</span>
+    <span class="pl-en">y</span> <span class="pl-c1">+</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">+</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">opp</span> <span class="pl-en">x</span><span class="pl-c1">);</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">associativity</span> <span class="pl-en">y</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">opp</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">y</span> <span class="pl-c1">+</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">opp</span> <span class="pl-en">x</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">commutativity</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">}</span>
+    <span class="pl-en">zero</span> <span class="pl-c1">+</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">opp</span> <span class="pl-en">x</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+    <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">opp</span> <span class="pl-en">x</span><span class="pl-c1">;</span>
+  <span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">add_mult_opp</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">opp</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.unit)</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.unit)</span>
+<span class="pl-k">let</span> <span class="pl-en">add_mult_opp</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">x</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-c1">(</span> <span class="pl-c1">+</span> <span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-c1">(</span> * <span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">zero</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.unit</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">one</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.unit</span> <span class="pl-k">in</span>
+  <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+    <span class="pl-en">x</span> <span class="pl-c1">+</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">opp</span> <span class="pl-en">one</span> * <span class="pl-en">x</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+    <span class="pl-en">one</span> * <span class="pl-en">x</span> <span class="pl-c1">+</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">opp</span> <span class="pl-en">one</span> * <span class="pl-en">x</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">distribute_right</span> <span class="pl-en">r</span> <span class="pl-en">one</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">opp</span> <span class="pl-en">one</span><span class="pl-c1">)</span> <span class="pl-en">x</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">(</span><span class="pl-en">one</span> <span class="pl-c1">+</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">opp</span> <span class="pl-en">one</span><span class="pl-c1">)</span> * <span class="pl-en">x</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">add_opp</span> <span class="pl-en">one</span> <span class="pl-c1">}</span>
+    <span class="pl-en">zero</span> * <span class="pl-en">x</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+    <span class="pl-en">zero</span><span class="pl-c1">;</span>
+  <span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">ivl_aux_ok</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">vm</span><span class="pl-c1">:</span><span class="pl-en">vmap</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">varlist</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">index</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ivl_aux</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">i</span> <span class="pl-en">v</span> <span class="pl-c1">==</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-c1">(</span><span class="pl-en">interp_var</span> <span class="pl-en">vm</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">v</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">ivl_aux_ok</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">v</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">vm_aux_ok</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">vm</span><span class="pl-c1">:</span><span class="pl-en">vmap</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">index</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">varlist</span><span class="pl-c1">)</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>
+    <span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">vm_aux</span> <span class="pl-en">v</span> <span class="pl-en">t</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">==</span>
+    <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-c1">Cons_var</span> <span class="pl-en">v</span> <span class="pl-en">t</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">%[</span><span class="pl-en">t</span><span class="pl-c1">;</span> <span class="pl-en">l</span><span class="pl-c1">;</span> <span class="pl-c1">1</span><span class="pl-c1">]</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">varlist_merge_ok</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">vm</span><span class="pl-c1">:</span><span class="pl-en">vmap</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">varlist</span><span class="pl-c1">)</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>
+    <span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">varlist_merge</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">==</span>
+    <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">y</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">%[</span><span class="pl-en">x</span><span class="pl-c1">;</span> <span class="pl-en">y</span><span class="pl-c1">;</span> <span class="pl-c1">0</span><span class="pl-c1">]</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">varlist_merge_ok</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">amult</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-k">match</span> <span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-en">y</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_var</span> <span class="pl-en">v1</span> <span class="pl-en">t1</span><span class="pl-c1">,</span> <span class="pl-c1">Nil_var</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_var</span> <span class="pl-en">v1</span> <span class="pl-en">t1</span><span class="pl-c1">,</span> <span class="pl-c1">Cons_var</span> <span class="pl-en">v2</span> <span class="pl-en">t2</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">if</span> <span class="pl-en">v1</span> &lt; <span class="pl-en">v2</span>
+    <span class="pl-k">then</span>
+      <span class="pl-k">begin</span>
+      <span class="pl-en">varlist_merge_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t1</span> <span class="pl-en">y</span><span class="pl-c1">;</span>
+      <span class="pl-k">assert</span> <span class="pl-c1">(</span>
+        <span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">varlist_merge</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">==</span>
+        <span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">interp_var</span> <span class="pl-en">vm</span> <span class="pl-en">v1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">y</span><span class="pl-c1">)));</span>
+      <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">associativity</span>
+        <span class="pl-c1">(</span><span class="pl-en">interp_var</span> <span class="pl-en">vm</span> <span class="pl-en">v1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+      <span class="pl-k">end</span>
+    <span class="pl-k">else</span>
+      <span class="pl-en">vm_aux_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">v1</span> <span class="pl-en">t1</span> <span class="pl-en">y</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Nil_var</span><span class="pl-c1">,</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+<span class="pl-k">and</span> <span class="pl-en">vm_aux_ok</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">v1</span> <span class="pl-en">t1</span> <span class="pl-en">l2</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">l2</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_var</span> <span class="pl-en">v2</span> <span class="pl-en">t2</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">if</span> <span class="pl-en">v1</span> &lt; <span class="pl-en">v2</span>
+    <span class="pl-k">then</span>
+      <span class="pl-k">begin</span>
+      <span class="pl-en">varlist_merge_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t1</span> <span class="pl-en">l2</span><span class="pl-c1">;</span>
+      <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">associativity</span>
+        <span class="pl-c1">(</span><span class="pl-en">interp_var</span> <span class="pl-en">vm</span> <span class="pl-en">v1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">)</span>
+      <span class="pl-k">end</span>
+    <span class="pl-k">else</span>
+      <span class="pl-k">begin</span>
+      <span class="pl-en">vm_aux_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">v1</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">;</span>
+      <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+        <span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-c1">Cons_var</span> <span class="pl-en">v2</span> <span class="pl-c1">(</span><span class="pl-en">vm_aux</span> <span class="pl-en">v1</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">));</span>
+        <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+        <span class="pl-en">ivl_aux</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">v2</span> <span class="pl-c1">(</span><span class="pl-en">vm_aux</span> <span class="pl-en">v1</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">);</span>
+        <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+        <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-c1">(</span><span class="pl-en">interp_var</span> <span class="pl-en">vm</span> <span class="pl-en">v2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">vm_aux</span> <span class="pl-en">v1</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">));</span>
+        <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+        <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-c1">(</span><span class="pl-en">interp_var</span> <span class="pl-en">vm</span> <span class="pl-en">v2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-c1">Cons_var</span> <span class="pl-en">v1</span> <span class="pl-en">t1</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">));</span>
+        <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">commutativity</span>
+               <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-c1">Cons_var</span> <span class="pl-en">v1</span> <span class="pl-en">t1</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+        <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-c1">(</span><span class="pl-en">interp_var</span> <span class="pl-en">vm</span> <span class="pl-en">v2</span><span class="pl-c1">)</span>
+          <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-c1">Cons_var</span> <span class="pl-en">v1</span> <span class="pl-en">t1</span><span class="pl-c1">))</span> <span class="pl-c1">);</span>
+        <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">associativity</span>
+              <span class="pl-c1">(</span><span class="pl-en">interp_var</span> <span class="pl-en">vm</span> <span class="pl-en">v2</span><span class="pl-c1">)</span>
+              <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-c1">Cons_var</span> <span class="pl-en">v1</span> <span class="pl-en">t1</span><span class="pl-c1">))</span> <span class="pl-c1">}</span>
+        <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span>
+         <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-c1">(</span><span class="pl-en">interp_var</span> <span class="pl-en">vm</span> <span class="pl-en">v2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">))</span>
+         <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-c1">Cons_var</span> <span class="pl-en">v1</span> <span class="pl-en">t1</span><span class="pl-c1">));</span>
+        <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">commutativity</span>
+            <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-c1">Cons_var</span> <span class="pl-en">v1</span> <span class="pl-en">t1</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-c1">Cons_var</span> <span class="pl-en">v2</span> <span class="pl-en">t2</span><span class="pl-c1">))</span> <span class="pl-c1">}</span>
+        <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-c1">Cons_var</span> <span class="pl-en">v1</span> <span class="pl-en">t1</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-c1">Cons_var</span> <span class="pl-en">v2</span> <span class="pl-en">t2</span><span class="pl-c1">));</span>
+      <span class="pl-c1">}</span>
+      <span class="pl-k">end</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">ics_aux_ok</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">vm</span><span class="pl-c1">:</span><span class="pl-en">vmap</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">canonical_sum</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">ics_aux</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">x</span> <span class="pl-en">s</span> <span class="pl-c1">==</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">s</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">ics_aux_ok</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">x</span> <span class="pl-en">s</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">s</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Nil_monom</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_varlist</span> <span class="pl-en">l</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">ics_aux_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-en">t</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_monom</span> <span class="pl-en">c</span> <span class="pl-en">l</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">ics_aux_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">interp_m</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-en">t</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">interp_m_ok</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">vm</span><span class="pl-c1">:</span><span class="pl-en">vmap</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">varlist</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">interp_m</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">x</span> <span class="pl-en">l</span> <span class="pl-c1">==</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">interp_m_ok</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">x</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">aplus_assoc_4</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">w</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">z</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-en">aplus</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+   <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">w</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">w</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">x</span> <span class="pl-en">z</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">aplus_assoc_4</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">w</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-en">z</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">aplus</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">assoc</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">associativity</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">comm</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">commutativity</span> <span class="pl-k">in</span>
+  <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+    <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">w</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">);</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">assoc</span> <span class="pl-en">w</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+    <span class="pl-en">aplus</span> <span class="pl-en">w</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">));</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">comm</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+    <span class="pl-en">aplus</span> <span class="pl-en">w</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">)</span> <span class="pl-en">x</span><span class="pl-c1">);</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">assoc</span> <span class="pl-en">w</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">)</span> <span class="pl-en">x</span> <span class="pl-c1">}</span>
+    <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">w</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">y</span> <span class="pl-en">z</span><span class="pl-c1">))</span> <span class="pl-en">x</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">assoc</span> <span class="pl-en">w</span> <span class="pl-en">y</span> <span class="pl-en">z</span> <span class="pl-c1">}</span>
+    <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">w</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-en">z</span><span class="pl-c1">)</span> <span class="pl-en">x</span><span class="pl-c1">;</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">assoc</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">w</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-en">z</span> <span class="pl-en">x</span> <span class="pl-c1">}</span>
+    <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">w</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">z</span> <span class="pl-en">x</span><span class="pl-c1">);</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">comm</span> <span class="pl-en">z</span> <span class="pl-en">x</span> <span class="pl-c1">}</span>
+    <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">w</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">x</span> <span class="pl-en">z</span><span class="pl-c1">);</span>
+  <span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">canonical_sum_merge_ok</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">vm</span><span class="pl-c1">:</span><span class="pl-en">vmap</span> <span class="pl-en">a</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">canonical_sum</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">canonical_sum</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>
+    <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_merge</span> <span class="pl-en">r</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">==</span>
+    <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">%[</span><span class="pl-en">s1</span><span class="pl-c1">;</span> <span class="pl-en">s2</span><span class="pl-c1">;</span> <span class="pl-c1">0</span><span class="pl-c1">]</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">csm_aux_ok</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">vm</span><span class="pl-c1">:</span><span class="pl-en">vmap</span> <span class="pl-en">a</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">c1</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l1</span><span class="pl-c1">:</span><span class="pl-en">varlist</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t1</span><span class="pl-c1">:</span><span class="pl-en">canonical_sum</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">canonical_sum</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>
+    <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">csm_aux</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">==</span>
+    <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-c1">Cons_monom</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">%[</span><span class="pl-en">t1</span><span class="pl-c1">;</span> <span class="pl-en">s2</span><span class="pl-c1">;</span> <span class="pl-c1">1</span><span class="pl-c1">]</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">canonical_sum_merge_ok</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">aone</span>  <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.unit</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">aplus</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">amult</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-k">match</span> <span class="pl-en">s1</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_monom</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">csm_aux_ok</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span> <span class="pl-en">s2</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_varlist</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span>  <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+      <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_merge</span> <span class="pl-en">r</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">);</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+      <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">csm_aux</span> <span class="pl-en">r</span> <span class="pl-en">aone</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span> <span class="pl-en">s2</span><span class="pl-c1">);</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">csm_aux_ok</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">aone</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span> <span class="pl-en">s2</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-c1">Cons_monom</span> <span class="pl-en">aone</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">);</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">ics_aux_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-en">t1</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-c1">Cons_varlist</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">);</span>
+    <span class="pl-c1">}</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Nil_monom</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+<span class="pl-k">and</span> <span class="pl-en">csm_aux_ok</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span> <span class="pl-en">s2</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">aplus</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">aone</span>  <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.unit</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">amult</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-k">match</span> <span class="pl-en">s2</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Nil_monom</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_monom</span> <span class="pl-en">c2</span> <span class="pl-en">l2</span> <span class="pl-en">t2</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">let</span> <span class="pl-en">s1</span> <span class="pl-c1">=</span> <span class="pl-c1">Cons_monom</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span> <span class="pl-k">in</span>
+    <span class="pl-k">if</span> <span class="pl-en">l1</span> <span class="pl-c1">=</span> <span class="pl-en">l2</span> <span class="pl-k">then</span>
+    <span class="pl-k">begin</span>
+    <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+      <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">csm_aux</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span> <span class="pl-en">s2</span><span class="pl-c1">);</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+      <span class="pl-en">ics_aux</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">interp_m</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">c1</span> <span class="pl-en">c2</span><span class="pl-c1">)</span> <span class="pl-en">l1</span><span class="pl-c1">)</span>
+                   <span class="pl-c1">(</span><span class="pl-en">canonical_sum_merge</span> <span class="pl-en">r</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">);</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">ics_aux_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">interp_m</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">c1</span> <span class="pl-en">c2</span><span class="pl-c1">)</span> <span class="pl-en">l1</span><span class="pl-c1">)</span>
+                           <span class="pl-c1">(</span><span class="pl-en">canonical_sum_merge</span> <span class="pl-en">r</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_m</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">c1</span> <span class="pl-en">c2</span><span class="pl-c1">)</span> <span class="pl-en">l1</span><span class="pl-c1">)</span>
+            <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_merge</span> <span class="pl-en">r</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">interp_m_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">c1</span> <span class="pl-en">c2</span><span class="pl-c1">)</span> <span class="pl-en">l1</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">c1</span> <span class="pl-en">c2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_merge</span> <span class="pl-en">r</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">canonical_sum_merge_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">c1</span> <span class="pl-en">c2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">distribute_right</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span>
+                   <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">)))</span>
+            <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t1</span><span class="pl-c1">)</span>
+                   <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">aplus_assoc_4</span> <span class="pl-en">r</span>
+             <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span>
+             <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+             <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t1</span><span class="pl-c1">)</span>
+             <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t1</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">ics_aux_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span> <span class="pl-en">t1</span><span class="pl-c1">;</span>
+           <span class="pl-en">interp_m_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s1</span><span class="pl-c1">)</span>
+            <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">ics_aux_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">))</span> <span class="pl-en">t2</span><span class="pl-c1">;</span>
+           <span class="pl-en">interp_m_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c2</span> <span class="pl-en">l2</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">);</span>
+    <span class="pl-c1">}</span>
+    <span class="pl-k">end</span>
+    <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">varlist_lt</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-k">then</span>
+    <span class="pl-k">begin</span>
+    <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+      <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_merge</span> <span class="pl-en">r</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">);</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+      <span class="pl-en">ics_aux</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">interp_m</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span><span class="pl-c1">)</span>
+                   <span class="pl-c1">(</span><span class="pl-en">canonical_sum_merge</span> <span class="pl-en">r</span> <span class="pl-en">t1</span> <span class="pl-en">s2</span><span class="pl-c1">);</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">ics_aux_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">interp_m</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span><span class="pl-c1">)</span>
+                           <span class="pl-c1">(</span><span class="pl-en">canonical_sum_merge</span> <span class="pl-en">r</span> <span class="pl-en">t1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_m</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span><span class="pl-c1">)</span>
+            <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_merge</span> <span class="pl-en">r</span> <span class="pl-en">t1</span> <span class="pl-en">s2</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">interp_m_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_merge</span> <span class="pl-en">r</span> <span class="pl-en">t1</span> <span class="pl-en">s2</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">canonical_sum_merge_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t1</span> <span class="pl-en">s2</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">associativity</span>
+             <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span>
+             <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t1</span><span class="pl-c1">)</span>
+             <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">)</span>
+         <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span>
+                   <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t1</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">);</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">ics_aux_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span> <span class="pl-en">t1</span><span class="pl-c1">;</span>
+           <span class="pl-en">interp_m_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">);</span>
+    <span class="pl-c1">}</span>
+    <span class="pl-k">end</span>
+    <span class="pl-k">else</span>
+    <span class="pl-k">begin</span>
+    <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+      <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">csm_aux</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span> <span class="pl-en">s2</span><span class="pl-c1">);</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+      <span class="pl-en">ics_aux</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">interp_m</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c2</span> <span class="pl-en">l2</span><span class="pl-c1">)</span>
+                   <span class="pl-c1">(</span><span class="pl-en">csm_aux</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">);</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">ics_aux_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">interp_m</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c2</span> <span class="pl-en">l2</span><span class="pl-c1">)</span>
+                           <span class="pl-c1">(</span><span class="pl-en">csm_aux</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_m</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c2</span> <span class="pl-en">l2</span><span class="pl-c1">)</span>
+            <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">csm_aux</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">interp_m_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c2</span> <span class="pl-en">l2</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">csm_aux</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">csm_aux_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">commutativity</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s1</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">associativity</span>
+             <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+             <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">)</span>
+             <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s1</span><span class="pl-c1">)</span>
+         <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+                   <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s1</span><span class="pl-c1">);</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">ics_aux_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span> <span class="pl-en">t1</span><span class="pl-c1">;</span>
+           <span class="pl-en">interp_m_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s1</span><span class="pl-c1">);</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">commutativity</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">);</span>
+    <span class="pl-c1">}</span>
+    <span class="pl-k">end</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_varlist</span> <span class="pl-en">l2</span> <span class="pl-en">t2</span> <span class="pl-c1">-&gt;</span> <span class="pl-c">// Same as Cons_monom with c2 = aone</span>
+    <span class="pl-k">let</span> <span class="pl-en">c2</span> <span class="pl-c1">=</span> <span class="pl-en">aone</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">s1</span> <span class="pl-c1">=</span> <span class="pl-c1">Cons_monom</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span> <span class="pl-k">in</span>
+    <span class="pl-k">if</span> <span class="pl-en">l1</span> <span class="pl-c1">=</span> <span class="pl-en">l2</span> <span class="pl-k">then</span>
+    <span class="pl-k">begin</span>
+    <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+      <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">csm_aux</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span> <span class="pl-en">s2</span><span class="pl-c1">);</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+      <span class="pl-en">ics_aux</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">interp_m</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">c1</span> <span class="pl-en">c2</span><span class="pl-c1">)</span> <span class="pl-en">l1</span><span class="pl-c1">)</span>
+                   <span class="pl-c1">(</span><span class="pl-en">canonical_sum_merge</span> <span class="pl-en">r</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">);</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">ics_aux_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">interp_m</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">c1</span> <span class="pl-en">c2</span><span class="pl-c1">)</span> <span class="pl-en">l1</span><span class="pl-c1">)</span>
+                           <span class="pl-c1">(</span><span class="pl-en">canonical_sum_merge</span> <span class="pl-en">r</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_m</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">c1</span> <span class="pl-en">c2</span><span class="pl-c1">)</span> <span class="pl-en">l1</span><span class="pl-c1">)</span>
+            <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_merge</span> <span class="pl-en">r</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">interp_m_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">c1</span> <span class="pl-en">c2</span><span class="pl-c1">)</span> <span class="pl-en">l1</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">c1</span> <span class="pl-en">c2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_merge</span> <span class="pl-en">r</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">canonical_sum_merge_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">c1</span> <span class="pl-en">c2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">distribute_right</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span>
+                   <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">)))</span>
+            <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t1</span><span class="pl-c1">)</span>
+                   <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">aplus_assoc_4</span> <span class="pl-en">r</span>
+             <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span>
+             <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+             <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t1</span><span class="pl-c1">)</span>
+             <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t1</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">ics_aux_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span> <span class="pl-en">t1</span><span class="pl-c1">;</span>
+           <span class="pl-en">interp_m_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s1</span><span class="pl-c1">)</span>
+            <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">ics_aux_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">))</span> <span class="pl-en">t2</span><span class="pl-c1">;</span>
+           <span class="pl-en">interp_m_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c2</span> <span class="pl-en">l2</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">);</span>
+    <span class="pl-c1">}</span>
+    <span class="pl-k">end</span>
+    <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">varlist_lt</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-k">then</span>
+    <span class="pl-k">begin</span>
+    <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+      <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_merge</span> <span class="pl-en">r</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">);</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+      <span class="pl-en">ics_aux</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">interp_m</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span><span class="pl-c1">)</span>
+                   <span class="pl-c1">(</span><span class="pl-en">canonical_sum_merge</span> <span class="pl-en">r</span> <span class="pl-en">t1</span> <span class="pl-en">s2</span><span class="pl-c1">);</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">ics_aux_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">interp_m</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span><span class="pl-c1">)</span>
+                           <span class="pl-c1">(</span><span class="pl-en">canonical_sum_merge</span> <span class="pl-en">r</span> <span class="pl-en">t1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_m</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span><span class="pl-c1">)</span>
+            <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_merge</span> <span class="pl-en">r</span> <span class="pl-en">t1</span> <span class="pl-en">s2</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">interp_m_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_merge</span> <span class="pl-en">r</span> <span class="pl-en">t1</span> <span class="pl-en">s2</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">canonical_sum_merge_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t1</span> <span class="pl-en">s2</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">associativity</span>
+             <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span>
+             <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t1</span><span class="pl-c1">)</span>
+             <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">)</span>
+         <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span>
+                   <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t1</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">);</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">ics_aux_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span> <span class="pl-en">t1</span><span class="pl-c1">;</span>
+           <span class="pl-en">interp_m_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">);</span>
+    <span class="pl-c1">}</span>
+    <span class="pl-k">end</span>
+    <span class="pl-k">else</span>
+    <span class="pl-k">begin</span>
+    <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+      <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">csm_aux</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span> <span class="pl-en">s2</span><span class="pl-c1">);</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+      <span class="pl-en">ics_aux</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">interp_m</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c2</span> <span class="pl-en">l2</span><span class="pl-c1">)</span>
+                   <span class="pl-c1">(</span><span class="pl-en">csm_aux</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">);</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">ics_aux_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">interp_m</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c2</span> <span class="pl-en">l2</span><span class="pl-c1">)</span>
+                           <span class="pl-c1">(</span><span class="pl-en">csm_aux</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_m</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c2</span> <span class="pl-en">l2</span><span class="pl-c1">)</span>
+            <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">csm_aux</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">interp_m_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c2</span> <span class="pl-en">l2</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">csm_aux</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">csm_aux_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">commutativity</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s1</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">associativity</span>
+             <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+             <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">)</span>
+             <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s1</span><span class="pl-c1">)</span>
+         <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+                   <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s1</span><span class="pl-c1">);</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">ics_aux_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span> <span class="pl-en">t1</span><span class="pl-c1">;</span>
+           <span class="pl-en">interp_m_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s1</span><span class="pl-c1">);</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">commutativity</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">);</span>
+    <span class="pl-c1">}</span>
+    <span class="pl-k">end</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">monom_insert_ok</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">vm</span><span class="pl-c1">:</span><span class="pl-en">vmap</span> <span class="pl-en">a</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">c1</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l1</span><span class="pl-c1">:</span><span class="pl-en">varlist</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">canonical_sum</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">monom_insert</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">==</span>
+   <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">monom_insert_ok</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">s2</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">aplus</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">amult</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">aone</span>  <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.unit</span> <span class="pl-k">in</span>
+  <span class="pl-k">match</span> <span class="pl-en">s2</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_monom</span> <span class="pl-en">c2</span> <span class="pl-en">l2</span> <span class="pl-en">t2</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">if</span> <span class="pl-en">l1</span> <span class="pl-c1">=</span> <span class="pl-en">l2</span>
+    <span class="pl-k">then</span>
+      <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+        <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">monom_insert</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">s2</span><span class="pl-c1">);</span>
+        <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+        <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-c1">Cons_monom</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">c1</span> <span class="pl-en">c2</span><span class="pl-c1">)</span> <span class="pl-en">l1</span> <span class="pl-en">t2</span><span class="pl-c1">);</span>
+        <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+        <span class="pl-en">ics_aux</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">interp_m</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">c1</span> <span class="pl-en">c2</span><span class="pl-c1">)</span> <span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-en">t2</span><span class="pl-c1">;</span>
+        <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">ics_aux_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">interp_m</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">c1</span> <span class="pl-en">c2</span><span class="pl-c1">)</span> <span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-en">t2</span> <span class="pl-c1">}</span>
+        <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_m</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">c1</span> <span class="pl-en">c2</span><span class="pl-c1">)</span> <span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">);</span>
+        <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">interp_m_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">c1</span> <span class="pl-en">c2</span><span class="pl-c1">)</span> <span class="pl-en">l1</span> <span class="pl-c1">}</span>
+        <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">c1</span> <span class="pl-en">c2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">);</span>
+        <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">distribute_right</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+        <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span>
+                     <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">)))</span>
+              <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">);</span>
+        <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">associativity</span>
+               <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span>
+               <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+               <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+        <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span>
+              <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+                     <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">));</span>
+        <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">ics_aux_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">interp_m</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c2</span> <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-en">t2</span> <span class="pl-c1">}</span>
+        <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">);</span>
+      <span class="pl-c1">}</span>
+    <span class="pl-k">else</span>
+     <span class="pl-k">if</span> <span class="pl-en">varlist_lt</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-k">then</span> <span class="pl-c1">()</span>
+     <span class="pl-k">else</span>
+       <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+        <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">monom_insert</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">s2</span><span class="pl-c1">);</span>
+        <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+        <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-c1">Cons_monom</span> <span class="pl-en">c2</span> <span class="pl-en">l2</span> <span class="pl-c1">(</span><span class="pl-en">monom_insert</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t2</span><span class="pl-c1">));</span>
+        <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+        <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+              <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">monom_insert</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t2</span><span class="pl-c1">));</span>
+        <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">monom_insert_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t2</span> <span class="pl-c1">}</span>
+        <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+              <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span>
+                     <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">));</span>
+        <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">commutativity</span>
+               <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span>
+               <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+        <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+              <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">)</span>
+                     <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">)));</span>
+        <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">associativity</span>
+              <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+              <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">)</span>
+              <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span> <span class="pl-c1">}</span>
+        <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+                     <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">))</span>
+              <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">));</span>
+        <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">ics_aux_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">interp_m</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c2</span> <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-en">t2</span> <span class="pl-c1">}</span>
+        <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">));</span>
+        <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">commutativity</span>
+              <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">)</span>
+              <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span> <span class="pl-c1">}</span>
+        <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">);</span>
+       <span class="pl-c1">}</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_varlist</span> <span class="pl-en">l2</span> <span class="pl-en">t2</span> <span class="pl-c1">-&gt;</span> <span class="pl-c">// Same as Cons_monom with c2 = aone</span>
+    <span class="pl-k">let</span> <span class="pl-en">c2</span> <span class="pl-c1">=</span> <span class="pl-en">aone</span> <span class="pl-k">in</span>
+    <span class="pl-k">if</span> <span class="pl-en">l1</span> <span class="pl-c1">=</span> <span class="pl-en">l2</span>
+    <span class="pl-k">then</span>
+      <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+        <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">monom_insert</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">s2</span><span class="pl-c1">);</span>
+        <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+        <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-c1">Cons_monom</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">c1</span> <span class="pl-en">c2</span><span class="pl-c1">)</span> <span class="pl-en">l1</span> <span class="pl-en">t2</span><span class="pl-c1">);</span>
+        <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+        <span class="pl-en">ics_aux</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">interp_m</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">c1</span> <span class="pl-en">c2</span><span class="pl-c1">)</span> <span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-en">t2</span><span class="pl-c1">;</span>
+        <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">ics_aux_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">interp_m</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">c1</span> <span class="pl-en">c2</span><span class="pl-c1">)</span> <span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-en">t2</span> <span class="pl-c1">}</span>
+        <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_m</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">c1</span> <span class="pl-en">c2</span><span class="pl-c1">)</span> <span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">);</span>
+        <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">interp_m_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">c1</span> <span class="pl-en">c2</span><span class="pl-c1">)</span> <span class="pl-en">l1</span> <span class="pl-c1">}</span>
+        <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-en">c1</span> <span class="pl-en">c2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">);</span>
+        <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">distribute_right</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+        <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span>
+                     <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">)))</span>
+              <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">);</span>
+        <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">associativity</span>
+               <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span>
+               <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+               <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+        <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span>
+              <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+                     <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">));</span>
+        <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">ics_aux_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">interp_m</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c2</span> <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-en">t2</span> <span class="pl-c1">}</span>
+        <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">);</span>
+      <span class="pl-c1">}</span>
+    <span class="pl-k">else</span>
+     <span class="pl-k">if</span> <span class="pl-en">varlist_lt</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-k">then</span> <span class="pl-c1">()</span>
+     <span class="pl-k">else</span>
+       <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+        <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">monom_insert</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">s2</span><span class="pl-c1">);</span>
+        <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+        <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-c1">Cons_monom</span> <span class="pl-en">c2</span> <span class="pl-en">l2</span> <span class="pl-c1">(</span><span class="pl-en">monom_insert</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t2</span><span class="pl-c1">));</span>
+        <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+        <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+              <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">monom_insert</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t2</span><span class="pl-c1">));</span>
+        <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">monom_insert_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t2</span> <span class="pl-c1">}</span>
+        <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+              <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span>
+                     <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">));</span>
+        <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">commutativity</span>
+               <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span>
+               <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+        <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+              <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">)</span>
+                     <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">)));</span>
+        <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">associativity</span>
+              <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+              <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">)</span>
+              <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span> <span class="pl-c1">}</span>
+        <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c2</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l2</span><span class="pl-c1">))</span>
+                     <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t2</span><span class="pl-c1">))</span>
+              <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">));</span>
+        <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">ics_aux_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">interp_m</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c2</span> <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-en">t2</span> <span class="pl-c1">}</span>
+        <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">));</span>
+        <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">commutativity</span>
+              <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">)</span>
+              <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span> <span class="pl-c1">}</span>
+        <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">);</span>
+       <span class="pl-c1">}</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Nil_monom</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">varlist_insert_ok</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">vm</span><span class="pl-c1">:</span><span class="pl-en">vmap</span> <span class="pl-en">a</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">l1</span><span class="pl-c1">:</span><span class="pl-en">varlist</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">canonical_sum</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">varlist_insert</span> <span class="pl-en">r</span> <span class="pl-en">l1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">==</span>
+         <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">varlist_insert_ok</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span> <span class="pl-en">s2</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">aone</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.unit</span> <span class="pl-k">in</span>
+  <span class="pl-en">monom_insert_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">aone</span> <span class="pl-en">l1</span> <span class="pl-en">s2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">canonical_sum_scalar_ok</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">vm</span><span class="pl-c1">:</span><span class="pl-en">vmap</span> <span class="pl-en">a</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">c0</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">canonical_sum</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span>
+    <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar</span> <span class="pl-en">r</span> <span class="pl-en">c0</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">==</span>
+    <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">canonical_sum_scalar_ok</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c0</span> <span class="pl-en">s</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">aone</span>  <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.unit</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">aplus</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">amult</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-k">match</span> <span class="pl-en">s</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_monom</span> <span class="pl-en">c</span> <span class="pl-en">l</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+      <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar</span> <span class="pl-en">r</span> <span class="pl-en">c0</span> <span class="pl-en">s</span><span class="pl-c1">);</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+      <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-c1">Cons_monom</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-en">l</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar</span> <span class="pl-en">r</span> <span class="pl-en">c0</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar</span> <span class="pl-en">r</span> <span class="pl-en">c0</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">associativity</span> <span class="pl-en">c0</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">)))</span>
+            <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar</span> <span class="pl-en">r</span> <span class="pl-en">c0</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">canonical_sum_scalar_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c0</span> <span class="pl-en">t</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">)))</span>
+            <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">distribute</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+                              <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+      <span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s</span><span class="pl-c1">);</span>
+    <span class="pl-c1">}</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_varlist</span> <span class="pl-en">l</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c">// Same as Cons_monom c l t with c = r.cm_mult.unit</span>
+    <span class="pl-k">let</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">aone</span> <span class="pl-k">in</span>
+        <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+      <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar</span> <span class="pl-en">r</span> <span class="pl-en">c0</span> <span class="pl-en">s</span><span class="pl-c1">);</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+      <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-c1">Cons_monom</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-en">l</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar</span> <span class="pl-en">r</span> <span class="pl-en">c0</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar</span> <span class="pl-en">r</span> <span class="pl-en">c0</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">associativity</span> <span class="pl-en">c0</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">)))</span>
+            <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar</span> <span class="pl-en">r</span> <span class="pl-en">c0</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">canonical_sum_scalar_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c0</span> <span class="pl-en">t</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">)))</span>
+            <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">distribute</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+                              <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+      <span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s</span><span class="pl-c1">);</span>
+    <span class="pl-c1">}</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Nil_monom</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">canonical_sum_scalar2_ok</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">vm</span><span class="pl-c1">:</span><span class="pl-en">vmap</span> <span class="pl-en">a</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">l0</span><span class="pl-c1">:</span><span class="pl-en">varlist</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">canonical_sum</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span>
+    <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar2</span> <span class="pl-en">r</span> <span class="pl-en">l0</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">==</span>
+    <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">canonical_sum_scalar2_ok</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span> <span class="pl-en">s</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">aone</span>  <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.unit</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">aplus</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">amult</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-k">match</span> <span class="pl-en">s</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_monom</span> <span class="pl-en">c</span> <span class="pl-en">l</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+      <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar2</span> <span class="pl-en">r</span> <span class="pl-en">l0</span> <span class="pl-en">s</span><span class="pl-c1">);</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+      <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span>
+        <span class="pl-c1">(</span><span class="pl-en">monom_insert</span> <span class="pl-en">r</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">varlist_merge</span> <span class="pl-en">l0</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar2</span> <span class="pl-en">r</span> <span class="pl-en">l0</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">monom_insert_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">varlist_merge</span> <span class="pl-en">l0</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar2</span> <span class="pl-en">r</span> <span class="pl-en">l0</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">varlist_merge</span> <span class="pl-en">l0</span> <span class="pl-en">l</span><span class="pl-c1">)))</span>
+            <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar2</span> <span class="pl-en">r</span> <span class="pl-en">l0</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">varlist_merge_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span> <span class="pl-en">l</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">)))</span>
+            <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar2</span> <span class="pl-en">r</span> <span class="pl-en">l0</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">canonical_sum_scalar2_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span> <span class="pl-en">t</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">)))</span>
+            <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">associativity</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span>
+             <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">commutativity</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span> <span class="pl-en">c</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">associativity</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">)))</span>
+            <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">distribute</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span>
+             <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span>
+            <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span>  <span class="pl-c1">}</span>
+      <span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s</span><span class="pl-c1">);</span>
+    <span class="pl-c1">}</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_varlist</span> <span class="pl-en">l</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c">// Same as Cons_monom c l t with c = aone</span>
+    <span class="pl-k">let</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">aone</span> <span class="pl-k">in</span>
+    <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+      <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar2</span> <span class="pl-en">r</span> <span class="pl-en">l0</span> <span class="pl-en">s</span><span class="pl-c1">);</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+      <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span>
+        <span class="pl-c1">(</span><span class="pl-en">monom_insert</span> <span class="pl-en">r</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">varlist_merge</span> <span class="pl-en">l0</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar2</span> <span class="pl-en">r</span> <span class="pl-en">l0</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">monom_insert_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">varlist_merge</span> <span class="pl-en">l0</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar2</span> <span class="pl-en">r</span> <span class="pl-en">l0</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">varlist_merge</span> <span class="pl-en">l0</span> <span class="pl-en">l</span><span class="pl-c1">)))</span>
+            <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar2</span> <span class="pl-en">r</span> <span class="pl-en">l0</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">varlist_merge_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span> <span class="pl-en">l</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">)))</span>
+            <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar2</span> <span class="pl-en">r</span> <span class="pl-en">l0</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">canonical_sum_scalar2_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span> <span class="pl-en">t</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">)))</span>
+            <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">associativity</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span>
+             <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">commutativity</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span> <span class="pl-en">c</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">associativity</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">)))</span>
+            <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">distribute</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span>
+             <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span>
+            <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span>  <span class="pl-c1">}</span>
+      <span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s</span><span class="pl-c1">);</span>
+    <span class="pl-c1">}</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Nil_monom</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">canonical_sum_scalar3_ok</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">vm</span><span class="pl-c1">:</span><span class="pl-en">vmap</span> <span class="pl-en">a</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">c0</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l0</span><span class="pl-c1">:</span><span class="pl-en">varlist</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">canonical_sum</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span>
+    <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar3</span> <span class="pl-en">r</span> <span class="pl-en">c0</span> <span class="pl-en">l0</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">==</span>
+    <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">canonical_sum_scalar3_ok</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c0</span> <span class="pl-en">l0</span> <span class="pl-en">s</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">aone</span>  <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.unit</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">aplus</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">amult</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-k">match</span> <span class="pl-en">s</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_monom</span> <span class="pl-en">c</span> <span class="pl-en">l</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+      <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar3</span> <span class="pl-en">r</span> <span class="pl-en">c0</span> <span class="pl-en">l0</span> <span class="pl-en">s</span><span class="pl-c1">);</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+      <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span>
+        <span class="pl-c1">(</span><span class="pl-en">monom_insert</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">varlist_merge</span> <span class="pl-en">l0</span> <span class="pl-en">l</span><span class="pl-c1">)</span>
+          <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar3</span> <span class="pl-en">r</span> <span class="pl-en">c0</span> <span class="pl-en">l0</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">monom_insert_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">varlist_merge</span> <span class="pl-en">l0</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar3</span> <span class="pl-en">r</span> <span class="pl-en">c0</span> <span class="pl-en">l0</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">varlist_merge</span> <span class="pl-en">l0</span> <span class="pl-en">l</span><span class="pl-c1">)))</span>
+            <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar3</span> <span class="pl-en">r</span> <span class="pl-en">c0</span> <span class="pl-en">l0</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">varlist_merge_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span> <span class="pl-en">l</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">)))</span>
+            <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar3</span> <span class="pl-en">r</span> <span class="pl-en">c0</span> <span class="pl-en">l0</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">canonical_sum_scalar3_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c0</span> <span class="pl-en">l0</span> <span class="pl-en">t</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">)))</span>
+            <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">associativity</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+             <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">commutativity</span> <span class="pl-en">c0</span> <span class="pl-en">c</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c</span> <span class="pl-en">c0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">associativity</span> <span class="pl-en">c</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)))</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">commutativity</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">))</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">))</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">associativity</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">))</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">)))</span>
+            <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">distribute</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">))</span>
+             <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span>  <span class="pl-c1">}</span>
+      <span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s</span><span class="pl-c1">);</span>
+    <span class="pl-c1">}</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_varlist</span> <span class="pl-en">l</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c">// Same as Cons_monom c l t with c = aone</span>
+    <span class="pl-k">let</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">aone</span> <span class="pl-k">in</span>
+    <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+      <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar3</span> <span class="pl-en">r</span> <span class="pl-en">c0</span> <span class="pl-en">l0</span> <span class="pl-en">s</span><span class="pl-c1">);</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+      <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span>
+        <span class="pl-c1">(</span><span class="pl-en">monom_insert</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">varlist_merge</span> <span class="pl-en">l0</span> <span class="pl-en">l</span><span class="pl-c1">)</span>
+          <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar3</span> <span class="pl-en">r</span> <span class="pl-en">c0</span> <span class="pl-en">l0</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">monom_insert_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">varlist_merge</span> <span class="pl-en">l0</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar3</span> <span class="pl-en">r</span> <span class="pl-en">c0</span> <span class="pl-en">l0</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">varlist_merge</span> <span class="pl-en">l0</span> <span class="pl-en">l</span><span class="pl-c1">)))</span>
+            <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar3</span> <span class="pl-en">r</span> <span class="pl-en">c0</span> <span class="pl-en">l0</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">varlist_merge_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span> <span class="pl-en">l</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">)))</span>
+            <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar3</span> <span class="pl-en">r</span> <span class="pl-en">c0</span> <span class="pl-en">l0</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">canonical_sum_scalar3_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c0</span> <span class="pl-en">l0</span> <span class="pl-en">t</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">)))</span>
+            <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">associativity</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+             <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">commutativity</span> <span class="pl-en">c0</span> <span class="pl-en">c</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c</span> <span class="pl-en">c0</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">associativity</span> <span class="pl-en">c</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">)))</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">commutativity</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">))</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">))</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">associativity</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">))</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">)))</span>
+            <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">distribute</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">))</span>
+             <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span>  <span class="pl-c1">}</span>
+      <span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c0</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l0</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s</span><span class="pl-c1">);</span>
+    <span class="pl-c1">}</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Nil_monom</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">canonical_sum_prod_ok</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">vm</span><span class="pl-c1">:</span><span class="pl-en">vmap</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">s1</span><span class="pl-c1">:</span><span class="pl-en">canonical_sum</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:</span><span class="pl-en">canonical_sum</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_prod</span> <span class="pl-en">r</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">==</span>
+         <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">canonical_sum_prod_ok</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">aone</span>  <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.unit</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">aplus</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">amult</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-k">match</span> <span class="pl-en">s1</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_monom</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+      <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_prod</span> <span class="pl-en">r</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">);</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+      <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span>
+        <span class="pl-c1">(</span><span class="pl-en">canonical_sum_merge</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar3</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span>
+                               <span class="pl-c1">(</span><span class="pl-en">canonical_sum_prod</span> <span class="pl-en">r</span> <span class="pl-en">t1</span> <span class="pl-en">s2</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">canonical_sum_merge_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span>
+             <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar3</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span>
+             <span class="pl-c1">(</span><span class="pl-en">canonical_sum_prod</span> <span class="pl-en">r</span> <span class="pl-en">t1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar3</span> <span class="pl-en">r</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_prod</span> <span class="pl-en">r</span> <span class="pl-en">t1</span> <span class="pl-en">s2</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">canonical_sum_scalar3_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">c1</span> <span class="pl-en">l1</span> <span class="pl-en">s2</span><span class="pl-c1">;</span>
+           <span class="pl-en">canonical_sum_prod_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t1</span> <span class="pl-en">s2</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">distribute_right</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span>
+             <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-en">c1</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t1</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">);</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+      <span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">);</span>
+    <span class="pl-c1">}</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_varlist</span> <span class="pl-en">l1</span> <span class="pl-en">t1</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+      <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_prod</span> <span class="pl-en">r</span> <span class="pl-en">s1</span> <span class="pl-en">s2</span><span class="pl-c1">);</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+      <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span>
+        <span class="pl-c1">(</span><span class="pl-en">canonical_sum_merge</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar2</span> <span class="pl-en">r</span> <span class="pl-en">l1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span>
+                               <span class="pl-c1">(</span><span class="pl-en">canonical_sum_prod</span> <span class="pl-en">r</span> <span class="pl-en">t1</span> <span class="pl-en">s2</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">canonical_sum_merge_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span>
+             <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar2</span> <span class="pl-en">r</span> <span class="pl-en">l1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span>
+             <span class="pl-c1">(</span><span class="pl-en">canonical_sum_prod</span> <span class="pl-en">r</span> <span class="pl-en">t1</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_scalar2</span> <span class="pl-en">r</span> <span class="pl-en">l1</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_prod</span> <span class="pl-en">r</span> <span class="pl-en">t1</span> <span class="pl-en">s2</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">canonical_sum_scalar2_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span> <span class="pl-en">s2</span><span class="pl-c1">;</span>
+           <span class="pl-en">canonical_sum_prod_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t1</span> <span class="pl-en">s2</span> <span class="pl-c1">}</span>
+      <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">));</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">distribute_right</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">)</span>
+             <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+      <span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_vl</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t1</span><span class="pl-c1">))</span>
+            <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">);</span>
+      <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+      <span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s2</span><span class="pl-c1">);</span>
+    <span class="pl-c1">}</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Nil_monom</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">spolynomial_normalize_ok</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">vm</span><span class="pl-c1">:</span><span class="pl-en">vmap</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">spolynomial</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">spolynomial_normalize</span> <span class="pl-en">r</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">interp_sp</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">p</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">spolynomial_normalize_ok</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">p</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">p</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">SPvar</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">SPconst</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">SPplus</span> <span class="pl-en">l</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">canonical_sum_merge_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span>
+      <span class="pl-c1">(</span><span class="pl-en">spolynomial_normalize</span> <span class="pl-en">r</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">spolynomial_normalize</span> <span class="pl-en">r</span> <span class="pl-en">q</span><span class="pl-c1">);</span>
+    <span class="pl-en">spolynomial_normalize_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">;</span>
+    <span class="pl-en">spolynomial_normalize_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">q</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">SPmult</span> <span class="pl-en">l</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">canonical_sum_prod_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span>
+      <span class="pl-c1">(</span><span class="pl-en">spolynomial_normalize</span> <span class="pl-en">r</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">spolynomial_normalize</span> <span class="pl-en">r</span> <span class="pl-en">q</span><span class="pl-c1">);</span>
+    <span class="pl-en">spolynomial_normalize_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">;</span>
+    <span class="pl-en">spolynomial_normalize_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">q</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">canonical_sum_simplify_ok</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">vm</span><span class="pl-c1">:</span><span class="pl-en">vmap</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">canonical_sum</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_simplify</span> <span class="pl-en">r</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">canonical_sum_simplify_ok</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">s</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">azero</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.unit</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">aone</span>  <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.unit</span> <span class="pl-k">in</span>
+  <span class="pl-k">match</span> <span class="pl-en">s</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_monom</span> <span class="pl-en">c</span> <span class="pl-c1">_</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">canonical_sum_simplify_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Cons_varlist</span> <span class="pl-c1">_</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">canonical_sum_simplify_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">t</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Nil_monom</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">spolynomial_simplify_ok</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">vm</span><span class="pl-c1">:</span><span class="pl-en">vmap</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">spolynomial</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">spolynomial_simplify</span> <span class="pl-en">r</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">interp_sp</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">p</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">spolynomial_simplify_ok</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">p</span> <span class="pl-c1">=</span>
+  <span class="pl-en">canonical_sum_simplify_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">spolynomial_normalize</span> <span class="pl-en">r</span> <span class="pl-en">p</span><span class="pl-c1">);</span>
+  <span class="pl-en">spolynomial_normalize_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">p</span></pre></div>
+<h4>
+<a id="user-content-polynomial" class="anchor" href="#polynomial" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>polynomial</h4>
 <ul>
 <li>This is the type where we first reflect expressions,</li>
 <li>before eliminating additive inverses</li>
-<li></li>
+<li>
+</li>
 </ul>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> polynomial_normalize:Unidentified product: [#a:eqtype] Unidentified product: [cr a] Unidentified product: [polynomial a] canonical_sum a</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">polynomial</span> <span class="pl-en">a</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Pvar</span>   <span class="pl-c1">:</span> <span class="pl-en">index</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">polynomial</span> <span class="pl-en">a</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Pconst</span> <span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">polynomial</span> <span class="pl-en">a</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Pplus</span>  <span class="pl-c1">:</span> <span class="pl-en">polynomial</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">polynomial</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">polynomial</span> <span class="pl-en">a</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Pmult</span>  <span class="pl-c1">:</span> <span class="pl-en">polynomial</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">polynomial</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">polynomial</span> <span class="pl-en">a</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Popp</span>   <span class="pl-c1">:</span> <span class="pl-en">polynomial</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">polynomial</span> <span class="pl-en">a</span></pre></div>
+<h4>
+<a id="user-content-polynomial_normalize" class="anchor" href="#polynomial_normalize" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>polynomial_normalize</h4>
 <p>Canonize a reflected expression</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> spolynomial_of:Unidentified product: [#a:eqtype] Unidentified product: [cr a] Unidentified product: [polynomial a] spolynomial a</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">polynomial_normalize</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">cr</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">polynomial</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">canonical_sum</span> <span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">canon_attr</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">polynomial_normalize</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">p</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">p</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Pvar</span> <span class="pl-en">i</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Cons_varlist</span> <span class="pl-c1">(</span><span class="pl-c1">Cons_var</span> <span class="pl-en">i</span> <span class="pl-c1">Nil_var</span><span class="pl-c1">)</span> <span class="pl-c1">Nil_monom</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Pconst</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Cons_monom</span> <span class="pl-en">c</span> <span class="pl-c1">Nil_var</span> <span class="pl-c1">Nil_monom</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Pplus</span> <span class="pl-en">l</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">canonical_sum_merge</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">polynomial_normalize</span> <span class="pl-en">r</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">polynomial_normalize</span> <span class="pl-en">r</span> <span class="pl-en">q</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Pmult</span> <span class="pl-en">l</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">canonical_sum_prod</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">polynomial_normalize</span> <span class="pl-en">r</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">polynomial_normalize</span> <span class="pl-en">r</span> <span class="pl-en">q</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Popp</span> <span class="pl-en">p</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">canonical_sum_scalar3</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">opp</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.unit)</span> <span class="pl-c1">Nil_var</span> <span class="pl-c1">(</span><span class="pl-en">polynomial_normalize</span> <span class="pl-en">r</span> <span class="pl-en">p</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">polynomial_simplify</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">cr</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">polynomial</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">canonical_sum</span> <span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">canon_attr</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">polynomial_simplify</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">p</span> <span class="pl-c1">=</span>
+  <span class="pl-en">canonical_sum_simplify</span> <span class="pl-en">r</span>
+    <span class="pl-c1">(</span><span class="pl-en">polynomial_normalize</span> <span class="pl-en">r</span> <span class="pl-en">p</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-spolynomial_of" class="anchor" href="#spolynomial_of" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>spolynomial_of</h4>
 <p>Translate to a representation without additive inverses</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((interp_p (#a:Type) (r:cr a) (vm:vmap a) (p:polynomial a)):a):<span class="kw">let</span>  aplus = r.cm_add.mult <span class="kw">in</span> <span class="kw">let</span>  amult = r.cm_mult.mult <span class="kw">in</span> <span class="kw">match</span> p <span class="kw">with</span> (Pconst c)  -&gt; c | (Pvar i)  -&gt; interp_var vm i | (Pplus p1 p2)  -&gt; aplus (interp_p r vm p1) (interp_p r vm p2) | (Pmult p1 p2)  -&gt; amult (interp_p r vm p1) (interp_p r vm p2) | (Popp p)  -&gt; r.opp (interp_p r vm p)</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">spolynomial_of</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">cr</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">polynomial</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">spolynomial</span> <span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">canon_attr</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">spolynomial_of</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">p</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">p</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Pvar</span> <span class="pl-en">i</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">SPvar</span> <span class="pl-en">i</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Pconst</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">SPconst</span> <span class="pl-en">c</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Pplus</span> <span class="pl-en">l</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">SPplus</span> <span class="pl-c1">(</span><span class="pl-en">spolynomial_of</span> <span class="pl-en">r</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">spolynomial_of</span> <span class="pl-en">r</span> <span class="pl-en">q</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Pmult</span> <span class="pl-en">l</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">SPmult</span> <span class="pl-c1">(</span><span class="pl-en">spolynomial_of</span> <span class="pl-en">r</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">spolynomial_of</span> <span class="pl-en">r</span> <span class="pl-en">q</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Popp</span> <span class="pl-en">p</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">SPmult</span> <span class="pl-c1">(</span><span class="pl-c1">SPconst</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">opp</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.unit))</span> <span class="pl-c1">(</span><span class="pl-en">spolynomial_of</span> <span class="pl-en">r</span> <span class="pl-en">p</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-interp_p" class="anchor" href="#interp_p" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>interp_p</h4>
 <p>Interpretation of a polynomial</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((find_aux (n:nat) (x:term) (xs:list term)):(Tot (<span class="dt">option</span> nat) (decreases xs))):<span class="kw">match</span> xs <span class="kw">with</span> []  -&gt; None | (Prims<span class="kw">.</span>Cons x&#39; xs&#39;)  -&gt; <span class="kw">if</span> term_eq x x&#39; <span class="kw">then</span> (Some n) <span class="kw">else</span> find_aux (+(n, <span class="dv">1</span>)) x xs&#39;</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">canon_attr</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">interp_p</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">vm</span><span class="pl-c1">:</span><span class="pl-en">vmap</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">polynomial</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">aplus</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">amult</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-k">in</span>
+  <span class="pl-k">match</span> <span class="pl-en">p</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Pconst</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Pvar</span> <span class="pl-en">i</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">interp_var</span> <span class="pl-en">vm</span> <span class="pl-en">i</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Pplus</span> <span class="pl-en">p1</span> <span class="pl-en">p2</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">aplus</span> <span class="pl-c1">(</span><span class="pl-en">interp_p</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">p1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_p</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">p2</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Pmult</span> <span class="pl-en">p1</span> <span class="pl-en">p2</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">amult</span> <span class="pl-c1">(</span><span class="pl-en">interp_p</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">p1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">interp_p</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">p2</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Popp</span> <span class="pl-en">p</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">opp</span> <span class="pl-c1">(</span><span class="pl-en">interp_p</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">p</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">spolynomial_of_ok</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">vm</span><span class="pl-c1">:</span><span class="pl-en">vmap</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">polynomial</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">interp_p</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">p</span> <span class="pl-c1">==</span> <span class="pl-en">interp_sp</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">spolynomial_of</span> <span class="pl-en">r</span> <span class="pl-en">p</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">spolynomial_of_ok</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">p</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">p</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Pconst</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Pvar</span> <span class="pl-en">i</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Pplus</span> <span class="pl-en">p1</span> <span class="pl-en">p2</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">spolynomial_of_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">p1</span><span class="pl-c1">;</span>
+    <span class="pl-en">spolynomial_of_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">p2</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Pmult</span> <span class="pl-en">p1</span> <span class="pl-en">p2</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">spolynomial_of_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">p1</span><span class="pl-c1">;</span>
+    <span class="pl-en">spolynomial_of_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">p2</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Popp</span> <span class="pl-en">p</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">spolynomial_of_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">p</span><span class="pl-c1">;</span>
+    <span class="pl-k">let</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">interp_sp</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">spolynomial_of</span> <span class="pl-en">r</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">opp</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.unit)</span> <span class="pl-en">x</span> <span class="pl-k">in</span>
+    <span class="pl-en">add_mult_opp</span> <span class="pl-en">r</span> <span class="pl-en">x</span><span class="pl-c1">;</span>
+    <span class="pl-en">opp_unique</span> <span class="pl-en">r</span> <span class="pl-en">x</span> <span class="pl-en">y</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">polynomial_normalize_ok</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">vm</span><span class="pl-c1">:</span><span class="pl-en">vmap</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">polynomial</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">polynomial_normalize</span> <span class="pl-en">r</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">==</span>
+         <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">spolynomial_normalize</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">spolynomial_of</span> <span class="pl-en">r</span> <span class="pl-en">p</span><span class="pl-c1">)))</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">polynomial_normalize_ok</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">p</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">p</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Pvar</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Pconst</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Pplus</span> <span class="pl-en">l</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">canonical_sum_merge_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span>
+      <span class="pl-c1">(</span><span class="pl-en">polynomial_normalize</span> <span class="pl-en">r</span> <span class="pl-en">l</span><span class="pl-c1">)</span>
+      <span class="pl-c1">(</span><span class="pl-en">polynomial_normalize</span> <span class="pl-en">r</span> <span class="pl-en">q</span><span class="pl-c1">);</span>
+    <span class="pl-en">canonical_sum_merge_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span>
+      <span class="pl-c1">(</span><span class="pl-en">spolynomial_normalize</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">spolynomial_of</span> <span class="pl-en">r</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+      <span class="pl-c1">(</span><span class="pl-en">spolynomial_normalize</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">spolynomial_of</span> <span class="pl-en">r</span> <span class="pl-en">q</span><span class="pl-c1">));</span>
+    <span class="pl-en">polynomial_normalize_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">;</span>
+    <span class="pl-en">polynomial_normalize_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">q</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Pmult</span> <span class="pl-en">l</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">canonical_sum_prod_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span>
+    <span class="pl-c1">(</span><span class="pl-en">polynomial_normalize</span> <span class="pl-en">r</span> <span class="pl-en">l</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">polynomial_normalize</span> <span class="pl-en">r</span> <span class="pl-en">q</span><span class="pl-c1">);</span>
+  <span class="pl-en">canonical_sum_prod_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span>
+    <span class="pl-c1">(</span><span class="pl-en">spolynomial_normalize</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">spolynomial_of</span> <span class="pl-en">r</span> <span class="pl-en">l</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">spolynomial_normalize</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">spolynomial_of</span> <span class="pl-en">r</span> <span class="pl-en">q</span><span class="pl-c1">));</span>
+  <span class="pl-en">polynomial_normalize_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">l</span><span class="pl-c1">;</span>
+  <span class="pl-en">polynomial_normalize_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">q</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Popp</span> <span class="pl-en">p1</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-k">let</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-c1">SPconst</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">opp</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.unit)</span> <span class="pl-k">in</span>
+  <span class="pl-en">polynomial_normalize_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">p1</span><span class="pl-c1">;</span>
+  <span class="pl-en">canonical_sum_prod_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span>
+    <span class="pl-c1">(</span><span class="pl-en">spolynomial_normalize</span> <span class="pl-en">r</span> <span class="pl-en">l</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">polynomial_normalize</span> <span class="pl-en">r</span> <span class="pl-en">p1</span><span class="pl-c1">);</span>
+  <span class="pl-en">canonical_sum_prod_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span>
+    <span class="pl-c1">(</span><span class="pl-en">spolynomial_normalize</span> <span class="pl-en">r</span> <span class="pl-en">l</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">spolynomial_normalize</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">spolynomial_of</span> <span class="pl-en">r</span> <span class="pl-en">p1</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">polynomial_simplify_ok</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">vm</span><span class="pl-c1">:</span><span class="pl-en">vmap</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">polynomial</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">polynomial_simplify</span> <span class="pl-en">r</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">interp_p</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">p</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">polynomial_simplify_ok</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">p</span> <span class="pl-c1">=</span>
+  <span class="pl-en">calc</span> <span class="pl-c1">(==)</span> <span class="pl-c1">{</span>
+    <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">polynomial_simplify</span> <span class="pl-en">r</span> <span class="pl-en">p</span><span class="pl-c1">);</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-c1">}</span>
+    <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">canonical_sum_simplify</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">polynomial_normalize</span> <span class="pl-en">r</span> <span class="pl-en">p</span><span class="pl-c1">));</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">canonical_sum_simplify_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">polynomial_normalize</span> <span class="pl-en">r</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+    <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">polynomial_normalize</span> <span class="pl-en">r</span> <span class="pl-en">p</span><span class="pl-c1">);</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">polynomial_normalize_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">p</span> <span class="pl-c1">}</span>
+    <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">spolynomial_normalize</span> <span class="pl-en">r</span> <span class="pl-c1">(</span><span class="pl-en">spolynomial_of</span> <span class="pl-en">r</span> <span class="pl-en">p</span><span class="pl-c1">));</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">spolynomial_normalize_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">spolynomial_of</span> <span class="pl-en">r</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">}</span>
+    <span class="pl-en">interp_sp</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">spolynomial_of</span> <span class="pl-en">r</span> <span class="pl-en">p</span><span class="pl-c1">);</span>
+    <span class="pl-c1">==</span> <span class="pl-c1">{</span> <span class="pl-en">spolynomial_of_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">p</span> <span class="pl-c1">}</span>
+    <span class="pl-en">interp_p</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">p</span><span class="pl-c1">;</span>
+  <span class="pl-c1">}</span></pre></div>
+<blockquote>
+<p>Tactic definition</p>
+</blockquote>
+<p>Only dump when debugging is on</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">ddump</span> <span class="pl-en">m</span> <span class="pl-c1">=</span> <span class="pl-k">if</span> <span class="pl-en">debugging</span> <span class="pl-c1">()</span> <span class="pl-k">then</span> <span class="pl-en">dump</span> <span class="pl-en">m</span></pre></div>
+<h4>
+<a id="user-content-find_aux" class="anchor" href="#find_aux" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>find_aux</h4>
 <ul>
 <li>Finds the position of first occurrence of x in xs.</li>
 <li>This is specialized to terms and their funny term_eq.</li>
-<li></li>
+<li>
+</li>
 </ul>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((reification_aux (#a:Type) (unquotea:Unidentified product: [term] (Tac a)) (ts:list term) (vm:vmap a) (add:term) (opp:term) (mone:term) (mult:term) (t:term)):(Tac <span class="co">(*(*(polynomial a, list term), vmap a)))):let  (hd, tl) = collect_app_ref t in match (FStar.Pervasives.Native.Mktuple2 inspect hd list_unref tl) with ((Tv_FVar fv), [(t1, _); (t2, _)])  -&gt; let  ((binop (op:Unidentified product: [polynomial a] Unidentified product: [polynomial a] polynomial a)):(Tac (*(*(polynomial a, list term), vmap a)))) = let  (e1, ts, vm) = reification_aux unquotea ts vm add opp mone mult t1 in let  (e2, ts, vm) = reification_aux unquotea ts vm add opp mone mult t2 in ((FStar.Pervasives.Native.Mktuple3 op e1 e2 ts vm)) in if term_eq (pack ((Tv_FVar fv))) add then binop Pplus else if term_eq (pack ((Tv_FVar fv))) mult then binop Pmult else make_fvar t unquotea ts vm | ((Tv_FVar fv), [(t1, _)])  -&gt; let  ((monop (op:Unidentified product: [polynomial a] polynomial a)):(Tac (*(*(polynomial a, list term), vmap a)))) = let  (e, ts, vm) = reification_aux unquotea ts vm add opp mone mult t1 in ((FStar.Pervasives.Native.Mktuple3 op e ts vm)) in if term_eq (pack ((Tv_FVar fv))) opp then monop Popp else make_fvar t unquotea ts vm | ((Tv_Const _), [])  -&gt; (FStar.Pervasives.Native.Mktuple3 (Pconst (unquotea t)) ts vm) | (_, _)  -&gt; make_fvar t unquotea ts vm</span></code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">find_aux</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">xs</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">option</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">xs</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">xs</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">None</span>
+  <span class="pl-c1">|</span> <span class="pl-en">x'</span><span class="pl-c1">::</span><span class="pl-en">xs'</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">if</span> <span class="pl-en">term_eq</span> <span class="pl-en">x</span> <span class="pl-en">x'</span> <span class="pl-k">then</span> <span class="pl-c1">Some</span> <span class="pl-en">n</span> <span class="pl-k">else</span> <span class="pl-en">find_aux</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">+</span><span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">x</span> <span class="pl-en">xs'</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">find</span> <span class="pl-c1">=</span> <span class="pl-en">find_aux</span> <span class="pl-c1">0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">make_fvar</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">unquotea</span><span class="pl-c1">:</span><span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ts</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">term</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">vm</span><span class="pl-c1">:</span><span class="pl-en">vmap</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">polynomial</span> <span class="pl-en">a</span> * <span class="pl-en">list</span> <span class="pl-en">term</span> * <span class="pl-en">vmap</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">find</span> <span class="pl-en">t</span> <span class="pl-en">ts</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">v</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-c1">Pvar</span> <span class="pl-en">v</span><span class="pl-c1">,</span> <span class="pl-en">ts</span><span class="pl-c1">,</span> <span class="pl-en">vm</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">let</span> <span class="pl-en">vfresh</span> <span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">ts</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">z</span> <span class="pl-c1">=</span> <span class="pl-en">unquotea</span> <span class="pl-en">t</span> <span class="pl-k">in</span>
+    <span class="pl-c1">(</span><span class="pl-c1">Pvar</span> <span class="pl-en">vfresh</span><span class="pl-c1">,</span> <span class="pl-en">ts</span> @ <span class="pl-c1">[</span><span class="pl-en">t</span><span class="pl-c1">],</span> <span class="pl-en">update</span> <span class="pl-en">vfresh</span> <span class="pl-en">z</span> <span class="pl-en">vm</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-reification_aux" class="anchor" href="#reification_aux" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>reification_aux</h4>
 <p>This expects that add, opp, mone mult, and t have already been normalized</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> steps:(Prims<span class="kw">.</span>Cons primops (Prims<span class="kw">.</span>Cons iota (Prims<span class="kw">.</span>Cons zeta (Prims<span class="kw">.</span>Cons delta_attr (Prims<span class="kw">.</span>Cons `%%canon_attr (Prims<span class="kw">.</span>Nil )) (Prims<span class="kw">.</span>Cons delta_only (Prims<span class="kw">.</span>Cons `%%FStar<span class="kw">.</span>Mul<span class="kw">.</span>op_Star (Prims<span class="kw">.</span>Cons `%%FStar<span class="kw">.</span>Algebra<span class="kw">.</span>CommMonoid<span class="kw">.</span>int_plus_cm (Prims<span class="kw">.</span>Cons `%%FStar<span class="kw">.</span>Algebra<span class="kw">.</span>CommMonoid<span class="kw">.</span>int_multiply_cm (Prims<span class="kw">.</span>Cons `%%FStar<span class="kw">.</span>Algebra<span class="kw">.</span>CommMonoid<span class="kw">.</span>__proj__CM__item__mult (Prims<span class="kw">.</span>Cons `%%FStar<span class="kw">.</span>Algebra<span class="kw">.</span>CommMonoid<span class="kw">.</span>__proj__CM__item__unit (Prims<span class="kw">.</span>Cons `%%__proj__CR__item__cm_add (Prims<span class="kw">.</span>Cons `%%__proj__CR__item__opp (Prims<span class="kw">.</span>Cons `%%__proj__CR__item__cm_mult (Prims<span class="kw">.</span>Cons `%%FStar<span class="kw">.</span>List<span class="kw">.</span>Tot<span class="kw">.</span>Base<span class="kw">.</span>assoc (Prims<span class="kw">.</span>Cons `%%FStar<span class="kw">.</span>Pervasives<span class="kw">.</span>Native<span class="kw">.</span>fst (Prims<span class="kw">.</span>Cons `%%FStar<span class="kw">.</span>Pervasives<span class="kw">.</span>Native<span class="kw">.</span>snd (Prims<span class="kw">.</span>Cons `%%FStar<span class="kw">.</span>Pervasives<span class="kw">.</span>Native<span class="kw">.</span>__proj__Mktuple2__item___1 (Prims<span class="kw">.</span>Cons `%%FStar<span class="kw">.</span>Pervasives<span class="kw">.</span>Native<span class="kw">.</span>__proj__Mktuple2__item___2 (Prims<span class="kw">.</span>Cons `%%FStar<span class="kw">.</span>List<span class="kw">.</span>Tot<span class="kw">.</span>Base<span class="kw">.</span>op_At (Prims<span class="kw">.</span>Cons `%%FStar<span class="kw">.</span>List<span class="kw">.</span>Tot<span class="kw">.</span>Base<span class="kw">.</span>append (Prims<span class="kw">.</span>Nil )))))))))))))))) (Prims<span class="kw">.</span>Nil ))))))</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">reification_aux</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">unquotea</span><span class="pl-c1">:</span><span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ts</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">vm</span><span class="pl-c1">:</span><span class="pl-en">vmap</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">add</span> <span class="pl-en">opp</span> <span class="pl-en">mone</span> <span class="pl-en">mult</span> <span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">polynomial</span> <span class="pl-en">a</span> * <span class="pl-en">list</span> <span class="pl-en">term</span> * <span class="pl-en">vmap</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span></pre></div>
+<p>ddump ("term = " ^ term_to_string t ^ "\n");
+ddump ("add = " ^ term_to_string add ^ "
+\nmul = " ^ term_to_string mult);
+ddump ("fv = " ^ term_to_string (pack (Tv_FVar fv)));</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">hd</span><span class="pl-c1">,</span> <span class="pl-en">tl</span> <span class="pl-c1">=</span> <span class="pl-en">collect_app_ref</span> <span class="pl-en">t</span> <span class="pl-k">in</span>
+<span class="pl-k">match</span> <span class="pl-en">inspect</span> <span class="pl-en">hd</span><span class="pl-c1">,</span> <span class="pl-en">list_unref</span> <span class="pl-en">tl</span> <span class="pl-k">with</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-en">fv</span><span class="pl-c1">,</span> <span class="pl-c1">[(</span><span class="pl-en">t1</span><span class="pl-c1">,</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">;</span> <span class="pl-c1">(</span><span class="pl-en">t2</span><span class="pl-c1">,</span> <span class="pl-c1">_</span><span class="pl-c1">)]</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-k">let</span> <span class="pl-en">binop</span> <span class="pl-c1">(</span><span class="pl-en">op</span><span class="pl-c1">:</span><span class="pl-en">polynomial</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">polynomial</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">polynomial</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">polynomial</span> <span class="pl-en">a</span> * <span class="pl-en">list</span> <span class="pl-en">term</span> * <span class="pl-en">vmap</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-c1">(</span><span class="pl-en">e1</span><span class="pl-c1">,</span> <span class="pl-en">ts</span><span class="pl-c1">,</span> <span class="pl-en">vm</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">reification_aux</span> <span class="pl-en">unquotea</span> <span class="pl-en">ts</span> <span class="pl-en">vm</span> <span class="pl-en">add</span> <span class="pl-en">opp</span> <span class="pl-en">mone</span> <span class="pl-en">mult</span> <span class="pl-en">t1</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-c1">(</span><span class="pl-en">e2</span><span class="pl-c1">,</span> <span class="pl-en">ts</span><span class="pl-c1">,</span> <span class="pl-en">vm</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">reification_aux</span> <span class="pl-en">unquotea</span> <span class="pl-en">ts</span> <span class="pl-en">vm</span> <span class="pl-en">add</span> <span class="pl-en">opp</span> <span class="pl-en">mone</span> <span class="pl-en">mult</span> <span class="pl-en">t2</span> <span class="pl-k">in</span>
+    <span class="pl-c1">(</span><span class="pl-en">op</span> <span class="pl-en">e1</span> <span class="pl-en">e2</span><span class="pl-c1">,</span> <span class="pl-en">ts</span><span class="pl-c1">,</span> <span class="pl-en">vm</span><span class="pl-c1">)</span>
+    <span class="pl-k">in</span>
+  <span class="pl-k">if</span> <span class="pl-en">term_eq</span> <span class="pl-c1">(</span><span class="pl-en">pack</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_FVar</span> <span class="pl-en">fv</span><span class="pl-c1">))</span> <span class="pl-en">add</span> <span class="pl-k">then</span> <span class="pl-en">binop</span> <span class="pl-c1">Pplus</span> <span class="pl-k">else</span>
+  <span class="pl-k">if</span> <span class="pl-en">term_eq</span> <span class="pl-c1">(</span><span class="pl-en">pack</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_FVar</span> <span class="pl-en">fv</span><span class="pl-c1">))</span> <span class="pl-en">mult</span> <span class="pl-k">then</span> <span class="pl-en">binop</span> <span class="pl-c1">Pmult</span> <span class="pl-k">else</span>
+  <span class="pl-en">make_fvar</span> <span class="pl-en">t</span> <span class="pl-en">unquotea</span> <span class="pl-en">ts</span> <span class="pl-en">vm</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-en">fv</span><span class="pl-c1">,</span> <span class="pl-c1">[(</span><span class="pl-en">t1</span><span class="pl-c1">,</span> <span class="pl-c1">_</span><span class="pl-c1">)]</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-k">let</span> <span class="pl-en">monop</span> <span class="pl-c1">(</span><span class="pl-en">op</span><span class="pl-c1">:</span><span class="pl-en">polynomial</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">polynomial</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">polynomial</span> <span class="pl-en">a</span> * <span class="pl-en">list</span> <span class="pl-en">term</span> * <span class="pl-en">vmap</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-c1">(</span><span class="pl-en">e</span><span class="pl-c1">,</span> <span class="pl-en">ts</span><span class="pl-c1">,</span> <span class="pl-en">vm</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">reification_aux</span> <span class="pl-en">unquotea</span> <span class="pl-en">ts</span> <span class="pl-en">vm</span> <span class="pl-en">add</span> <span class="pl-en">opp</span> <span class="pl-en">mone</span> <span class="pl-en">mult</span> <span class="pl-en">t1</span> <span class="pl-k">in</span>
+    <span class="pl-c1">(</span><span class="pl-en">op</span> <span class="pl-en">e</span><span class="pl-c1">,</span> <span class="pl-en">ts</span><span class="pl-c1">,</span> <span class="pl-en">vm</span><span class="pl-c1">)</span>
+    <span class="pl-k">in</span>
+  <span class="pl-k">if</span> <span class="pl-en">term_eq</span> <span class="pl-c1">(</span><span class="pl-en">pack</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_FVar</span> <span class="pl-en">fv</span><span class="pl-c1">))</span> <span class="pl-en">opp</span> <span class="pl-k">then</span> <span class="pl-en">monop</span> <span class="pl-c1">Popp</span> <span class="pl-k">else</span>
+  <span class="pl-en">make_fvar</span> <span class="pl-en">t</span> <span class="pl-en">unquotea</span> <span class="pl-en">ts</span> <span class="pl-en">vm</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Tv_Const</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pconst</span> <span class="pl-c1">(</span><span class="pl-en">unquotea</span> <span class="pl-en">t</span><span class="pl-c1">),</span> <span class="pl-en">ts</span><span class="pl-c1">,</span> <span class="pl-en">vm</span>
+<span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">make_fvar</span> <span class="pl-en">t</span> <span class="pl-en">unquotea</span> <span class="pl-en">ts</span> <span class="pl-en">vm</span></pre></div>
+<h4>
+<a id="user-content-steps" class="anchor" href="#steps" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>steps</h4>
 <ul>
 <li>How to normalize terms in the tactic.</li>
 <li>This is carefully tuned to unfold all and no more than required</li>
-<li></li>
+<li>
+</li>
 </ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">steps</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">[</span>
+    <span class="pl-en">primops</span><span class="pl-c1">;</span>
+    <span class="pl-en">iota</span><span class="pl-c1">;</span>
+    <span class="pl-en">zeta</span><span class="pl-c1">;</span>
+    <span class="pl-en">delta_attr</span> <span class="pl-c1">[`</span>%<span class="pl-en">canon_attr</span><span class="pl-c1">];</span>
+    <span class="pl-en">delta_only</span> <span class="pl-c1">[</span>
+      <span class="pl-c1">`</span>%<span class="pl-smi">FStar.Mul.</span><span class="pl-en">op_Star</span><span class="pl-c1">;</span>                        <span class="pl-c">// For integer ring</span>
+      <span class="pl-c1">`</span>%<span class="pl-smi">FStar.Algebra.CommMonoid.</span><span class="pl-en">int_plus_cm</span><span class="pl-c1">;</span>     <span class="pl-c">// For integer ring</span>
+      <span class="pl-c1">`</span>%<span class="pl-smi">FStar.Algebra.CommMonoid.</span><span class="pl-en">int_multiply_cm</span><span class="pl-c1">;</span> <span class="pl-c">// For integer ring</span>
+      <span class="pl-c1">`</span>%<span class="pl-smi">FStar.Algebra.CommMonoid.</span><span class="pl-en">__proj__CM__item__mult</span><span class="pl-c1">;</span>
+      <span class="pl-c1">`</span>%<span class="pl-smi">FStar.Algebra.CommMonoid.</span><span class="pl-en">__proj__CM__item__unit</span><span class="pl-c1">;</span>
+      <span class="pl-c1">`</span>%<span class="pl-en">__proj__CR__item__cm_add</span><span class="pl-c1">;</span>
+      <span class="pl-c1">`</span>%<span class="pl-en">__proj__CR__item__opp</span><span class="pl-c1">;</span>
+      <span class="pl-c1">`</span>%<span class="pl-en">__proj__CR__item__cm_mult</span><span class="pl-c1">;</span>
+      <span class="pl-c1">`</span>%<span class="pl-smi">FStar.List.Tot.Base.</span><span class="pl-en">assoc</span><span class="pl-c1">;</span>
+      <span class="pl-c1">`</span>%<span class="pl-smi">FStar.Pervasives.Native.</span><span class="pl-en">fst</span><span class="pl-c1">;</span>
+      <span class="pl-c1">`</span>%<span class="pl-smi">FStar.Pervasives.Native.</span><span class="pl-en">snd</span><span class="pl-c1">;</span>
+      <span class="pl-c1">`</span>%<span class="pl-smi">FStar.Pervasives.Native.</span><span class="pl-en">__proj__Mktuple2__item___1</span><span class="pl-c1">;</span>
+      <span class="pl-c1">`</span>%<span class="pl-smi">FStar.Pervasives.Native.</span><span class="pl-en">__proj__Mktuple2__item___2</span><span class="pl-c1">;</span>
+      <span class="pl-c1">`</span>%<span class="pl-smi">FStar.List.Tot.Base.</span><span class="pl-en">op_At</span><span class="pl-c1">;</span>
+      <span class="pl-c1">`</span>%<span class="pl-smi">FStar.List.Tot.Base.</span><span class="pl-en">append</span><span class="pl-c1">;</span>
+    <span class="pl-c1">]</span>
+  <span class="pl-c1">]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">canon_norm</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span> <span class="pl-en">norm</span> <span class="pl-en">steps</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">reification</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span>
+  <span class="pl-c1">(</span><span class="pl-en">unquotea</span><span class="pl-c1">:</span><span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">quotea</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">tadd</span> <span class="pl-en">topp</span> <span class="pl-en">tmone</span> <span class="pl-en">tmult</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">munit</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ts</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">polynomial</span> <span class="pl-en">a</span><span class="pl-c1">)</span> * <span class="pl-en">vmap</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span></pre></div>
+<p>Be careful not to normalize operations too much
+E.g. we don't want to turn ( +% ) into (a + b) % prime
+or we won't be able to spot ring operations
+ddump ("add = " ^ term_to_string add ^ "\nmult = " ^ term_to_string mult);</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">add</span>  <span class="pl-c1">=</span> <span class="pl-en">tadd</span> <span class="pl-k">in</span>
+<span class="pl-k">let</span> <span class="pl-en">opp</span>  <span class="pl-c1">=</span> <span class="pl-en">topp</span> <span class="pl-k">in</span>
+<span class="pl-k">let</span> <span class="pl-en">mone</span> <span class="pl-c1">=</span> <span class="pl-en">tmone</span> <span class="pl-k">in</span>
+<span class="pl-k">let</span> <span class="pl-en">mult</span> <span class="pl-c1">=</span> <span class="pl-en">tmult</span> <span class="pl-k">in</span>
+<span class="pl-k">let</span> <span class="pl-en">ts</span> <span class="pl-c1">=</span> <span class="pl-smi">Tactics.Util.</span><span class="pl-en">map</span> <span class="pl-c1">(</span><span class="pl-en">norm_term</span> <span class="pl-en">steps</span><span class="pl-c1">)</span> <span class="pl-en">ts</span> <span class="pl-k">in</span>
+<span class="pl-k">let</span> <span class="pl-c1">(</span><span class="pl-en">es</span><span class="pl-c1">,</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-en">vm</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-smi">Tactics.Util.</span><span class="pl-en">fold_left</span>
+    <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">es</span><span class="pl-c1">,</span> <span class="pl-en">vs</span><span class="pl-c1">,</span> <span class="pl-en">vm</span><span class="pl-c1">)</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-k">let</span> <span class="pl-c1">(</span><span class="pl-en">e</span><span class="pl-c1">,</span> <span class="pl-en">vs</span><span class="pl-c1">,</span> <span class="pl-en">vm</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">reification_aux</span> <span class="pl-en">unquotea</span> <span class="pl-en">vs</span> <span class="pl-en">vm</span> <span class="pl-en">add</span> <span class="pl-en">opp</span> <span class="pl-en">mone</span> <span class="pl-en">mult</span> <span class="pl-en">t</span>
+      <span class="pl-k">in</span> <span class="pl-c1">(</span><span class="pl-en">e</span><span class="pl-c1">::</span><span class="pl-en">es</span><span class="pl-c1">,</span> <span class="pl-en">vs</span><span class="pl-c1">,</span> <span class="pl-en">vm</span><span class="pl-c1">))</span>
+    <span class="pl-c1">([],[],</span> <span class="pl-c1">([],</span> <span class="pl-en">munit</span><span class="pl-c1">))</span> <span class="pl-en">ts</span>
+<span class="pl-k">in</span> <span class="pl-c1">(</span><span class="pl-smi">List.Tot.Base.</span><span class="pl-en">rev</span> <span class="pl-en">es</span><span class="pl-c1">,</span> <span class="pl-en">vm</span><span class="pl-c1">)</span></pre></div>
+<p>The implicit argument in the application of <code>Pconst</code> is crucial</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">quote_polynomial</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">ta</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">quotea</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">e</span><span class="pl-c1">:</span><span class="pl-en">polynomial</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">e</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Pconst</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mk_app</span> <span class="pl-c1">(`</span><span class="pl-c1">Pconst</span><span class="pl-c1">)</span> <span class="pl-c1">[(</span><span class="pl-en">ta</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Implicit</span><span class="pl-c1">);</span> <span class="pl-c1">(</span><span class="pl-en">quotea</span> <span class="pl-en">c</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">)]</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Pvar</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mk_e_app</span> <span class="pl-c1">(`</span><span class="pl-c1">Pvar</span><span class="pl-c1">)</span> <span class="pl-c1">[</span><span class="pl-en">pack</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_Const</span> <span class="pl-c1">(</span><span class="pl-c1">C_Int</span> <span class="pl-en">x</span><span class="pl-c1">))]</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Pplus</span> <span class="pl-en">e1</span> <span class="pl-en">e2</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">mk_e_app</span> <span class="pl-c1">(`</span><span class="pl-c1">Pplus</span><span class="pl-c1">)</span> <span class="pl-c1">[</span><span class="pl-en">quote_polynomial</span> <span class="pl-en">ta</span> <span class="pl-en">quotea</span> <span class="pl-en">e1</span><span class="pl-c1">;</span> <span class="pl-en">quote_polynomial</span> <span class="pl-en">ta</span> <span class="pl-en">quotea</span> <span class="pl-en">e2</span><span class="pl-c1">]</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Pmult</span> <span class="pl-en">e1</span> <span class="pl-en">e2</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">mk_e_app</span> <span class="pl-c1">(`</span><span class="pl-c1">Pmult</span><span class="pl-c1">)</span> <span class="pl-c1">[</span><span class="pl-en">quote_polynomial</span> <span class="pl-en">ta</span> <span class="pl-en">quotea</span> <span class="pl-en">e1</span><span class="pl-c1">;</span> <span class="pl-en">quote_polynomial</span> <span class="pl-en">ta</span> <span class="pl-en">quotea</span> <span class="pl-en">e2</span><span class="pl-c1">]</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Popp</span> <span class="pl-en">e</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mk_e_app</span> <span class="pl-c1">(`</span><span class="pl-c1">Popp</span><span class="pl-c1">)</span> <span class="pl-c1">[</span><span class="pl-en">quote_polynomial</span> <span class="pl-en">ta</span> <span class="pl-en">quotea</span> <span class="pl-en">e</span><span class="pl-c1">]</span></pre></div>
+<p>Constructs the 3 main goals of the tactic</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">semiring_reflect</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">vm</span><span class="pl-c1">:</span><span class="pl-en">vmap</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">e1</span> <span class="pl-en">e2</span><span class="pl-c1">:</span><span class="pl-en">polynomial</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">a1</span> <span class="pl-en">a2</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-c1">_</span> <span class="pl-c1">:</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span>
+      <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">polynomial_simplify</span> <span class="pl-en">r</span> <span class="pl-en">e1</span><span class="pl-c1">)</span> <span class="pl-c1">==</span>
+      <span class="pl-en">interp_cs</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-c1">(</span><span class="pl-en">polynomial_simplify</span> <span class="pl-en">r</span> <span class="pl-en">e2</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">(</span><span class="pl-c1">_</span> <span class="pl-c1">:</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">a1</span> <span class="pl-c1">==</span> <span class="pl-en">interp_p</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">e1</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-c1">_</span> <span class="pl-c1">:</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">a2</span> <span class="pl-c1">==</span> <span class="pl-en">interp_p</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">e2</span><span class="pl-c1">))</span> <span class="pl-c1">:</span>
+    <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">a1</span> <span class="pl-c1">==</span> <span class="pl-en">a2</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span>
+  <span class="pl-en">polynomial_simplify_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">e1</span><span class="pl-c1">;</span>
+  <span class="pl-en">polynomial_simplify_ok</span> <span class="pl-en">r</span> <span class="pl-en">vm</span> <span class="pl-en">e2</span></pre></div>
+<p><code>@@plugin</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">canon_semiring_aux</span>
+    <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">ta</span><span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">unquotea</span><span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">quotea</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">tr</span> <span class="pl-en">tadd</span> <span class="pl-en">topp</span> <span class="pl-en">tmone</span> <span class="pl-en">tmult</span><span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">munit</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span>
+<span class="pl-c1">=</span>
+  <span class="pl-en">focus</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">norm</span> <span class="pl-c1">[];</span> <span class="pl-c">// Do not normalize anything implicitly</span>
+  <span class="pl-k">let</span> <span class="pl-en">g</span> <span class="pl-c1">=</span> <span class="pl-en">cur_goal</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+  <span class="pl-k">match</span> <span class="pl-en">term_as_formula</span> <span class="pl-en">g</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Comp</span> <span class="pl-c1">(</span><span class="pl-c1">Eq</span> <span class="pl-c1">(</span><span class="pl-c1">Some</span> <span class="pl-en">t</span><span class="pl-c1">))</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">begin</span></pre></div>
+<p>ddump ("t1 = " ^ term_to_string t1 ^ "\nt2 = " ^ term_to_string t2);</p>
+<pre><code>    ddump (term_to_string t1);
+    ddump (term_to_string t2);
+    let r : cr a = unquote tr in
+    ddump ("vm = " ^ term_to_string (quote vm) ^ "\n" ^
+           "before = " ^ term_to_string (norm_term steps
+                (quote (interp_p r vm e1 == interp_p r vm e2))));
+    dump ("expected after = " ^ term_to_string (norm_term steps
+      (quote (
+          interp_cs r vm (polynomial_simplify r e1) ==
+          interp_cs r vm (polynomial_simplify r e2)))));
+</code></pre>
+<p>ddump ("te1 = " ^ term_to_string te1);
+ddump ("te2 = " ^ term_to_string te2);
+ddump "Before canonization";
+ddump "After canonization";
+ddump "Before normalizing left-hand side";
+ddump "After normalizing left-hand side";
+ddump "Before normalizing right-hand side";
+ddump "After normalizing right-hand side";</p>
+<div class="highlight highlight-source-fstar"><pre>    <span class="pl-k">if</span> <span class="pl-en">term_eq</span> <span class="pl-en">t</span> <span class="pl-en">ta</span> <span class="pl-k">then</span>
+    <span class="pl-k">begin</span>
+    <span class="pl-k">match</span> <span class="pl-en">reification</span> <span class="pl-en">unquotea</span> <span class="pl-en">quotea</span> <span class="pl-en">tadd</span> <span class="pl-en">topp</span> <span class="pl-en">tmone</span> <span class="pl-en">tmult</span> <span class="pl-en">munit</span> <span class="pl-c1">[</span><span class="pl-en">t1</span><span class="pl-c1">;</span> <span class="pl-en">t2</span><span class="pl-c1">]</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">([</span><span class="pl-en">e1</span><span class="pl-c1">;</span> <span class="pl-en">e2</span><span class="pl-c1">],</span> <span class="pl-en">vm</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-k">let</span> <span class="pl-en">tvm</span> <span class="pl-c1">=</span> <span class="pl-en">quote_vm</span> <span class="pl-en">ta</span> <span class="pl-en">quotea</span> <span class="pl-en">vm</span> <span class="pl-k">in</span>
+      <span class="pl-k">let</span> <span class="pl-en">te1</span> <span class="pl-c1">=</span> <span class="pl-en">quote_polynomial</span> <span class="pl-en">ta</span> <span class="pl-en">quotea</span> <span class="pl-en">e1</span> <span class="pl-k">in</span>
+      <span class="pl-k">let</span> <span class="pl-en">te2</span> <span class="pl-c1">=</span> <span class="pl-en">quote_polynomial</span> <span class="pl-en">ta</span> <span class="pl-en">quotea</span> <span class="pl-en">e2</span> <span class="pl-k">in</span>
+      <span class="pl-en">mapply</span> <span class="pl-c1">(`(</span><span class="pl-en">semiring_reflect</span>
+        <span class="pl-c1">#(`#</span><span class="pl-en">ta</span><span class="pl-c1">)</span> <span class="pl-c1">(`#</span><span class="pl-en">tr</span><span class="pl-c1">)</span> <span class="pl-c1">(`#</span><span class="pl-en">tvm</span><span class="pl-c1">)</span> <span class="pl-c1">(`#</span><span class="pl-en">te1</span><span class="pl-c1">)</span> <span class="pl-c1">(`#</span><span class="pl-en">te2</span><span class="pl-c1">)</span> <span class="pl-c1">(`#</span><span class="pl-en">t1</span><span class="pl-c1">)</span> <span class="pl-c1">(`#</span><span class="pl-en">t2</span><span class="pl-c1">)));</span>
+      <span class="pl-en">canon_norm</span> <span class="pl-c1">();</span>
+      <span class="pl-en">later</span> <span class="pl-c1">();</span>
+      <span class="pl-en">canon_norm</span> <span class="pl-c1">();</span>
+      <span class="pl-en">trefl</span> <span class="pl-c1">();</span>
+      <span class="pl-en">canon_norm</span> <span class="pl-c1">();</span>
+      <span class="pl-en">trefl</span> <span class="pl-c1">()</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>Unexpected<span class="pl-pds">"</span></span>
+    <span class="pl-k">end</span>
+    <span class="pl-k">else</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>Found equality, but terms do not have the expected type<span class="pl-pds">"</span></span>
+  <span class="pl-en">end</span>
+<span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>Goal should be an equality<span class="pl-pds">"</span></span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">canon_semiring</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">cr</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+  <span class="pl-en">canon_semiring_aux</span> <span class="pl-en">a</span>
+    <span class="pl-c1">(</span><span class="pl-en">quote</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">unquote</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">quote</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">quote</span> <span class="pl-en">r</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">norm_term</span> <span class="pl-en">steps</span> <span class="pl-c1">(</span><span class="pl-en">quote</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.</span><span class="pl-en">mult</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">norm_term</span> <span class="pl-en">steps</span> <span class="pl-c1">(</span><span class="pl-en">quote</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">opp</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">norm_term</span> <span class="pl-en">steps</span> <span class="pl-c1">(</span><span class="pl-en">quote</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">opp</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.unit)))</span>
+    <span class="pl-c1">(</span><span class="pl-en">norm_term</span> <span class="pl-en">steps</span> <span class="pl-c1">(</span><span class="pl-en">quote</span> <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_mult</span><span class="pl-c1">.</span><span class="pl-en">mult</span><span class="pl-c1">))</span>
+    <span class="pl-en">r</span><span class="pl-c1">.</span><span class="pl-en">cm_add</span><span class="pl-c1">.unit</span></pre></div>
+<blockquote>
+<p>Ring of integers</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">canon_attr</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">int_cr</span> <span class="pl-c1">:</span> <span class="pl-en">cr</span> <span class="pl-c1">int</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">CR</span> <span class="pl-en">int_plus_cm</span> <span class="pl-en">int_multiply_cm</span> <span class="pl-en">op_Minus</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">())</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">())</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">())</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">eq_nat_via_int</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">:</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">eq</span> <span class="pl-c1">:</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">eq2</span> <span class="pl-c1">#int</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">eq2</span> <span class="pl-c1">#nat</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">int_semiring</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span></pre></div>
+<p>Check to see if goal is a <code>nat</code> equality, change the equality to <code>int</code> beforehand</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">match</span> <span class="pl-en">term_as_formula</span> <span class="pl-c1">(</span><span class="pl-en">cur_goal</span> <span class="pl-c1">())</span> <span class="pl-k">with</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Comp</span> <span class="pl-c1">(</span><span class="pl-c1">Eq</span> <span class="pl-c1">(</span><span class="pl-c1">Some</span> <span class="pl-en">t</span><span class="pl-c1">))</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">if</span> <span class="pl-en">term_eq</span> <span class="pl-en">t</span> <span class="pl-c1">(`</span><span class="pl-smi">Prims.</span><span class="pl-c1">nat)</span>
+    <span class="pl-k">then</span> <span class="pl-c1">(</span><span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">eq_nat_via_int</span><span class="pl-c1">);</span> <span class="pl-en">canon_semiring</span> <span class="pl-en">int_cr</span><span class="pl-c1">)</span>
+    <span class="pl-k">else</span> <span class="pl-en">canon_semiring</span> <span class="pl-en">int_cr</span>
+<span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">canon_semiring</span> <span class="pl-en">int_cr</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#set-options</span> "<span class="pl-s">--tactic_trace_d 0 --no_smt</span>"</pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">test</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-k">open</span> <span class="pl-smi">FStar.Mul</span> <span class="pl-k">in</span>
+  <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-c1">-</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-c1">2</span> * <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-c1">-</span> <span class="pl-en">a</span> <span class="pl-c1">==</span> <span class="pl-c1">-</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-c1">2</span> * <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-k">by</span> <span class="pl-c1">(</span><span class="pl-en">int_semiring</span> <span class="pl-c1">())</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Tactics.CanonCommSwaps.html b/docs/FStar.Tactics.CanonCommSwaps.html
index a441aaf..f729f36 100644
--- a/docs/FStar.Tactics.CanonCommSwaps.html
+++ b/docs/FStar.Tactics.CanonCommSwaps.html
@@ -1,16 +1,129 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Tactics.CanonCommSwaps</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.tactics.canoncommswaps">module FStar.Tactics.CanonCommSwaps</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstartacticscanoncommswaps" class="anchor" href="#fstartacticscanoncommswaps" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Tactics.CanonCommSwaps</h1>
+<ul>
+<li>Opens module <a href="FStar.List.Tot.html">FStar.List.Tot</a>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">swap</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">:Type</span> <span class="pl-c1">=</span> <span class="pl-en">x</span><span class="pl-c1">:nat{</span><span class="pl-en">x</span> &lt; <span class="pl-en">n</span><span class="pl-c1">-</span><span class="pl-c1">1</span><span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">apply_swap_aux</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">xs</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">swap</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">xs</span> <span class="pl-c1">+</span> <span class="pl-en">n</span><span class="pl-c1">))</span> <span class="pl-c1">:</span>
+    <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+                  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">zs</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">length</span> <span class="pl-en">zs</span> <span class="pl-c1">==</span> <span class="pl-en">length</span> <span class="pl-en">xs</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">xs</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">xs</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">|</span> <span class="pl-c1">[</span><span class="pl-c1">_</span><span class="pl-c1">]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">xs</span>
+  <span class="pl-c1">|</span> <span class="pl-en">x1</span> <span class="pl-c1">::</span> <span class="pl-en">x2</span> <span class="pl-c1">::</span> <span class="pl-en">xs'</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">if</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">s</span> <span class="pl-c1">&lt;:</span> <span class="pl-c1">nat)</span>
+                       <span class="pl-k">then</span> <span class="pl-en">x2</span> <span class="pl-c1">::</span> <span class="pl-en">x1</span> <span class="pl-c1">::</span> <span class="pl-en">xs'</span>
+                       <span class="pl-k">else</span> <span class="pl-en">x1</span> <span class="pl-c1">::</span> <span class="pl-en">apply_swap_aux</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">+</span><span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x2</span> <span class="pl-c1">::</span> <span class="pl-en">xs'</span><span class="pl-c1">)</span> <span class="pl-en">s</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">apply_swap</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-en">apply_swap_aux</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">apply_swaps</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">xs</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ss</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">swap</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">xs</span><span class="pl-c1">)))</span> <span class="pl-c1">:</span>
+    <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+                  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">zs</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">length</span> <span class="pl-en">zs</span> <span class="pl-c1">==</span> <span class="pl-en">length</span> <span class="pl-en">xs</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">ss</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">ss</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">xs</span>
+  <span class="pl-c1">|</span> <span class="pl-en">s</span><span class="pl-c1">::</span><span class="pl-en">ss'</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">apply_swaps</span> <span class="pl-c1">(</span><span class="pl-en">apply_swap</span> <span class="pl-en">xs</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">ss'</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">equal_counts</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">xs</span> <span class="pl-en">ys</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Type0</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">e</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">count</span> <span class="pl-en">e</span> <span class="pl-en">xs</span><span class="pl-c1">)</span> <span class="pl-c1">\/</span> <span class="pl-c1">(</span><span class="pl-en">count</span> <span class="pl-en">e</span> <span class="pl-en">ys</span><span class="pl-c1">)}</span> <span class="pl-en">count</span> <span class="pl-en">e</span> <span class="pl-en">xs</span> <span class="pl-c1">==</span> <span class="pl-en">count</span> <span class="pl-en">e</span> <span class="pl-en">ys</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">extend_equal_counts</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">xs</span> <span class="pl-en">ys</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">equal_counts</span> <span class="pl-en">xs</span> <span class="pl-en">ys</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">equal_counts</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">::</span><span class="pl-en">xs</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">::</span><span class="pl-en">ys</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span>
+  <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">retract_equal_counts</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">xs</span> <span class="pl-en">ys</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">equal_counts</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">::</span><span class="pl-en">xs</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">::</span><span class="pl-en">ys</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">equal_counts</span> <span class="pl-en">xs</span> <span class="pl-en">ys</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span>
+  <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">e</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">count</span> <span class="pl-en">e</span> <span class="pl-en">xs</span><span class="pl-c1">)</span> <span class="pl-c1">\/</span> <span class="pl-c1">(</span><span class="pl-en">count</span> <span class="pl-en">e</span> <span class="pl-en">ys</span><span class="pl-c1">)}</span> <span class="pl-en">count</span> <span class="pl-en">e</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">::</span><span class="pl-en">xs</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">count</span> <span class="pl-en">e</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">::</span><span class="pl-en">ys</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">swap_for</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">xs</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">swap</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">xs</span><span class="pl-c1">)</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">swaps_for</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">xs</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">swap_for</span> <span class="pl-en">xs</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">append_swaps</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">xs</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ss1</span> <span class="pl-en">ss2</span><span class="pl-c1">:</span><span class="pl-en">swaps_for</span> <span class="pl-en">xs</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">apply_swaps</span> <span class="pl-en">xs</span> <span class="pl-c1">(</span><span class="pl-en">ss1</span> @ <span class="pl-en">ss2</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">apply_swaps</span> <span class="pl-c1">(</span><span class="pl-en">apply_swaps</span> <span class="pl-en">xs</span> <span class="pl-en">ss1</span><span class="pl-c1">)</span> <span class="pl-en">ss2</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">ss1</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">ss1</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">h</span><span class="pl-c1">::</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">append_swaps</span> <span class="pl-c1">(</span><span class="pl-en">apply_swap</span> <span class="pl-en">xs</span> <span class="pl-en">h</span><span class="pl-c1">)</span> <span class="pl-en">t</span> <span class="pl-en">ss2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">lift_swap_cons</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">xs</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">swap</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">xs</span> <span class="pl-c1">+</span> <span class="pl-en">n</span><span class="pl-c1">))</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">n</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">s</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">apply_swap_aux</span> <span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">::</span><span class="pl-en">xs</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">h</span><span class="pl-c1">::(</span><span class="pl-en">apply_swap_aux</span> <span class="pl-en">n</span> <span class="pl-en">xs</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">xs</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">xs</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">x</span><span class="pl-c1">::</span><span class="pl-en">xt</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">if</span> <span class="pl-en">n</span> &lt; <span class="pl-en">s</span> <span class="pl-k">then</span> <span class="pl-en">lift_swap_cons</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">x</span> <span class="pl-en">xt</span> <span class="pl-en">s</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">lift_swaps_cons</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">xs</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ss</span><span class="pl-c1">:</span><span class="pl-en">swaps_for</span> <span class="pl-en">xs</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">swaps_for</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">::</span><span class="pl-en">xs</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">ss'</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">apply_swaps</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">::</span><span class="pl-en">xs</span><span class="pl-c1">)</span> <span class="pl-en">ss'</span> <span class="pl-c1">==</span> <span class="pl-en">h</span><span class="pl-c1">::(</span><span class="pl-en">apply_swaps</span> <span class="pl-en">xs</span> <span class="pl-en">ss</span><span class="pl-c1">)</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">ss</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">ss</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+  <span class="pl-c1">|</span> <span class="pl-en">s</span><span class="pl-c1">::</span><span class="pl-en">st</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span>
+      <span class="pl-en">lift_swap_cons</span> <span class="pl-c1">0</span> <span class="pl-en">h</span> <span class="pl-en">xs</span> <span class="pl-en">s</span><span class="pl-c1">;</span>
+      <span class="pl-c1">(</span><span class="pl-en">s</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">)::(</span><span class="pl-en">lift_swaps_cons</span> <span class="pl-en">h</span> <span class="pl-c1">(</span><span class="pl-en">apply_swap</span> <span class="pl-en">xs</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">st</span><span class="pl-c1">)</span>
+    <span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">swap_to_front</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">xs</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">swaps_for</span> <span class="pl-en">xs</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">count</span> <span class="pl-en">h</span> <span class="pl-en">xs</span> &gt;<span class="pl-c1">=</span> <span class="pl-c1">1</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">ss</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">let</span> <span class="pl-en">ys</span> <span class="pl-c1">=</span> <span class="pl-en">apply_swaps</span> <span class="pl-en">xs</span> <span class="pl-en">ss</span> <span class="pl-k">in</span>
+    <span class="pl-en">equal_counts</span> <span class="pl-en">xs</span> <span class="pl-en">ys</span> <span class="pl-c1">/\</span>
+    <span class="pl-c1">Cons</span><span class="pl-c1">?</span> <span class="pl-en">ys</span> <span class="pl-c1">/\</span>
+    <span class="pl-en">hd</span> <span class="pl-en">ys</span> <span class="pl-c1">==</span> <span class="pl-en">h</span>
+  <span class="pl-c1">))</span>
+  <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">xs</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+  <span class="pl-c1">|</span> <span class="pl-en">x</span><span class="pl-c1">::</span><span class="pl-en">xt</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span>
+      <span class="pl-k">if</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">h</span> <span class="pl-k">then</span> <span class="pl-c1">[]</span>
+      <span class="pl-k">else</span>
+      <span class="pl-c1">(</span>
+        <span class="pl-k">let</span> <span class="pl-en">ss</span> <span class="pl-c1">=</span> <span class="pl-en">swap_to_front</span> <span class="pl-en">h</span> <span class="pl-en">xt</span> <span class="pl-k">in</span> <span class="pl-c">// ss turns xt into h::xt'</span>
+        <span class="pl-k">let</span> <span class="pl-en">ss'</span> <span class="pl-c1">=</span> <span class="pl-en">lift_swaps_cons</span> <span class="pl-en">x</span> <span class="pl-en">xt</span> <span class="pl-en">ss</span> <span class="pl-k">in</span> <span class="pl-c">// ss' turns x::xt into x::h::xt'</span>
+        <span class="pl-k">let</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">swap_for</span> <span class="pl-en">xs</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">in</span>
+        <span class="pl-en">append_swaps</span> <span class="pl-en">xs</span> <span class="pl-en">ss'</span> <span class="pl-c1">[</span><span class="pl-en">s</span><span class="pl-c1">];</span>
+        <span class="pl-en">ss'</span> @ <span class="pl-c1">[</span><span class="pl-en">s</span><span class="pl-c1">]</span>
+      <span class="pl-c1">)</span>
+    <span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">equal_counts_implies_swaps</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:eqtype)</span> <span class="pl-c1">(</span><span class="pl-en">xs</span> <span class="pl-en">ys</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">swaps_for</span> <span class="pl-en">xs</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">equal_counts</span> <span class="pl-en">xs</span> <span class="pl-en">ys</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">ss</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">ys</span> <span class="pl-c1">==</span> <span class="pl-en">apply_swaps</span> <span class="pl-en">xs</span> <span class="pl-en">ss</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">ys</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">ys</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span>
+      <span class="pl-k">match</span> <span class="pl-en">xs</span> <span class="pl-k">with</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+      <span class="pl-c1">|</span> <span class="pl-en">x</span><span class="pl-c1">::</span><span class="pl-en">xt</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-c1">(</span>
+          <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">count</span> <span class="pl-en">x</span> <span class="pl-en">xs</span> &gt;<span class="pl-c1">=</span> <span class="pl-c1">1</span><span class="pl-c1">);</span>
+          <span class="pl-c1">[]</span>
+        <span class="pl-c1">)</span>
+    <span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-en">y</span><span class="pl-c1">::</span><span class="pl-en">yt</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span>
+      <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">count</span> <span class="pl-en">y</span> <span class="pl-en">ys</span> &gt;<span class="pl-c1">=</span> <span class="pl-c1">1</span><span class="pl-c1">);</span>
+      <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">count</span> <span class="pl-en">y</span> <span class="pl-en">xs</span> &gt;<span class="pl-c1">=</span> <span class="pl-c1">1</span><span class="pl-c1">);</span>
+      <span class="pl-k">let</span> <span class="pl-en">ss0</span> <span class="pl-c1">=</span> <span class="pl-en">swap_to_front</span> <span class="pl-en">y</span> <span class="pl-en">xs</span> <span class="pl-k">in</span>               <span class="pl-c">// find y in xs, swap it to the front</span>
+      <span class="pl-k">let</span> <span class="pl-en">xs'</span> <span class="pl-c1">=</span> <span class="pl-en">apply_swaps</span> <span class="pl-en">xs</span> <span class="pl-en">ss0</span> <span class="pl-k">in</span>               <span class="pl-c">// hd xs' == y</span>
+      <span class="pl-k">let</span> <span class="pl-en">xt</span> <span class="pl-c1">=</span> <span class="pl-en">tl</span> <span class="pl-en">xs'</span> <span class="pl-k">in</span>                            <span class="pl-c">// xs' == y::xt</span>
+      <span class="pl-en">retract_equal_counts</span> <span class="pl-en">y</span> <span class="pl-en">xt</span> <span class="pl-en">yt</span><span class="pl-c1">;</span>                 <span class="pl-c">// prove (equal_counts xt yt)</span>
+      <span class="pl-k">let</span> <span class="pl-en">ss1</span> <span class="pl-c1">=</span> <span class="pl-en">equal_counts_implies_swaps</span> <span class="pl-en">xt</span> <span class="pl-en">yt</span> <span class="pl-k">in</span> <span class="pl-c">// prove (yt == apply_swaps xt ss1)</span>
+      <span class="pl-k">let</span> <span class="pl-en">ss1'</span> <span class="pl-c1">=</span> <span class="pl-en">lift_swaps_cons</span> <span class="pl-en">y</span> <span class="pl-en">xt</span> <span class="pl-en">ss1</span> <span class="pl-k">in</span>        <span class="pl-c">// y::yt == apply_swaps (y::xt) ss1'</span></pre></div>
+<p>ys == apply_swaps (apply_swaps xs ss0) ss1'</p>
+<div class="highlight highlight-source-fstar"><pre>  <span class="pl-en">append_swaps</span> <span class="pl-en">xs</span> <span class="pl-en">ss0</span> <span class="pl-en">ss1'</span><span class="pl-c1">;</span>
+  <span class="pl-en">ss0</span> @ <span class="pl-en">ss1'</span>
+<span class="pl-c1">)</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Tactics.CanonMonoid.html b/docs/FStar.Tactics.CanonMonoid.html
index e5b0e3f..a8bbcfe 100644
--- a/docs/FStar.Tactics.CanonMonoid.html
+++ b/docs/FStar.Tactics.CanonMonoid.html
@@ -1,16 +1,117 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Tactics.CanonMonoid</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.tactics.canonmonoid">module FStar.Tactics.CanonMonoid</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstartacticscanonmonoid" class="anchor" href="#fstartacticscanonmonoid" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Tactics.CanonMonoid</h1>
+<ul>
+<li>Opens module <a href="FStar.Algebra.Monoid.html">FStar.Algebra.Monoid</a>
+</li>
+<li>Opens module <a href="FStar.List.html">FStar.List</a>
+</li>
+<li>Opens module <a href="FStar.Tactics.html">FStar.Tactics</a>
+</li>
+<li>Opens module <a href="FStar.Reflection.html">FStar.Reflection</a>
+</li>
+</ul>
+<p>Only dump when debugging is on</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">dump</span> <span class="pl-en">m</span> <span class="pl-c1">=</span> <span class="pl-k">if</span> <span class="pl-en">debugging</span> <span class="pl-c1">()</span> <span class="pl-k">then</span> <span class="pl-en">dump</span> <span class="pl-en">m</span></pre></div>
+<p>"A Monoid Expression Simplifier" ported from
+<a href="http://adam.chlipala.net/cpdt/html/Cpdt.Reflection.html" rel="nofollow">http://adam.chlipala.net/cpdt/html/Cpdt.Reflection.html</a></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">exp</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Unit</span> <span class="pl-c1">:</span> <span class="pl-en">exp</span> <span class="pl-en">a</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Var</span> <span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">exp</span> <span class="pl-en">a</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Mult</span> <span class="pl-c1">:</span> <span class="pl-en">exp</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">exp</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">exp</span> <span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">exp_to_string</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">a_to_string</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">-&gt;string)</span> <span class="pl-c1">(</span><span class="pl-en">e</span><span class="pl-c1">:</span><span class="pl-en">exp</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">e</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Unit<span class="pl-pds">"</span></span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Var</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Var <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">a_to_string</span> <span class="pl-en">x</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Mult</span> <span class="pl-en">e1</span> <span class="pl-en">e2</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Mult (<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">exp_to_string</span> <span class="pl-en">a_to_string</span> <span class="pl-en">e1</span>
+                   <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>) (<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">exp_to_string</span> <span class="pl-en">a_to_string</span> <span class="pl-en">e2</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">mdenote</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">monoid</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">e</span><span class="pl-c1">:</span><span class="pl-en">exp</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">e</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Monoid</span><span class="pl-c1">?.unit</span> <span class="pl-en">m</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Var</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Mult</span> <span class="pl-en">e1</span> <span class="pl-en">e2</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Monoid</span><span class="pl-c1">?.</span><span class="pl-en">mult</span> <span class="pl-en">m</span> <span class="pl-c1">(</span><span class="pl-en">mdenote</span> <span class="pl-en">m</span> <span class="pl-en">e1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">mdenote</span> <span class="pl-en">m</span> <span class="pl-en">e2</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">mldenote</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">monoid</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">xs</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">xs</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Monoid</span><span class="pl-c1">?.unit</span> <span class="pl-en">m</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[</span><span class="pl-en">x</span><span class="pl-c1">]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span>
+  <span class="pl-c1">|</span> <span class="pl-en">x</span><span class="pl-c1">::</span><span class="pl-en">xs'</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Monoid</span><span class="pl-c1">?.</span><span class="pl-en">mult</span> <span class="pl-en">m</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">mldenote</span> <span class="pl-en">m</span> <span class="pl-en">xs'</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">flatten</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">e</span><span class="pl-c1">:</span><span class="pl-en">exp</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">a</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">e</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Var</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[</span><span class="pl-en">x</span><span class="pl-c1">]</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Mult</span> <span class="pl-en">e1</span> <span class="pl-en">e2</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">flatten</span> <span class="pl-en">e1</span> @ <span class="pl-en">flatten</span> <span class="pl-en">e2</span></pre></div>
+<p>This proof internally uses the monoid laws; the SMT solver picks up
+on them because they are written as squashed formulas in the
+definition of monoid; need to be careful with this since these are
+quantified formulas without any patterns. Dangerous stuff!</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">flatten_correct_aux</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">monoid</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">ml1</span> <span class="pl-en">ml2</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">mldenote</span> <span class="pl-en">m</span> <span class="pl-c1">(</span><span class="pl-en">ml1</span> @ <span class="pl-en">ml2</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">Monoid</span><span class="pl-c1">?.</span><span class="pl-en">mult</span> <span class="pl-en">m</span> <span class="pl-c1">(</span><span class="pl-en">mldenote</span> <span class="pl-en">m</span> <span class="pl-en">ml1</span><span class="pl-c1">)</span>
+                                                  <span class="pl-c1">(</span><span class="pl-en">mldenote</span> <span class="pl-en">m</span> <span class="pl-en">ml2</span><span class="pl-c1">))</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">ml1</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">e</span><span class="pl-c1">::</span><span class="pl-en">es1'</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">flatten_correct_aux</span> <span class="pl-en">m</span> <span class="pl-en">es1'</span> <span class="pl-en">ml2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">flatten_correct</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">monoid</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">e</span><span class="pl-c1">:</span><span class="pl-en">exp</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span>
+    <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">mdenote</span> <span class="pl-en">m</span> <span class="pl-en">e</span> <span class="pl-c1">==</span> <span class="pl-en">mldenote</span> <span class="pl-en">m</span> <span class="pl-c1">(</span><span class="pl-en">flatten</span> <span class="pl-en">e</span><span class="pl-c1">))</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">e</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Unit</span> <span class="pl-c1">|</span> <span class="pl-c1">Var</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Mult</span> <span class="pl-en">e1</span> <span class="pl-en">e2</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">flatten_correct_aux</span> <span class="pl-en">m</span> <span class="pl-c1">(</span><span class="pl-en">flatten</span> <span class="pl-en">e1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">flatten</span> <span class="pl-en">e2</span><span class="pl-c1">);</span>
+                  <span class="pl-en">flatten_correct</span> <span class="pl-en">m</span> <span class="pl-en">e1</span><span class="pl-c1">;</span> <span class="pl-en">flatten_correct</span> <span class="pl-en">m</span> <span class="pl-en">e2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">monoid_reflect</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">monoid</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">e1</span> <span class="pl-en">e2</span><span class="pl-c1">:</span><span class="pl-en">exp</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-c1">_</span> <span class="pl-c1">:</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">mldenote</span> <span class="pl-en">m</span> <span class="pl-c1">(</span><span class="pl-en">flatten</span> <span class="pl-en">e1</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">mldenote</span> <span class="pl-en">m</span> <span class="pl-c1">(</span><span class="pl-en">flatten</span> <span class="pl-en">e2</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">:</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">mdenote</span> <span class="pl-en">m</span> <span class="pl-en">e1</span> <span class="pl-c1">==</span> <span class="pl-en">mdenote</span> <span class="pl-en">m</span> <span class="pl-en">e2</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">flatten_correct</span> <span class="pl-en">m</span> <span class="pl-en">e1</span><span class="pl-c1">;</span> <span class="pl-en">flatten_correct</span> <span class="pl-en">m</span> <span class="pl-en">e2</span></pre></div>
+<p>This expects that mult, unit, and me have already been normalized</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">reification_aux</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">mult</span> <span class="pl-c1">unit</span> <span class="pl-en">me</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">exp</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">hd</span><span class="pl-c1">,</span> <span class="pl-en">tl</span> <span class="pl-c1">=</span> <span class="pl-en">collect_app_ref</span> <span class="pl-en">me</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">tl</span> <span class="pl-c1">=</span> <span class="pl-en">list_unref</span> <span class="pl-en">tl</span> <span class="pl-k">in</span>
+  <span class="pl-k">match</span> <span class="pl-en">inspect</span> <span class="pl-en">hd</span><span class="pl-c1">,</span> <span class="pl-en">tl</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-en">fv</span><span class="pl-c1">,</span> <span class="pl-c1">[(</span><span class="pl-en">me1</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">)</span> <span class="pl-c1">;</span> <span class="pl-c1">(</span><span class="pl-en">me2</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">)]</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">if</span> <span class="pl-en">term_eq</span> <span class="pl-c1">(</span><span class="pl-en">pack</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_FVar</span> <span class="pl-en">fv</span><span class="pl-c1">))</span> <span class="pl-en">mult</span>
+    <span class="pl-k">then</span> <span class="pl-c1">Mult</span> <span class="pl-c1">(</span><span class="pl-en">reification_aux</span> <span class="pl-en">mult</span> <span class="pl-c1">unit</span> <span class="pl-en">me1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">reification_aux</span> <span class="pl-en">mult</span> <span class="pl-c1">unit</span> <span class="pl-en">me2</span><span class="pl-c1">)</span>
+    <span class="pl-k">else</span> <span class="pl-c1">Var</span> <span class="pl-c1">(</span><span class="pl-en">unquote</span> <span class="pl-en">me</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">if</span> <span class="pl-en">term_eq</span> <span class="pl-en">me</span> <span class="pl-c1">unit</span>
+    <span class="pl-k">then</span> <span class="pl-c1">Unit</span>
+    <span class="pl-k">else</span> <span class="pl-c1">Var</span> <span class="pl-c1">(</span><span class="pl-en">unquote</span> <span class="pl-en">me</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">reification</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">monoid</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">me</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">exp</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">mult</span> <span class="pl-c1">=</span> <span class="pl-en">norm_term</span> <span class="pl-c1">[</span><span class="pl-en">delta</span><span class="pl-c1">;</span><span class="pl-en">zeta</span><span class="pl-c1">;</span><span class="pl-en">iota</span><span class="pl-c1">]</span> <span class="pl-c1">(</span><span class="pl-en">quote</span> <span class="pl-c1">(</span><span class="pl-c1">Monoid</span><span class="pl-c1">?.</span><span class="pl-en">mult</span> <span class="pl-en">m</span><span class="pl-c1">))</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span> <span class="pl-en">norm_term</span> <span class="pl-c1">[</span><span class="pl-en">delta</span><span class="pl-c1">;</span><span class="pl-en">zeta</span><span class="pl-c1">;</span><span class="pl-en">iota</span><span class="pl-c1">]</span> <span class="pl-c1">(</span><span class="pl-en">quote</span> <span class="pl-c1">(</span><span class="pl-c1">Monoid</span><span class="pl-c1">?.unit</span> <span class="pl-en">m</span><span class="pl-c1">))</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">me</span>   <span class="pl-c1">=</span> <span class="pl-en">norm_term</span> <span class="pl-c1">[</span><span class="pl-en">delta</span><span class="pl-c1">;</span><span class="pl-en">zeta</span><span class="pl-c1">;</span><span class="pl-en">iota</span><span class="pl-c1">]</span> <span class="pl-en">me</span> <span class="pl-k">in</span></pre></div>
+<p>dump ("mult = " ^ term_to_string mult ^
+"; unit = " ^ term_to_string unit ^
+"; me   = " ^ term_to_string me);</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">reification_aux</span> <span class="pl-en">mult</span> <span class="pl-c1">unit</span> <span class="pl-en">me</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">canon_monoid</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">monoid</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+  <span class="pl-en">norm</span> <span class="pl-c1">[];</span>
+  <span class="pl-k">let</span> <span class="pl-en">g</span> <span class="pl-c1">=</span> <span class="pl-en">cur_goal</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+  <span class="pl-k">match</span> <span class="pl-en">term_as_formula</span> <span class="pl-en">g</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Comp</span> <span class="pl-c1">(</span><span class="pl-c1">Eq</span> <span class="pl-c1">(</span><span class="pl-c1">Some</span> <span class="pl-en">t</span><span class="pl-c1">))</span> <span class="pl-en">me1</span> <span class="pl-en">me2</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-k">if</span> <span class="pl-en">term_eq</span> <span class="pl-en">t</span> <span class="pl-c1">(</span><span class="pl-en">quote</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-k">then</span>
+        <span class="pl-k">let</span> <span class="pl-en">r1</span> <span class="pl-c1">=</span> <span class="pl-en">reification</span> <span class="pl-en">m</span> <span class="pl-en">me1</span> <span class="pl-k">in</span>
+        <span class="pl-k">let</span> <span class="pl-en">r2</span> <span class="pl-c1">=</span> <span class="pl-en">reification</span> <span class="pl-en">m</span> <span class="pl-en">me2</span> <span class="pl-k">in</span>
+        <span class="pl-en">change_sq</span> <span class="pl-c1">(</span><span class="pl-en">quote</span> <span class="pl-c1">(</span><span class="pl-en">mdenote</span> <span class="pl-en">m</span> <span class="pl-en">r1</span> <span class="pl-c1">==</span> <span class="pl-en">mdenote</span> <span class="pl-en">m</span> <span class="pl-en">r2</span><span class="pl-c1">));</span>
+        <span class="pl-en">apply</span> <span class="pl-c1">(`</span><span class="pl-en">monoid_reflect</span><span class="pl-c1">);</span>
+        <span class="pl-en">norm</span> <span class="pl-c1">[</span><span class="pl-en">delta_only</span> <span class="pl-c1">[</span><span class="pl-s"><span class="pl-pds">"</span>CanonMonoid.mldenote<span class="pl-pds">"</span></span><span class="pl-c1">;</span>
+                          <span class="pl-s"><span class="pl-pds">"</span>CanonMonoid.flatten<span class="pl-pds">"</span></span><span class="pl-c1">;</span>
+                          <span class="pl-s"><span class="pl-pds">"</span>FStar.List.Tot.Base.op_At<span class="pl-pds">"</span></span><span class="pl-c1">;</span>
+                          <span class="pl-s"><span class="pl-pds">"</span>FStar.List.Tot.Base.append<span class="pl-pds">"</span></span><span class="pl-c1">]]</span>
+      <span class="pl-k">else</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>Goal should be an equality at the right monoid type<span class="pl-pds">"</span></span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>Goal should be an equality<span class="pl-pds">"</span></span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lem0</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-en">d</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">assert_by_tactic</span> <span class="pl-c1">(</span><span class="pl-c1">0</span> <span class="pl-c1">+</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span> <span class="pl-c1">+</span> <span class="pl-en">c</span> <span class="pl-c1">+</span> <span class="pl-en">d</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-c1">0</span> <span class="pl-c1">+</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">+</span> <span class="pl-en">c</span> <span class="pl-c1">+</span> <span class="pl-c1">0</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-c1">(</span><span class="pl-en">d</span> <span class="pl-c1">+</span> <span class="pl-c1">0</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">canon_monoid</span> <span class="pl-en">int_plus_monoid</span> <span class="pl-c"><span class="pl-c">(*</span> string_of_int <span class="pl-c">*)</span></span><span class="pl-c1">;</span> <span class="pl-en">trefl</span><span class="pl-c1">())</span></pre></div>
+<p>TODO: would be nice to just find all terms of monoid type in the
+goal and replace them with their canonicalization;
+basically use flatten_correct instead of monoid_reflect
+- even better, the user would have control over the place(s)
+where the canonicalization is done</p>
+
 </body>
 </html>
diff --git a/docs/FStar.Tactics.Common.html b/docs/FStar.Tactics.Common.html
new file mode 100644
index 0000000..464c2bc
--- /dev/null
+++ b/docs/FStar.Tactics.Common.html
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+  <title>FStar.Tactics.Common</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
+</head>
+<body>
+<h1>
+<a id="user-content-fstartacticscommon" class="anchor" href="#fstartacticscommon" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Tactics.Common</h1>
+<p>This module is realized by FStar.Tactics.Common in the F* sources.
+Any change must be reflected there.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">exception</span> <span class="pl-c1">NotAListLiteral</span></pre></div>
+<p>We should attempt to not use this one and define more exceptions
+above.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">exception</span> <span class="pl-c1">TacticFailure</span> <span class="pl-en">of</span> <span class="pl-c1">string</span></pre></div>
+
+</body>
+</html>
diff --git a/docs/FStar.Tactics.Derived.html b/docs/FStar.Tactics.Derived.html
index 18acb39..fa6d72b 100644
--- a/docs/FStar.Tactics.Derived.html
+++ b/docs/FStar.Tactics.Derived.html
@@ -1,114 +1,958 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Tactics.Derived</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.tactics.derived">module FStar.Tactics.Derived</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((_cur_goal ()):(Tac goal)):<span class="kw">match</span> goals () <span class="kw">with</span> []  -&gt; fail <span class="st">&quot;no more goals&quot;</span> | (Prims<span class="kw">.</span>Cons g _)  -&gt; g</code></pre></div>
+<h1>
+<a id="user-content-fstartacticsderived" class="anchor" href="#fstartacticsderived" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Tactics.Derived</h1>
+<ul>
+<li>Opens module <a href="FStar.List.Tot.html">FStar.List.Tot</a>
+</li>
+<li>Opens module <a href="FStar.Reflection.html">FStar.Reflection</a>
+</li>
+<li>Opens module <a href="FStar.Reflection.Formula.html">FStar.Reflection.Formula</a>
+</li>
+<li>Opens module <a href="FStar.Tactics.Types.html">FStar.Tactics.Types</a>
+</li>
+<li>Opens module <a href="FStar.Tactics.Effect.html">FStar.Tactics.Effect</a>
+</li>
+<li>Opens module <a href="FStar.Tactics.Builtins.html">FStar.Tactics.Builtins</a>
+</li>
+<li>Opens module <a href="FStar.Tactics.Result.html">FStar.Tactics.Result</a>
+</li>
+<li>Opens module <a href="FStar.Tactics.Util.html">FStar.Tactics.Util</a>
+</li>
+<li>Opens module <a href="FStar.Tactics.SyntaxHelpers.html">FStar.Tactics.SyntaxHelpers</a>
+</li>
+<li>Aliases module <a href="FStar.List.Tot.html"> FStar.List.Tot</a> as <code>L </code>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">exception</span> <span class="pl-c1">Goal_not_trivial</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">goals</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-en">goal</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">goals_of</span> <span class="pl-c1">(</span><span class="pl-en">get</span> <span class="pl-c1">())</span>
+<span class="pl-k">let</span> <span class="pl-en">smt_goals</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-en">goal</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">smt_goals_of</span> <span class="pl-c1">(</span><span class="pl-en">get</span> <span class="pl-c1">())</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">fail</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:string)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">raise</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-c1">TacticFailure</span> <span class="pl-en">m</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">fail_silently</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:string)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">set_urgency</span> <span class="pl-c1">0</span><span class="pl-c1">;</span>
+  <span class="pl-en">raise</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-c1">TacticFailure</span> <span class="pl-en">m</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-_cur_goal" class="anchor" href="#_cur_goal" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>_cur_goal</h4>
 <p>Return the current <em>goal</em>, not its type. (Ignores SMT goals)</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((cur_env ()):(Tac env)):goal_env (_cur_goal ())</code></pre></div>
-<p>[cur_env] returns the current goal's environment</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((cur_goal ()):(Tac typ)):goal_type (_cur_goal ())</code></pre></div>
-<p>[cur_goal] returns the current goal's type</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((cur_witness ()):(Tac term)):goal_witness (_cur_goal ())</code></pre></div>
-<p>[cur_witness] returns the current goal's witness</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((cur_goal_safe ()):(TacH goal ((requires ((<span class="kw">fun</span> ps -&gt; ~((==(goals_of ps, (Prims<span class="kw">.</span>Nil )))))))) ((ensures ((<span class="kw">fun</span> ps0 r -&gt; exists g.{:pattern } ==(r, (Success g ps0)))))))):<span class="kw">match</span> goals_of (get ()) <span class="kw">with</span> (Prims<span class="kw">.</span>Cons g _)  -&gt; g</code></pre></div>
-<p>[cur_goal_safe] will always return the current goal, without failing. It must be statically verified that there indeed is a goal in order to call it.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((cur_binders ()):(Tac binders)):binders_of_env (cur_env ())</code></pre></div>
-<p>[cur_binders] returns the list of binders in the current goal.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((with_policy pol (f:Unidentified product: [<span class="dt">unit</span>] (Tac &#39;a))):(Tac &#39;a)):<span class="kw">let</span>  old_pol = get_guard_policy () <span class="kw">in</span> set_guard_policy pol; <span class="kw">let</span>  r = f () <span class="kw">in</span> set_guard_policy old_pol; r</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">_cur_goal</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">goal</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">goals</span> <span class="pl-c1">()</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span>   <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>no more goals<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-en">g</span><span class="pl-c1">::</span><span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">g</span></pre></div>
+<h4>
+<a id="user-content-cur_env" class="anchor" href="#cur_env" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>cur_env</h4>
+<p><a href="#cur_env"><code>cur_env</code></a> returns the current goal's environment</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">cur_env</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">env</span> <span class="pl-c1">=</span> <span class="pl-en">goal_env</span> <span class="pl-c1">(</span><span class="pl-en">_cur_goal</span> <span class="pl-c1">())</span></pre></div>
+<h4>
+<a id="user-content-cur_goal" class="anchor" href="#cur_goal" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>cur_goal</h4>
+<p><a href="#cur_goal"><code>cur_goal</code></a> returns the current goal's type</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">cur_goal</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">typ</span> <span class="pl-c1">=</span> <span class="pl-en">goal_type</span> <span class="pl-c1">(</span><span class="pl-en">_cur_goal</span> <span class="pl-c1">())</span></pre></div>
+<h4>
+<a id="user-content-cur_witness" class="anchor" href="#cur_witness" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>cur_witness</h4>
+<p><a href="#cur_witness"><code>cur_witness</code></a> returns the current goal's witness</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">cur_witness</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span> <span class="pl-c1">=</span> <span class="pl-en">goal_witness</span> <span class="pl-c1">(</span><span class="pl-en">_cur_goal</span> <span class="pl-c1">())</span></pre></div>
+<h4>
+<a id="user-content-cur_goal_safe" class="anchor" href="#cur_goal_safe" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>cur_goal_safe</h4>
+<p><a href="#cur_goal_safe"><code>cur_goal_safe</code></a> will always return the current goal, without failing.
+It must be statically verified that there indeed is a goal in order to
+call it.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">cur_goal_safe</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">TacH</span> <span class="pl-en">goal</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">ps</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">~(</span><span class="pl-en">goals_of</span> <span class="pl-en">ps</span> <span class="pl-c1">==</span> <span class="pl-c1">[])))</span>
+                                 <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">ps0</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">exists</span> <span class="pl-en">g</span><span class="pl-c1">.</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-c1">Success</span> <span class="pl-en">g</span> <span class="pl-en">ps0</span><span class="pl-c1">))</span>
+ <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">goals_of</span> <span class="pl-c1">(</span><span class="pl-en">get</span> <span class="pl-c1">())</span> <span class="pl-k">with</span>
+   <span class="pl-c1">|</span> <span class="pl-en">g</span> <span class="pl-c1">::</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">g</span></pre></div>
+<h4>
+<a id="user-content-cur_binders" class="anchor" href="#cur_binders" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>cur_binders</h4>
+<p><a href="#cur_binders"><code>cur_binders</code></a> returns the list of binders in the current goal.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">cur_binders</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">binders</span> <span class="pl-c1">=</span>
+    <span class="pl-en">binders_of_env</span> <span class="pl-c1">(</span><span class="pl-en">cur_env</span> <span class="pl-c1">())</span></pre></div>
+<h4>
+<a id="user-content-with_policy" class="anchor" href="#with_policy" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>with_policy</h4>
 <p>Set the guard policy only locally, without affecting calling code</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((dismiss ()):(Tac <span class="dt">unit</span>)):<span class="kw">match</span> goals () <span class="kw">with</span> []  -&gt; fail <span class="st">&quot;dismiss: no more goals&quot;</span> | (Prims<span class="kw">.</span>Cons _ gs)  -&gt; set_goals gs</code></pre></div>
-<p>Ignore the current goal. If left unproven, this will fail after the tactic finishes.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((flip ()):(Tac <span class="dt">unit</span>)):<span class="kw">let</span>  gs = goals () <span class="kw">in</span> <span class="kw">match</span> goals () <span class="kw">with</span> []|
- [_]  -&gt; fail <span class="st">&quot;flip: less than two goals&quot;</span> | (Prims<span class="kw">.</span>Cons g1 (Prims<span class="kw">.</span>Cons g2 gs))  -&gt; set_goals ((Prims<span class="kw">.</span>Cons g2 (Prims<span class="kw">.</span>Cons g1 gs)))</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">with_policy</span> <span class="pl-en">pol</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'a</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">old_pol</span> <span class="pl-c1">=</span> <span class="pl-en">get_guard_policy</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+    <span class="pl-en">set_guard_policy</span> <span class="pl-en">pol</span><span class="pl-c1">;</span>
+    <span class="pl-k">let</span> <span class="pl-en">r</span> <span class="pl-c1">=</span> <span class="pl-en">f</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+    <span class="pl-en">set_guard_policy</span> <span class="pl-en">old_pol</span><span class="pl-c1">;</span>
+    <span class="pl-en">r</span></pre></div>
+<h4>
+<a id="user-content-exact" class="anchor" href="#exact" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>exact</h4>
+<p><code>exact e</code> will solve a goal <code>Gamma |- w : t</code> if <code>e</code> has type exactly
+<code>t</code> in <code>Gamma</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">exact</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">with_policy</span> <span class="pl-c1">SMT</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t_exact</span> <span class="pl-c1">true</span> <span class="pl-c1">false</span> <span class="pl-en">t</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-exact_with_ref" class="anchor" href="#exact_with_ref" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>exact_with_ref</h4>
+<p><code>exact_with_ref e</code> will solve a goal <code>Gamma |- w : t</code> if <code>e</code> has
+type <code>t'</code> where <code>t'</code> is a subtype of <code>t</code> in <code>Gamma</code>. This is a more
+flexible variant of <a href="#exact"><code>exact</code></a>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">exact_with_ref</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">with_policy</span> <span class="pl-c1">SMT</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t_exact</span> <span class="pl-c1">true</span> <span class="pl-c1">true</span> <span class="pl-en">t</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">trivial</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+  <span class="pl-en">norm</span> <span class="pl-c1">[</span><span class="pl-en">iota</span><span class="pl-c1">;</span> <span class="pl-en">zeta</span><span class="pl-c1">;</span> <span class="pl-en">reify_</span><span class="pl-c1">;</span> <span class="pl-en">delta</span><span class="pl-c1">;</span> <span class="pl-en">primops</span><span class="pl-c1">;</span> <span class="pl-en">simplify</span><span class="pl-c1">;</span> <span class="pl-en">unmeta</span><span class="pl-c1">];</span>
+  <span class="pl-k">let</span> <span class="pl-en">g</span> <span class="pl-c1">=</span> <span class="pl-en">cur_goal</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+  <span class="pl-k">match</span> <span class="pl-en">term_as_formula</span> <span class="pl-en">g</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">True_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">exact</span> <span class="pl-c1">(`())</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">raise</span> <span class="pl-c1">Goal_not_trivial</span></pre></div>
+<p>Another hook to just run a tactic without goals, just by reusing <code>with_tactic</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">run_tactic</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">unit</span>
+         <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">set_range_of</span> <span class="pl-c1">(</span><span class="pl-en">with_tactic</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">trivial</span> <span class="pl-c1">();</span> <span class="pl-en">t</span> <span class="pl-c1">())</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">True</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">range_of</span> <span class="pl-en">t</span><span class="pl-c1">)))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<h4>
+<a id="user-content-dismiss" class="anchor" href="#dismiss" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>dismiss</h4>
+<p>Ignore the current goal. If left unproven, this will fail after
+the tactic finishes.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">dismiss</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">goals</span> <span class="pl-c1">()</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>dismiss: no more goals<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">::</span><span class="pl-en">gs</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">set_goals</span> <span class="pl-en">gs</span></pre></div>
+<h4>
+<a id="user-content-flip" class="anchor" href="#flip" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>flip</h4>
 <p>Flip the order of the first two goals.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((qed ()):(Tac <span class="dt">unit</span>)):<span class="kw">match</span> goals () <span class="kw">with</span> []  -&gt; () | _  -&gt; fail <span class="st">&quot;qed: not done!&quot;</span></code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">flip</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">gs</span> <span class="pl-c1">=</span> <span class="pl-en">goals</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+    <span class="pl-k">match</span> <span class="pl-en">goals</span> <span class="pl-c1">()</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">|</span> <span class="pl-c1">[</span><span class="pl-c1">_</span><span class="pl-c1">]</span>   <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>flip: less than two goals<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-en">g1</span><span class="pl-c1">::</span><span class="pl-en">g2</span><span class="pl-c1">::</span><span class="pl-en">gs</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">set_goals</span> <span class="pl-c1">(</span><span class="pl-en">g2</span><span class="pl-c1">::</span><span class="pl-en">g1</span><span class="pl-c1">::</span><span class="pl-en">gs</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-qed" class="anchor" href="#qed" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>qed</h4>
 <p>Succeed if there are no more goals left, and fail otherwise.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((debug (m:<span class="dt">string</span>)):(Tac <span class="dt">unit</span>)):<span class="kw">if</span> debugging () <span class="kw">then</span> print m <span class="kw">else</span> ()</code></pre></div>
-<p>[debug str] is similar to [print str], but will only print the message if the [--debug] option was given for the current module AND [--debug_level Tac] is on.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((smt ()):(Tac <span class="dt">unit</span>)):<span class="kw">match</span> (FStar<span class="kw">.</span>Pervasives<span class="kw">.</span>Native<span class="kw">.</span>Mktuple2 goals () smt_goals ()) <span class="kw">with</span> ([], _)  -&gt; fail <span class="st">&quot;smt: no active goals&quot;</span> | ((Prims<span class="kw">.</span>Cons g gs), gs&#39;)  -&gt; set_goals gs; set_smt_goals ((Prims<span class="kw">.</span>Cons g gs&#39;))</code></pre></div>
-<p>[smt] will mark the current goal for being solved through the SMT. This does not immediately run the SMT: it just dumps the goal in the SMT bin. Note, if you dump a proof-relevant goal there, the engine will later raise an error.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((later ()):(Tac <span class="dt">unit</span>)):<span class="kw">match</span> goals () <span class="kw">with</span> (Prims<span class="kw">.</span>Cons g gs)  -&gt; set_goals (@(gs, (Prims<span class="kw">.</span>Cons g (Prims<span class="kw">.</span>Nil )))) | _  -&gt; fail <span class="st">&quot;later: no goals&quot;</span></code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">qed</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">goals</span> <span class="pl-c1">()</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>qed: not done!<span class="pl-pds">"</span></span></pre></div>
+<h4>
+<a id="user-content-debug" class="anchor" href="#debug" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>debug</h4>
+<p><code>debug str</code> is similar to <code>print str</code>, but will only print the message
+if the <code>--debug</code> option was given for the current module AND
+<code>--debug_level Tac</code> is on.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">debug</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:string)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-k">if</span> <span class="pl-en">debugging</span> <span class="pl-c1">()</span> <span class="pl-k">then</span> <span class="pl-en">print</span> <span class="pl-en">m</span></pre></div>
+<h4>
+<a id="user-content-smt" class="anchor" href="#smt" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>smt</h4>
+<p><a href="#smt"><code>smt</code></a> will mark the current goal for being solved through the SMT.
+This does not immediately run the SMT: it just dumps the goal in the
+SMT bin. Note, if you dump a proof-relevant goal there, the engine will
+later raise an error.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">smt</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">goals</span> <span class="pl-c1">(),</span> <span class="pl-en">smt_goals</span> <span class="pl-c1">()</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[],</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>smt: no active goals<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-en">g</span><span class="pl-c1">::</span><span class="pl-en">gs</span><span class="pl-c1">,</span> <span class="pl-en">gs'</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">begin</span>
+        <span class="pl-en">set_goals</span> <span class="pl-en">gs</span><span class="pl-c1">;</span>
+        <span class="pl-en">set_smt_goals</span> <span class="pl-c1">(</span><span class="pl-en">g</span> <span class="pl-c1">::</span> <span class="pl-en">gs'</span><span class="pl-c1">)</span>
+        <span class="pl-k">end</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">idtac</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<h4>
+<a id="user-content-later" class="anchor" href="#later" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>later</h4>
 <p>Push the current goal to the back.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((exact (t:term)):(Tac <span class="dt">unit</span>)):with_policy SMT ((<span class="kw">fun</span> () -&gt; t_exact <span class="kw">true</span> <span class="kw">false</span> t))</code></pre></div>
-<p>[exact e] will solve a goal [Gamma |- w : t] if [e] has type exactly [t] in [Gamma].</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((exact_with_ref (t:term)):(Tac <span class="dt">unit</span>)):with_policy SMT ((<span class="kw">fun</span> () -&gt; t_exact <span class="kw">true</span> <span class="kw">true</span> t))</code></pre></div>
-<p>[exact_with_ref e] will solve a goal [Gamma |- w : t] if [e] has type [t'] where [t'] is a subtype of [t] in [Gamma]. This is a more flexible variant of [exact].</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((apply (t:term)):(Tac <span class="dt">unit</span>)):t_apply <span class="kw">true</span> <span class="kw">false</span> t</code></pre></div>
-<p>[apply f] will attempt to produce a solution to the goal by an application of [f] to any amount of arguments (which need to be solved as further goals). The amount of arguments introduced is the least such that [f a_i] unifies with the goal's type.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((apply_raw (t:term)):(Tac <span class="dt">unit</span>)):t_apply <span class="kw">false</span> <span class="kw">false</span> t</code></pre></div>
-<p>[apply_raw f] is like [apply], but will ask for all arguments regardless of whether they appear free in further goals. See the explanation in [t_apply].</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((exact_guard (t:term)):(Tac <span class="dt">unit</span>)):with_policy Goal ((<span class="kw">fun</span> () -&gt; t_exact <span class="kw">true</span> <span class="kw">false</span> t))</code></pre></div>
-<p>Like [exact], but allows for the term [e] to have a type [t] only under some guard [g], adding the guard as a goal.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((divide (n:<span class="dt">int</span>) (l:Unidentified product: [<span class="dt">unit</span>] (Tac &#39;a)) (r:Unidentified product: [<span class="dt">unit</span>] (Tac &#39;b))):(Tac <span class="co">(*(&#39;a, &#39;b)))):if &lt;(n, 0) then fail &quot;divide: negative n&quot; else (); let  (gs, sgs) = (FStar.Pervasives.Native.Mktuple2 goals () smt_goals ()) in let  (gs1, gs2) = List.Tot.splitAt n gs in set_goals gs1; set_smt_goals (Prims.Nil ); let  x = l () in let  (gsl, sgsl) = (FStar.Pervasives.Native.Mktuple2 goals () smt_goals ()) in set_goals gs2; set_smt_goals (Prims.Nil ); let  y = r () in let  (gsr, sgsr) = (FStar.Pervasives.Native.Mktuple2 goals () smt_goals ()) in set_goals (@(gsl, gsr)); set_smt_goals (@(sgs, @(sgsl, sgsr))); ((FStar.Pervasives.Native.Mktuple2 x y))</span></code></pre></div>
-<p>[divide n t1 t2] will split the current set of goals into the [n] first ones, and the rest. It then runs [t1] on the first set, and [t2] on the second, returning both results (and concatenating remaining goals).</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((focus (t:Unidentified product: [<span class="dt">unit</span>] (Tac &#39;a))):(Tac &#39;a)):<span class="kw">match</span> goals () <span class="kw">with</span> []  -&gt; fail <span class="st">&quot;focus: no goals&quot;</span> | (Prims<span class="kw">.</span>Cons g gs)  -&gt; <span class="kw">let</span>  sgs = smt_goals () <span class="kw">in</span> set_goals (Prims<span class="kw">.</span>Cons g (Prims<span class="kw">.</span>Nil )); set_smt_goals (Prims<span class="kw">.</span>Nil ); <span class="kw">let</span>  x = t () <span class="kw">in</span> set_goals (@(goals (), gs)); set_smt_goals (@(smt_goals (), sgs)); x</code></pre></div>
-<p>[focus t] runs [t ()] on the current active goal, hiding all others and restoring them at the end.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> (dump1 (m:<span class="dt">string</span>)):focus ((<span class="kw">fun</span> () -&gt; dump m))</code></pre></div>
-<p>Similar to [dump], but only dumping the current goal.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((<span class="dt">seq</span> (f:Unidentified product: [<span class="dt">unit</span>] (Tac <span class="dt">unit</span>)) (g:Unidentified product: [<span class="dt">unit</span>] (Tac <span class="dt">unit</span>))):(Tac <span class="dt">unit</span>)):focus ((<span class="kw">fun</span> () -&gt; f (); iterAll g))</code></pre></div>
-<p>Runs tactic [t1] on the current goal, and then tactic [t2] on <em>each</em> subgoal produced by [t1]. Each invocation of [t2] runs on a proofstate with a single goal (they're &quot;focused&quot;).</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((ngoals ()):(Tac <span class="dt">int</span>)):List<span class="kw">.</span>length (goals ())</code></pre></div>
-<p>[ngoals ()] returns the number of goals</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((ngoals_smt ()):(Tac <span class="dt">int</span>)):List<span class="kw">.</span>length (smt_goals ())</code></pre></div>
-<p>[ngoals_smt ()] returns the number of SMT goals</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> (join_all_smt_goals ()):<span class="kw">let</span>  (gs, sgs) = (FStar<span class="kw">.</span>Pervasives<span class="kw">.</span>Native<span class="kw">.</span>Mktuple2 goals () smt_goals ()) <span class="kw">in</span> set_smt_goals (Prims<span class="kw">.</span>Nil ); set_goals sgs; repeat&#39; join; <span class="kw">let</span>  sgs&#39; = goals () <span class="kw">in</span> set_goals gs; set_smt_goals sgs&#39;</code></pre></div>
-<p>Join all of the SMT goals into one. This helps when all of them are expected to be similar, and therefore easier to prove at once by the SMT solver. TODO: would be nice to try to join them in a more meaningful way, as the order can matter.</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((is_guard ()):(Tac <span class="dt">bool</span>)):Tactics<span class="kw">.</span>Types<span class="kw">.</span>is_guard (_cur_goal ())</code></pre></div>
-<p>[is_guard] returns whether the current goal arised from a typechecking guard</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((rewrite&#39; (b:binder)):(Tac <span class="dt">unit</span>)):(&lt;|&gt;(&lt;|&gt;(((<span class="kw">fun</span> () -&gt; rewrite b)), ((<span class="kw">fun</span> () -&gt; binder_retype b; apply_lemma ((`(__eq_sym))); rewrite b))), ((<span class="kw">fun</span> () -&gt; fail <span class="st">&quot;rewrite&#39; failed&quot;</span>)))) ()</code></pre></div>
-<p>Like [rewrite], but works with equalities [v == e] and [e == v]</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((l_to_r (lems:list term)):(Tac <span class="dt">unit</span>)):<span class="kw">let</span>  ((first_or_trefl ()):(Tac <span class="dt">unit</span>)) = fold_left ((<span class="kw">fun</span> k l () -&gt; or_else ((<span class="kw">fun</span> () -&gt; apply_lemma l)) k)) trefl lems () <span class="kw">in</span> pointwise first_or_trefl</code></pre></div>
-<p>Rewrites left-to-right, and bottom-up, given a set of lemmas stating equalities. The lemmas need to prove <em>propositional</em> equalities, that is, using [==].</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((grewrite_eq (b:binder)):(Tac <span class="dt">unit</span>)):<span class="kw">match</span> term_as_formula (type_of_binder b) <span class="kw">with</span> (Comp (Eq _) l r)  -&gt; grewrite l r; iseq (Prims<span class="kw">.</span>Cons idtac (Prims<span class="kw">.</span>Cons ((<span class="kw">fun</span> () -&gt; exact (binder_to_term b))) (Prims<span class="kw">.</span>Nil ))) | _  -&gt; fail <span class="st">&quot;failed in grewrite_eq&quot;</span></code></pre></div>
-<p>A wrapper to [grewrite] which takes a binder of an equality type</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((branch_on_match ()):(Tac <span class="dt">unit</span>)):focus ((<span class="kw">fun</span> () -&gt; <span class="kw">let</span>  x = get_match_body () <span class="kw">in</span> <span class="kw">let</span>  _ = t_destruct x <span class="kw">in</span> iterAll ((<span class="kw">fun</span> () -&gt; <span class="kw">let</span>  bs = repeat intro <span class="kw">in</span> <span class="kw">let</span>  b = last bs <span class="kw">in</span> grewrite_eq b; norm (Prims<span class="kw">.</span>Cons iota (Prims<span class="kw">.</span>Nil ))))))</code></pre></div>
-<p>When the goal is [match e with | p1 -&gt; e1 ... | pn -&gt; en], destruct it into [n] goals for each possible case, including an hypothesis for [e] matching the correposnding pattern.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">later</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">goals</span> <span class="pl-c1">()</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-en">g</span><span class="pl-c1">::</span><span class="pl-en">gs</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">set_goals</span> <span class="pl-c1">(</span><span class="pl-en">gs</span> @ <span class="pl-c1">[</span><span class="pl-en">g</span><span class="pl-c1">])</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>later: no goals<span class="pl-pds">"</span></span></pre></div>
+<h4>
+<a id="user-content-apply" class="anchor" href="#apply" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>apply</h4>
+<p><code>apply f</code> will attempt to produce a solution to the goal by an application
+of <code>f</code> to any amount of arguments (which need to be solved as further goals).
+The amount of arguments introduced is the least such that <code>f a_i</code> unifies
+with the goal's type.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">apply</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">t_apply</span> <span class="pl-c1">true</span> <span class="pl-c1">false</span> <span class="pl-en">t</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">apply_noinst</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">t_apply</span> <span class="pl-c1">true</span> <span class="pl-c1">true</span> <span class="pl-en">t</span></pre></div>
+<h4>
+<a id="user-content-apply_lemma" class="anchor" href="#apply_lemma" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>apply_lemma</h4>
+<p><code>apply_lemma l</code> will solve a goal of type <code>squash phi</code> when <code>l</code> is a
+Lemma ensuring <code>phi</code>. The arguments to <code>l</code> and its requires clause are
+introduced as new goals. As a small optimization, <code>unit</code> arguments are
+discharged by the engine. Just a thin wrapper around <code>t_apply_lemma</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">apply_lemma</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">t_apply_lemma</span> <span class="pl-c1">false</span> <span class="pl-c1">false</span> <span class="pl-en">t</span></pre></div>
+<h4>
+<a id="user-content-trefl" class="anchor" href="#trefl" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>trefl</h4>
+<p>See docs for <code>t_trefl</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">trefl</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+  <span class="pl-en">t_trefl</span> <span class="pl-c1">false</span></pre></div>
+<h4>
+<a id="user-content-trefl_guard" class="anchor" href="#trefl_guard" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>trefl_guard</h4>
+<p>See docs for <code>t_trefl</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">trefl_guard</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+  <span class="pl-en">t_trefl</span> <span class="pl-c1">true</span></pre></div>
+<h4>
+<a id="user-content-commute_applied_match" class="anchor" href="#commute_applied_match" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>commute_applied_match</h4>
+<p>See docs for <code>t_commute_applied_match</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">commute_applied_match</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+  <span class="pl-en">t_commute_applied_match</span> <span class="pl-c1">()</span></pre></div>
+<h4>
+<a id="user-content-apply_lemma_noinst" class="anchor" href="#apply_lemma_noinst" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>apply_lemma_noinst</h4>
+<p>Similar to <a href="#apply_lemma"><code>apply_lemma</code></a>, but will not instantiate uvars in the
+goal while applying.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">apply_lemma_noinst</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">t_apply_lemma</span> <span class="pl-c1">true</span> <span class="pl-c1">false</span> <span class="pl-en">t</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">apply_lemma_rw</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">t_apply_lemma</span> <span class="pl-c1">false</span> <span class="pl-c1">true</span> <span class="pl-en">t</span></pre></div>
+<h4>
+<a id="user-content-apply_raw" class="anchor" href="#apply_raw" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>apply_raw</h4>
+<p><code>apply_raw f</code> is like <a href="#apply"><code>apply</code></a>, but will ask for all arguments
+regardless of whether they appear free in further goals. See the
+explanation in <code>t_apply</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">apply_raw</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">t_apply</span> <span class="pl-c1">false</span> <span class="pl-c1">false</span> <span class="pl-en">t</span></pre></div>
+<h4>
+<a id="user-content-exact_guard" class="anchor" href="#exact_guard" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>exact_guard</h4>
+<p>Like <a href="#exact"><code>exact</code></a>, but allows for the term <code>e</code> to have a type <code>t</code> only
+under some guard <code>g</code>, adding the guard as a goal.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">exact_guard</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">with_policy</span> <span class="pl-c1">Goal</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t_exact</span> <span class="pl-c1">true</span> <span class="pl-c1">false</span> <span class="pl-en">t</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-t_pointwise" class="anchor" href="#t_pointwise" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>t_pointwise</h4>
+<p>(TODO: explain bettter) When running <code>pointwise tau</code> For every
+subterm <code>t'</code> of the goal's type <code>t</code>, the engine will build a goal <code>Gamma |= t' == ?u</code> and run <code>tau</code> on it. When the tactic proves the goal,
+the engine will rewrite <code>t'</code> for <code>?u</code> in the original goal type. This
+is done for every subterm, bottom-up. This allows to recurse over an
+unknown goal type. By inspecting the goal, the <code>tau</code> can then decide
+what to do (to not do anything, use <a href="#trefl"><code>trefl</code></a>).</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">t_pointwise</span> <span class="pl-c1">(</span><span class="pl-en">d</span><span class="pl-c1">:</span><span class="pl-en">direction</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">tau</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">ctrl</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(bool</span> <span class="pl-c1">&amp;</span> <span class="pl-en">ctrl_flag</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-c1">true</span><span class="pl-c1">,</span> <span class="pl-c1">Continue</span>
+  <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">rw</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">tau</span> <span class="pl-c1">()</span>
+  <span class="pl-k">in</span>
+  <span class="pl-en">ctrl_rewrite</span> <span class="pl-en">d</span> <span class="pl-en">ctrl</span> <span class="pl-en">rw</span></pre></div>
+<h4>
+<a id="user-content-topdown_rewrite" class="anchor" href="#topdown_rewrite" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>topdown_rewrite</h4>
+<p><code>topdown_rewrite ctrl rw</code> is used to rewrite those sub-terms <code>t</code>
+of the goal on which <code>fst (ctrl t)</code> returns true.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">topdown_rewrite</span> <span class="pl-c1">(</span><span class="pl-en">ctrl</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(bool</span> * <span class="pl-c1">int))</span>
+                    <span class="pl-c1">(</span><span class="pl-en">rw</span><span class="pl-c1">:unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span>
+  <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-en">ctrl'</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(bool</span> <span class="pl-c1">&amp;</span> <span class="pl-en">ctrl_flag</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+      <span class="pl-k">let</span> <span class="pl-en">b</span><span class="pl-c1">,</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">ctrl</span> <span class="pl-en">t</span> <span class="pl-k">in</span>
+      <span class="pl-k">let</span> <span class="pl-en">f</span> <span class="pl-c1">=</span>
+        <span class="pl-k">match</span> <span class="pl-en">i</span> <span class="pl-k">with</span>
+        <span class="pl-c1">|</span> <span class="pl-c1">0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Continue</span>
+        <span class="pl-c1">|</span> <span class="pl-c1">1</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Skip</span>
+        <span class="pl-c1">|</span> <span class="pl-c1">2</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Abort</span>
+        <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>topdown_rewrite: bad value from ctrl<span class="pl-pds">"</span></span>
+      <span class="pl-k">in</span>
+      <span class="pl-en">b</span><span class="pl-c1">,</span> <span class="pl-en">f</span>
+    <span class="pl-k">in</span>
+    <span class="pl-en">ctrl_rewrite</span> <span class="pl-c1">TopDown</span> <span class="pl-en">ctrl'</span> <span class="pl-en">rw</span></pre></div>
+<p>On each such sub-term, <code>rw</code> is presented with an equality of goal
+of the form <code>Gamma |= t == ?u</code>. When <code>rw</code> proves the goal,
+the engine will rewrite <code>t</code> for <code>?u</code> in the original goal
+type.</p>
+<p>The goal formula is traversed top-down and the traversal can be
+controlled by <code>snd (ctrl t)</code>:</p>
+<p>When <code>snd (ctrl t) = 0</code>, the traversal continues down through the
+position in the goal term.</p>
+<p>When <code>snd (ctrl t) = 1</code>, the traversal continues to the next
+sub-tree of the goal.</p>
+<p>When <code>snd (ctrl t) = 2</code>, no more rewrites are performed in the
+goal.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">pointwise</span>  <span class="pl-c1">(</span><span class="pl-en">tau</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span> <span class="pl-en">t_pointwise</span> <span class="pl-c1">BottomUp</span> <span class="pl-en">tau</span>
+<span class="pl-k">let</span> <span class="pl-en">pointwise'</span> <span class="pl-c1">(</span><span class="pl-en">tau</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span> <span class="pl-en">t_pointwise</span> <span class="pl-c1">TopDown</span>  <span class="pl-en">tau</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">cur_module</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">name</span> <span class="pl-c1">=</span>
+    <span class="pl-en">moduleof</span> <span class="pl-c1">(</span><span class="pl-en">top_env</span> <span class="pl-c1">())</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">open_modules</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-en">name</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-en">env_open_modules</span> <span class="pl-c1">(</span><span class="pl-en">top_env</span> <span class="pl-c1">())</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">repeatn</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-k">if</span> <span class="pl-en">n</span> &lt;<span class="pl-c1">=</span> <span class="pl-c1">0</span>
+    <span class="pl-k">then</span> <span class="pl-c1">[]</span>
+    <span class="pl-k">else</span> <span class="pl-en">t</span> <span class="pl-c1">()</span> <span class="pl-c1">::</span> <span class="pl-en">repeatn</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">t</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">fresh_uvar</span> <span class="pl-c1">(</span><span class="pl-en">o</span> <span class="pl-c1">:</span> <span class="pl-en">option</span> <span class="pl-en">typ</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">e</span> <span class="pl-c1">=</span> <span class="pl-en">cur_env</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+    <span class="pl-en">uvar_env</span> <span class="pl-en">e</span> <span class="pl-en">o</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">unify</span> <span class="pl-c1">(</span><span class="pl-en">t1</span> <span class="pl-en">t2</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">e</span> <span class="pl-c1">=</span> <span class="pl-en">cur_env</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+    <span class="pl-en">unify_env</span> <span class="pl-en">e</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">unify_guard</span> <span class="pl-c1">(</span><span class="pl-en">t1</span> <span class="pl-en">t2</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">e</span> <span class="pl-c1">=</span> <span class="pl-en">cur_env</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+    <span class="pl-en">unify_guard_env</span> <span class="pl-en">e</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">tmatch</span> <span class="pl-c1">(</span><span class="pl-en">t1</span> <span class="pl-en">t2</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">e</span> <span class="pl-c1">=</span> <span class="pl-en">cur_env</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+    <span class="pl-en">match_env</span> <span class="pl-en">e</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span></pre></div>
+<h4>
+<a id="user-content-divide" class="anchor" href="#divide" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>divide</h4>
+<p><code>divide n t1 t2</code> will split the current set of goals into the <code>n</code>
+first ones, and the rest. It then runs <code>t1</code> on the first set, and <code>t2</code>
+on the second, returning both results (and concatenating remaining goals).</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">divide</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">l</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">r</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> * <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-k">if</span> <span class="pl-en">n</span> &lt; <span class="pl-c1">0</span> <span class="pl-k">then</span>
+      <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>divide: negative n<span class="pl-pds">"</span></span><span class="pl-c1">;</span>
+    <span class="pl-k">let</span> <span class="pl-en">gs</span><span class="pl-c1">,</span> <span class="pl-en">sgs</span> <span class="pl-c1">=</span> <span class="pl-en">goals</span> <span class="pl-c1">(),</span> <span class="pl-en">smt_goals</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">gs1</span><span class="pl-c1">,</span> <span class="pl-en">gs2</span> <span class="pl-c1">=</span> <span class="pl-smi">List.Tot.Base.</span><span class="pl-en">splitAt</span> <span class="pl-en">n</span> <span class="pl-en">gs</span> <span class="pl-k">in</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">set_goals</span> <span class="pl-en">gs1</span><span class="pl-c1">;</span> <span class="pl-en">set_smt_goals</span> <span class="pl-c1">[];</span>
+<span class="pl-k">let</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">l</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+<span class="pl-k">let</span> <span class="pl-en">gsl</span><span class="pl-c1">,</span> <span class="pl-en">sgsl</span> <span class="pl-c1">=</span> <span class="pl-en">goals</span> <span class="pl-c1">(),</span> <span class="pl-en">smt_goals</span> <span class="pl-c1">()</span> <span class="pl-k">in</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">set_goals</span> <span class="pl-en">gs2</span><span class="pl-c1">;</span> <span class="pl-en">set_smt_goals</span> <span class="pl-c1">[];</span>
+<span class="pl-k">let</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">r</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+<span class="pl-k">let</span> <span class="pl-en">gsr</span><span class="pl-c1">,</span> <span class="pl-en">sgsr</span> <span class="pl-c1">=</span> <span class="pl-en">goals</span> <span class="pl-c1">(),</span> <span class="pl-en">smt_goals</span> <span class="pl-c1">()</span> <span class="pl-k">in</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">set_goals</span> <span class="pl-c1">(</span><span class="pl-en">gsl</span> @ <span class="pl-en">gsr</span><span class="pl-c1">);</span> <span class="pl-en">set_smt_goals</span> <span class="pl-c1">(</span><span class="pl-en">sgs</span> @ <span class="pl-en">sgsl</span> @ <span class="pl-en">sgsr</span><span class="pl-c1">);</span>
+<span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">iseq</span> <span class="pl-c1">(</span><span class="pl-en">ts</span> <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">(unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit))</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">ts</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-en">t</span><span class="pl-c1">::</span><span class="pl-en">ts</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">let</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-en">divide</span> <span class="pl-c1">1</span> <span class="pl-en">t</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">iseq</span> <span class="pl-en">ts</span><span class="pl-c1">)</span> <span class="pl-k">in</span> <span class="pl-c1">()</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span>    <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span></pre></div>
+<h4>
+<a id="user-content-focus" class="anchor" href="#focus" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>focus</h4>
+<p><code>focus t</code> runs <code>t ()</code> on the current active goal, hiding all others
+and restoring them at the end.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">focus</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'a</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">goals</span> <span class="pl-c1">()</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>focus: no goals<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-en">g</span><span class="pl-c1">::</span><span class="pl-en">gs</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">let</span> <span class="pl-en">sgs</span> <span class="pl-c1">=</span> <span class="pl-en">smt_goals</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+        <span class="pl-en">set_goals</span> <span class="pl-c1">[</span><span class="pl-en">g</span><span class="pl-c1">];</span> <span class="pl-en">set_smt_goals</span> <span class="pl-c1">[];</span>
+        <span class="pl-k">let</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">t</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+        <span class="pl-en">set_goals</span> <span class="pl-c1">(</span><span class="pl-en">goals</span> <span class="pl-c1">()</span> @ <span class="pl-en">gs</span><span class="pl-c1">);</span> <span class="pl-en">set_smt_goals</span> <span class="pl-c1">(</span><span class="pl-en">smt_goals</span> <span class="pl-c1">()</span> @ <span class="pl-en">sgs</span><span class="pl-c1">);</span>
+        <span class="pl-en">x</span></pre></div>
+<h4>
+<a id="user-content-dump1" class="anchor" href="#dump1" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>dump1</h4>
+<p>Similar to <code>dump</code>, but only dumping the current goal.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">dump1</span> <span class="pl-c1">(</span><span class="pl-en">m</span> <span class="pl-c1">:</span> <span class="pl-c1">string)</span> <span class="pl-c1">=</span> <span class="pl-en">focus</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">dump</span> <span class="pl-en">m</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">mapAll</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">goals</span> <span class="pl-c1">()</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">::</span><span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">let</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">,</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">divide</span> <span class="pl-c1">1</span> <span class="pl-en">t</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">mapAll</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-k">in</span> <span class="pl-en">h</span><span class="pl-c1">::</span><span class="pl-en">t</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">iterAll</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span></pre></div>
+<p>Could use mapAll, but why even build that list</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">match</span> <span class="pl-en">goals</span> <span class="pl-c1">()</span> <span class="pl-k">with</span>
+<span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+<span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">::</span><span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">let</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-en">divide</span> <span class="pl-c1">1</span> <span class="pl-en">t</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">iterAll</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-k">in</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">iterAllSMT</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">gs</span><span class="pl-c1">,</span> <span class="pl-en">sgs</span> <span class="pl-c1">=</span> <span class="pl-en">goals</span> <span class="pl-c1">(),</span> <span class="pl-en">smt_goals</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+    <span class="pl-en">set_goals</span> <span class="pl-en">sgs</span><span class="pl-c1">;</span>
+    <span class="pl-en">set_smt_goals</span> <span class="pl-c1">[];</span>
+    <span class="pl-en">iterAll</span> <span class="pl-en">t</span><span class="pl-c1">;</span>
+    <span class="pl-k">let</span> <span class="pl-en">gs'</span><span class="pl-c1">,</span> <span class="pl-en">sgs'</span> <span class="pl-c1">=</span> <span class="pl-en">goals</span> <span class="pl-c1">(),</span> <span class="pl-en">smt_goals</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+    <span class="pl-en">set_goals</span> <span class="pl-en">gs</span><span class="pl-c1">;</span>
+    <span class="pl-en">set_smt_goals</span> <span class="pl-c1">(</span><span class="pl-en">gs'</span>@<span class="pl-en">sgs'</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-seq" class="anchor" href="#seq" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>seq</h4>
+<p>Runs tactic <code>t1</code> on the current goal, and then tactic <code>t2</code> on <em>each</em>
+subgoal produced by <code>t1</code>. Each invocation of <code>t2</code> runs on a proofstate
+with a single goal (they're "focused").</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">seq</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit)</span> <span class="pl-c1">(</span><span class="pl-en">g</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">focus</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span> <span class="pl-c1">();</span> <span class="pl-en">iterAll</span> <span class="pl-en">g</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">exact_args</span> <span class="pl-c1">(</span><span class="pl-en">qs</span> <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">aqualv</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">focus</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">let</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-smi">List.Tot.Base.</span><span class="pl-en">length</span> <span class="pl-en">qs</span> <span class="pl-k">in</span>
+        <span class="pl-k">let</span> <span class="pl-en">uvs</span> <span class="pl-c1">=</span> <span class="pl-en">repeatn</span> <span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fresh_uvar</span> <span class="pl-c1">None</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+        <span class="pl-k">let</span> <span class="pl-en">t'</span> <span class="pl-c1">=</span> <span class="pl-en">mk_app</span> <span class="pl-en">t</span> <span class="pl-c1">(</span><span class="pl-en">zip</span> <span class="pl-en">uvs</span> <span class="pl-en">qs</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+        <span class="pl-en">exact</span> <span class="pl-en">t'</span><span class="pl-c1">;</span>
+        <span class="pl-en">iter</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">uv</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">if</span> <span class="pl-en">is_uvar</span> <span class="pl-en">uv</span>
+                        <span class="pl-k">then</span> <span class="pl-en">unshelve</span> <span class="pl-en">uv</span>
+                        <span class="pl-k">else</span> <span class="pl-c1">())</span> <span class="pl-c1">(</span><span class="pl-smi">L.</span><span class="pl-en">rev</span> <span class="pl-en">uvs</span><span class="pl-c1">)</span>
+    <span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">exact_n</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">:</span> <span class="pl-c1">int)</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">exact_args</span> <span class="pl-c1">(</span><span class="pl-en">repeatn</span> <span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">))</span> <span class="pl-en">t</span></pre></div>
+<h4>
+<a id="user-content-ngoals" class="anchor" href="#ngoals" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>ngoals</h4>
+<p><code>ngoals ()</code> returns the number of goals</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">ngoals</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">int</span> <span class="pl-c1">=</span> <span class="pl-smi">List.Tot.Base.</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">goals</span> <span class="pl-c1">())</span></pre></div>
+<h4>
+<a id="user-content-ngoals_smt" class="anchor" href="#ngoals_smt" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>ngoals_smt</h4>
+<p><code>ngoals_smt ()</code> returns the number of SMT goals</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">ngoals_smt</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">int</span> <span class="pl-c1">=</span> <span class="pl-smi">List.Tot.Base.</span><span class="pl-en">length</span> <span class="pl-c1">(</span><span class="pl-en">smt_goals</span> <span class="pl-c1">())</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">fresh_bv</span> <span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">bv</span> <span class="pl-c1">=</span></pre></div>
+<p>These bvs are fresh anyway through a separate counter,
+* but adding the integer allows for more readability when
+* generating code</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">fresh</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+<span class="pl-en">fresh_bv_named</span> <span class="pl-c1">(</span><span class="pl-s"><span class="pl-pds">"</span>x<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">string_of_int</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-en">t</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">fresh_binder_named</span> <span class="pl-en">nm</span> <span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">binder</span> <span class="pl-c1">=</span>
+    <span class="pl-en">mk_binder</span> <span class="pl-c1">(</span><span class="pl-en">fresh_bv_named</span> <span class="pl-en">nm</span> <span class="pl-en">t</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">fresh_binder</span> <span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">binder</span> <span class="pl-c1">=</span></pre></div>
+<p>See comment in fresh_bv</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">fresh</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+<span class="pl-en">fresh_binder_named</span> <span class="pl-c1">(</span><span class="pl-s"><span class="pl-pds">"</span>x<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">string_of_int</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-en">t</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">fresh_implicit_binder_named</span> <span class="pl-en">nm</span> <span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">binder</span> <span class="pl-c1">=</span>
+    <span class="pl-en">mk_implicit_binder</span> <span class="pl-c1">(</span><span class="pl-en">fresh_bv_named</span> <span class="pl-en">nm</span> <span class="pl-en">t</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">fresh_implicit_binder</span> <span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">binder</span> <span class="pl-c1">=</span></pre></div>
+<p>See comment in fresh_bv</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">fresh</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+<span class="pl-en">fresh_implicit_binder_named</span> <span class="pl-c1">(</span><span class="pl-s"><span class="pl-pds">"</span>x<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">string_of_int</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-en">t</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">guard</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">:</span> <span class="pl-c1">bool)</span> <span class="pl-c1">:</span> <span class="pl-c1">TacH</span> <span class="pl-c1">unit</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span>
+                                 <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">ps</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">if</span> <span class="pl-en">b</span>
+                                                       <span class="pl-k">then</span> <span class="pl-c1">Success</span><span class="pl-c1">?</span> <span class="pl-en">r</span> <span class="pl-c1">/\</span> <span class="pl-c1">Success</span><span class="pl-c1">?.</span><span class="pl-en">ps</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-en">ps</span>
+                                                       <span class="pl-k">else</span> <span class="pl-c1">Failed</span><span class="pl-c1">?</span> <span class="pl-en">r</span><span class="pl-c1">))</span></pre></div>
+<p>^ the proofstate on failure is not exactly equal (has the psc set)</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">=</span>
+<span class="pl-k">if</span> <span class="pl-en">not</span> <span class="pl-en">b</span> <span class="pl-k">then</span>
+    <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>guard failed<span class="pl-pds">"</span></span>
+<span class="pl-k">else</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">try_with</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">:</span> <span class="pl-en">exn</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'a</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">catch</span> <span class="pl-en">f</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Inl</span> <span class="pl-en">e</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">h</span> <span class="pl-en">e</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Inr</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">trytac</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">option</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-k">try</span> <span class="pl-c1">Some</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">())</span>
+    <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">None</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">or_else</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">t1</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">t2</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">a</span> <span class="pl-c1">=</span>
+    <span class="pl-k">try</span> <span class="pl-en">t1</span> <span class="pl-c1">()</span>
+    <span class="pl-k">with</span> <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t2</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-c1">(</span>&lt;<span class="pl-c1">|&gt;)</span> <span class="pl-c1">:</span> <span class="pl-c1">(unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+            <span class="pl-c1">(unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+            <span class="pl-c1">(unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-c1">(</span>&lt;<span class="pl-c1">|&gt;)</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span> <span class="pl-c1">=</span> <span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">or_else</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">first</span> <span class="pl-c1">(</span><span class="pl-en">ts</span> <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">(unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'a</span><span class="pl-c1">))</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'a</span> <span class="pl-c1">=</span>
+    <span class="pl-smi">L.</span><span class="pl-en">fold_right</span> <span class="pl-c1">(</span>&lt;<span class="pl-c1">|&gt;)</span> <span class="pl-en">ts</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>no tactics to try<span class="pl-pds">"</span></span><span class="pl-c1">)</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">repeat</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">catch</span> <span class="pl-en">t</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Inl</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Inr</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span> <span class="pl-c1">::</span> <span class="pl-en">repeat</span> <span class="pl-en">t</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">repeat1</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-en">t</span> <span class="pl-c1">()</span> <span class="pl-c1">::</span> <span class="pl-en">repeat</span> <span class="pl-en">t</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">repeat'</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-en">repeat</span> <span class="pl-en">f</span> <span class="pl-k">in</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">norm_term</span> <span class="pl-c1">(</span><span class="pl-en">s</span> <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">norm_step</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">e</span> <span class="pl-c1">=</span>
+        <span class="pl-k">try</span> <span class="pl-en">cur_env</span> <span class="pl-c1">()</span>
+        <span class="pl-k">with</span> <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">top_env</span> <span class="pl-c1">()</span>
+    <span class="pl-k">in</span>
+    <span class="pl-en">norm_term_env</span> <span class="pl-en">e</span> <span class="pl-en">s</span> <span class="pl-en">t</span></pre></div>
+<h4>
+<a id="user-content-join_all_smt_goals" class="anchor" href="#join_all_smt_goals" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>join_all_smt_goals</h4>
+<p>Join all of the SMT goals into one. This helps when all of them are
+expected to be similar, and therefore easier to prove at once by the SMT
+solver. TODO: would be nice to try to join them in a more meaningful
+way, as the order can matter.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">join_all_smt_goals</span> <span class="pl-c1">()</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">gs</span><span class="pl-c1">,</span> <span class="pl-en">sgs</span> <span class="pl-c1">=</span> <span class="pl-en">goals</span> <span class="pl-c1">(),</span> <span class="pl-en">smt_goals</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+  <span class="pl-en">set_smt_goals</span> <span class="pl-c1">[];</span>
+  <span class="pl-en">set_goals</span> <span class="pl-en">sgs</span><span class="pl-c1">;</span>
+  <span class="pl-en">repeat'</span> <span class="pl-en">join</span><span class="pl-c1">;</span>
+  <span class="pl-k">let</span> <span class="pl-en">sgs'</span> <span class="pl-c1">=</span> <span class="pl-en">goals</span> <span class="pl-c1">()</span> <span class="pl-k">in</span> <span class="pl-c">// should be a single one</span>
+  <span class="pl-en">set_goals</span> <span class="pl-en">gs</span><span class="pl-c1">;</span>
+  <span class="pl-en">set_smt_goals</span> <span class="pl-en">sgs'</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">discard</span> <span class="pl-c1">(</span><span class="pl-en">tau</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">let</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-en">tau</span> <span class="pl-c1">()</span> <span class="pl-k">in</span> <span class="pl-c1">()</span></pre></div>
+<p>TODO: do we want some value out of this?</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">repeatseq</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-en">trytac</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">discard</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">`</span><span class="pl-en">seq</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-en">discard</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">repeatseq</span> <span class="pl-en">t</span><span class="pl-c1">)))</span> <span class="pl-k">in</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">tadmit</span> <span class="pl-c1">()</span> <span class="pl-c1">=</span> <span class="pl-en">tadmit_t</span> <span class="pl-c1">(`())</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">admit1</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">tadmit</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">admit_all</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-en">repeat</span> <span class="pl-en">tadmit</span> <span class="pl-k">in</span>
+    <span class="pl-c1">()</span></pre></div>
+<h4>
+<a id="user-content-is_guard" class="anchor" href="#is_guard" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>is_guard</h4>
+<p><a href="#is_guard"><code>is_guard</code></a> returns whether the current goal arised from a typechecking guard</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">is_guard</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span>
+    <span class="pl-smi">Tactics.Types.</span><span class="pl-en">is_guard</span> <span class="pl-c1">(</span><span class="pl-en">_cur_goal</span> <span class="pl-c1">())</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">skip_guard</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-k">if</span> <span class="pl-en">is_guard</span> <span class="pl-c1">()</span>
+    <span class="pl-k">then</span> <span class="pl-en">smt</span> <span class="pl-c1">()</span>
+    <span class="pl-k">else</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span><span class="pl-pds">"</span></span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">guards_to_smt</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-en">repeat</span> <span class="pl-en">skip_guard</span> <span class="pl-k">in</span>
+    <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">simpl</span>   <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span> <span class="pl-en">norm</span> <span class="pl-c1">[</span><span class="pl-en">simplify</span><span class="pl-c1">;</span> <span class="pl-en">primops</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">whnf</span>    <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span> <span class="pl-en">norm</span> <span class="pl-c1">[</span><span class="pl-en">weak</span><span class="pl-c1">;</span> <span class="pl-en">hnf</span><span class="pl-c1">;</span> <span class="pl-en">primops</span><span class="pl-c1">;</span> <span class="pl-en">delta</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">compute</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span> <span class="pl-en">norm</span> <span class="pl-c1">[</span><span class="pl-en">primops</span><span class="pl-c1">;</span> <span class="pl-en">iota</span><span class="pl-c1">;</span> <span class="pl-en">delta</span><span class="pl-c1">;</span> <span class="pl-en">zeta</span><span class="pl-c1">]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">intros</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-en">binder</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">repeat</span> <span class="pl-en">intro</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">intros'</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-en">intros</span> <span class="pl-c1">()</span> <span class="pl-k">in</span> <span class="pl-c1">()</span>
+<span class="pl-k">let</span> <span class="pl-en">destruct</span> <span class="pl-en">tm</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-en">t_destruct</span> <span class="pl-en">tm</span> <span class="pl-k">in</span> <span class="pl-c1">()</span>
+<span class="pl-k">let</span> <span class="pl-en">destruct_intros</span> <span class="pl-en">tm</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span> <span class="pl-en">seq</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">let</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-en">t_destruct</span> <span class="pl-en">tm</span> <span class="pl-k">in</span> <span class="pl-c1">())</span> <span class="pl-en">intros'</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">__cut</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span>
+<span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">__cut</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">f</span> <span class="pl-en">x</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">tcut</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">binder</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">g</span> <span class="pl-c1">=</span> <span class="pl-en">cur_goal</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">tt</span> <span class="pl-c1">=</span> <span class="pl-en">mk_e_app</span> <span class="pl-c1">(`</span><span class="pl-en">__cut</span><span class="pl-c1">)</span> <span class="pl-c1">[</span><span class="pl-en">t</span><span class="pl-c1">;</span> <span class="pl-en">g</span><span class="pl-c1">]</span> <span class="pl-k">in</span>
+    <span class="pl-en">apply</span> <span class="pl-en">tt</span><span class="pl-c1">;</span>
+    <span class="pl-en">intro</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">pose</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">binder</span> <span class="pl-c1">=</span>
+    <span class="pl-en">apply</span> <span class="pl-c1">(`</span><span class="pl-en">__cut</span><span class="pl-c1">);</span>
+    <span class="pl-en">flip</span> <span class="pl-c1">();</span>
+    <span class="pl-en">exact</span> <span class="pl-en">t</span><span class="pl-c1">;</span>
+    <span class="pl-en">intro</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">intro_as</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:string)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">binder</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">intro</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+    <span class="pl-en">rename_to</span> <span class="pl-en">b</span> <span class="pl-en">s</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">pose_as</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:string)</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">binder</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">pose</span> <span class="pl-en">t</span> <span class="pl-k">in</span>
+    <span class="pl-en">rename_to</span> <span class="pl-en">b</span> <span class="pl-en">s</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">for_each_binder</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-c1">:</span> <span class="pl-en">binder</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">cur_binders</span> <span class="pl-c1">())</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">revert_all</span> <span class="pl-c1">(</span><span class="pl-en">bs</span><span class="pl-c1">:</span><span class="pl-en">binders</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">bs</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">revert</span> <span class="pl-c1">();</span>
+               <span class="pl-en">revert_all</span> <span class="pl-en">tl</span></pre></div>
+<p>Some syntax utility functions</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">bv_to_term</span> <span class="pl-c1">(</span><span class="pl-en">bv</span> <span class="pl-c1">:</span> <span class="pl-en">bv</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span> <span class="pl-c1">=</span> <span class="pl-en">pack</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_Var</span> <span class="pl-en">bv</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">binder_to_term</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">:</span> <span class="pl-en">binder</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span> <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-en">bv</span><span class="pl-c1">,</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-en">inspect_binder</span> <span class="pl-en">b</span> <span class="pl-k">in</span> <span class="pl-en">bv_to_term</span> <span class="pl-en">bv</span></pre></div>
+<p>Cannot define this inside <code>assumption</code> due to #1091</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">__assumption_aux</span> <span class="pl-c1">(</span><span class="pl-en">bs</span> <span class="pl-c1">:</span> <span class="pl-en">binders</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">bs</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>no assumption matches goal<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-en">b</span><span class="pl-c1">::</span><span class="pl-en">bs</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">let</span> <span class="pl-en">t</span> <span class="pl-c1">=</span> <span class="pl-en">binder_to_term</span> <span class="pl-en">b</span> <span class="pl-k">in</span>
+        <span class="pl-k">try</span> <span class="pl-en">exact</span> <span class="pl-en">t</span> <span class="pl-k">with</span> <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">try</span> <span class="pl-c1">(</span><span class="pl-en">apply</span> <span class="pl-c1">(`</span><span class="pl-smi">FStar.Squash.</span><span class="pl-en">return_squash</span><span class="pl-c1">);</span>
+             <span class="pl-en">exact</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-k">with</span> <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-en">__assumption_aux</span> <span class="pl-en">bs</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">assumption</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">__assumption_aux</span> <span class="pl-c1">(</span><span class="pl-en">cur_binders</span> <span class="pl-c1">())</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">destruct_equality_implication</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">option</span> <span class="pl-c1">(</span><span class="pl-en">formula</span> * <span class="pl-en">term</span><span class="pl-c1">))</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">term_as_formula</span> <span class="pl-en">t</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Implies</span> <span class="pl-en">lhs</span> <span class="pl-en">rhs</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">let</span> <span class="pl-en">lhs</span> <span class="pl-c1">=</span> <span class="pl-en">term_as_formula'</span> <span class="pl-en">lhs</span> <span class="pl-k">in</span>
+        <span class="pl-k">begin</span> <span class="pl-k">match</span> <span class="pl-en">lhs</span> <span class="pl-k">with</span>
+        <span class="pl-c1">|</span> <span class="pl-c1">Comp</span> <span class="pl-c1">(</span><span class="pl-c1">Eq</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Some</span> <span class="pl-c1">(</span><span class="pl-en">lhs</span><span class="pl-c1">,</span> <span class="pl-en">rhs</span><span class="pl-c1">)</span>
+        <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">None</span>
+        <span class="pl-k">end</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">None</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">__eq_sym</span> <span class="pl-c1">#</span><span class="pl-en">t</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">a</span> <span class="pl-c1">==</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">==</span> <span class="pl-en">a</span><span class="pl-c1">))</span> <span class="pl-c1">=</span>
+  <span class="pl-smi">FStar.PropositionalExtensionality.</span><span class="pl-en">apply</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">==</span><span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">==</span><span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-rewrite" class="anchor" href="#rewrite" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>rewrite'</h4>
+<p>Like <code>rewrite</code>, but works with equalities <code>v == e</code> and <code>e == v</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">rewrite'</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">binder</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-c1">((</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">rewrite</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+     &lt;<span class="pl-c1">|&gt;</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">binder_retype</span> <span class="pl-en">b</span><span class="pl-c1">;</span>
+                    <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">__eq_sym</span><span class="pl-c1">);</span>
+                    <span class="pl-en">rewrite</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+     &lt;<span class="pl-c1">|&gt;</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>rewrite' failed<span class="pl-pds">"</span></span><span class="pl-c1">))</span>
+    <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">try_rewrite_equality</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">bs</span><span class="pl-c1">:</span><span class="pl-en">binders</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">bs</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+    <span class="pl-c1">|</span> <span class="pl-en">x_t</span><span class="pl-c1">::</span><span class="pl-en">bs</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">begin</span> <span class="pl-k">match</span> <span class="pl-en">term_as_formula</span> <span class="pl-c1">(</span><span class="pl-en">type_of_binder</span> <span class="pl-en">x_t</span><span class="pl-c1">)</span> <span class="pl-k">with</span>
+        <span class="pl-c1">|</span> <span class="pl-c1">Comp</span> <span class="pl-c1">(</span><span class="pl-c1">Eq</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-en">y</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+            <span class="pl-k">if</span> <span class="pl-en">term_eq</span> <span class="pl-en">x</span> <span class="pl-en">y</span>
+            <span class="pl-k">then</span> <span class="pl-en">rewrite</span> <span class="pl-en">x_t</span>
+            <span class="pl-k">else</span> <span class="pl-en">try_rewrite_equality</span> <span class="pl-en">x</span> <span class="pl-en">bs</span>
+        <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+            <span class="pl-en">try_rewrite_equality</span> <span class="pl-en">x</span> <span class="pl-en">bs</span>
+        <span class="pl-k">end</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">rewrite_all_context_equalities</span> <span class="pl-c1">(</span><span class="pl-en">bs</span><span class="pl-c1">:</span><span class="pl-en">binders</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">bs</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+    <span class="pl-c1">|</span> <span class="pl-en">x_t</span><span class="pl-c1">::</span><span class="pl-en">bs</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">begin</span>
+        <span class="pl-c1">(</span><span class="pl-k">try</span> <span class="pl-en">rewrite</span> <span class="pl-en">x_t</span> <span class="pl-k">with</span> <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">());</span>
+        <span class="pl-en">rewrite_all_context_equalities</span> <span class="pl-en">bs</span>
+    <span class="pl-k">end</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">rewrite_eqs_from_context</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">rewrite_all_context_equalities</span> <span class="pl-c1">(</span><span class="pl-en">cur_binders</span> <span class="pl-c1">())</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">rewrite_equality</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">try_rewrite_equality</span> <span class="pl-en">t</span> <span class="pl-c1">(</span><span class="pl-en">cur_binders</span> <span class="pl-c1">())</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">unfold_def</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">inspect</span> <span class="pl-en">t</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-en">fv</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">let</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-en">implode_qn</span> <span class="pl-c1">(</span><span class="pl-en">inspect_fv</span> <span class="pl-en">fv</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+        <span class="pl-en">norm</span> <span class="pl-c1">[</span><span class="pl-en">delta_fully</span> <span class="pl-c1">[</span><span class="pl-en">n</span><span class="pl-c1">]]</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>unfold_def: term is not a fv<span class="pl-pds">"</span></span></pre></div>
+<h4>
+<a id="user-content-l_to_r" class="anchor" href="#l_to_r" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>l_to_r</h4>
+<p>Rewrites left-to-right, and bottom-up, given a set of lemmas stating
+equalities. The lemmas need to prove <em>propositional</em> equalities, that
+is, using <code>==</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">l_to_r</span> <span class="pl-c1">(</span><span class="pl-en">lems</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">first_or_trefl</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+        <span class="pl-en">fold_left</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">k</span> <span class="pl-en">l</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span>
+                    <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">apply_lemma_rw</span> <span class="pl-en">l</span><span class="pl-c1">)</span>
+                    <span class="pl-c1">`</span><span class="pl-en">or_else</span><span class="pl-c1">`</span> <span class="pl-en">k</span><span class="pl-c1">)</span>
+                  <span class="pl-en">trefl</span> <span class="pl-en">lems</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+    <span class="pl-en">pointwise</span> <span class="pl-en">first_or_trefl</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mk_squash</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">sq</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">=</span> <span class="pl-en">pack_ln</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_FVar</span> <span class="pl-c1">(</span><span class="pl-en">pack_fv</span> <span class="pl-en">squash_qn</span><span class="pl-c1">))</span> <span class="pl-k">in</span>
+    <span class="pl-en">mk_e_app</span> <span class="pl-en">sq</span> <span class="pl-c1">[</span><span class="pl-en">t</span><span class="pl-c1">]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mk_sq_eq</span> <span class="pl-c1">(</span><span class="pl-en">t1</span> <span class="pl-en">t2</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">eq</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">=</span> <span class="pl-en">pack_ln</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_FVar</span> <span class="pl-c1">(</span><span class="pl-en">pack_fv</span> <span class="pl-en">eq2_qn</span><span class="pl-c1">))</span> <span class="pl-k">in</span>
+    <span class="pl-en">mk_squash</span> <span class="pl-c1">(</span><span class="pl-en">mk_e_app</span> <span class="pl-en">eq</span> <span class="pl-c1">[</span><span class="pl-en">t1</span><span class="pl-c1">;</span> <span class="pl-en">t2</span><span class="pl-c1">])</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">grewrite</span> <span class="pl-c1">(</span><span class="pl-en">t1</span> <span class="pl-en">t2</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">e</span> <span class="pl-c1">=</span> <span class="pl-en">tcut</span> <span class="pl-c1">(</span><span class="pl-en">mk_sq_eq</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">e</span> <span class="pl-c1">=</span> <span class="pl-en">pack_ln</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_Var</span> <span class="pl-c1">(</span><span class="pl-en">bv_of_binder</span> <span class="pl-en">e</span><span class="pl-c1">))</span> <span class="pl-k">in</span>
+    <span class="pl-en">pointwise</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">try</span> <span class="pl-en">exact</span> <span class="pl-en">e</span> <span class="pl-k">with</span> <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">trefl</span> <span class="pl-c1">())</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">__un_sq_eq</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-c1">_</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">y</span><span class="pl-c1">))</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">==</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<h4>
+<a id="user-content-grewrite_eq" class="anchor" href="#grewrite_eq" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>grewrite_eq</h4>
+<p>A wrapper to <code>grewrite</code> which takes a binder of an equality type</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">grewrite_eq</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">binder</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">term_as_formula</span> <span class="pl-c1">(</span><span class="pl-en">type_of_binder</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Comp</span> <span class="pl-c1">(</span><span class="pl-c1">Eq</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">grewrite</span> <span class="pl-en">l</span> <span class="pl-en">r</span><span class="pl-c1">;</span>
+    <span class="pl-en">iseq</span> <span class="pl-c1">[</span><span class="pl-en">idtac</span><span class="pl-c1">;</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">exact</span> <span class="pl-c1">(</span><span class="pl-en">binder_to_term</span> <span class="pl-en">b</span><span class="pl-c1">))]</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">begin</span> <span class="pl-k">match</span> <span class="pl-en">term_as_formula'</span> <span class="pl-c1">(</span><span class="pl-en">type_of_binder</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Comp</span> <span class="pl-c1">(</span><span class="pl-c1">Eq</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">grewrite</span> <span class="pl-en">l</span> <span class="pl-en">r</span><span class="pl-c1">;</span>
+      <span class="pl-en">iseq</span> <span class="pl-c1">[</span><span class="pl-en">idtac</span><span class="pl-c1">;</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">__un_sq_eq</span><span class="pl-c1">);</span>
+                              <span class="pl-en">exact</span> <span class="pl-c1">(</span><span class="pl-en">binder_to_term</span> <span class="pl-en">b</span><span class="pl-c1">))]</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>grewrite_eq: binder type is not an equality<span class="pl-pds">"</span></span>
+    <span class="pl-k">end</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">push1</span> <span class="pl-c1">:</span> <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:Type)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">q</span><span class="pl-c1">:Type)</span> <span class="pl-c1">-&gt;</span>
+                        <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">q</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+                        <span class="pl-k">squash</span> <span class="pl-en">p</span> <span class="pl-c1">-&gt;</span>
+                        <span class="pl-k">squash</span> <span class="pl-en">q</span>
+<span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">push1</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">#</span><span class="pl-en">q</span> <span class="pl-en">f</span> <span class="pl-en">u</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">push1'</span> <span class="pl-c1">:</span> <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:Type)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">q</span><span class="pl-c1">:Type)</span> <span class="pl-c1">-&gt;</span>
+                         <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">q</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+                         <span class="pl-k">squash</span> <span class="pl-en">p</span> <span class="pl-c1">-&gt;</span>
+                         <span class="pl-k">squash</span> <span class="pl-en">q</span>
+<span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">push1'</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">#</span><span class="pl-en">q</span> <span class="pl-en">f</span> <span class="pl-en">u</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<ul>
+<li>Some easier applying, which should prevent frustation</li>
+<li>(or cause more when it doesn't do what you wanted to)</li>
+</ul>
+<p>Before anything, try a vanilla apply and apply_lemma</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">apply_squash_or_lem</span> <span class="pl-c1">:</span> <span class="pl-en">d</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">apply_squash_or_lem</span> <span class="pl-en">d</span> <span class="pl-en">t</span> <span class="pl-c1">=</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">try</span> <span class="pl-en">apply</span> <span class="pl-en">t</span> <span class="pl-k">with</span> <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+<span class="pl-k">try</span> <span class="pl-en">apply</span> <span class="pl-c1">(`</span><span class="pl-smi">FStar.Squash.</span><span class="pl-en">return_squash</span><span class="pl-c1">);</span> <span class="pl-en">apply</span> <span class="pl-en">t</span> <span class="pl-k">with</span> <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+<span class="pl-k">try</span> <span class="pl-en">apply_lemma</span> <span class="pl-en">t</span> <span class="pl-k">with</span> <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span></pre></div>
+<p>Fuel cutoff, just in case.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">if</span> <span class="pl-en">d</span> &lt;<span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>mapply: out of fuel<span class="pl-pds">"</span></span> <span class="pl-k">else</span> <span class="pl-k">begin</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">ty</span> <span class="pl-c1">=</span> <span class="pl-en">tc</span> <span class="pl-c1">(</span><span class="pl-en">cur_env</span> <span class="pl-c1">())</span> <span class="pl-en">t</span> <span class="pl-k">in</span>
+<span class="pl-k">let</span> <span class="pl-en">tys</span><span class="pl-c1">,</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">collect_arr</span> <span class="pl-en">ty</span> <span class="pl-k">in</span>
+<span class="pl-k">match</span> <span class="pl-en">inspect_comp</span> <span class="pl-en">c</span> <span class="pl-k">with</span>
+<span class="pl-c1">|</span> <span class="pl-c1">C_Lemma</span> <span class="pl-en">pre</span> <span class="pl-en">post</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+   <span class="pl-k">begin</span>
+   <span class="pl-k">let</span> <span class="pl-en">post</span> <span class="pl-c1">=</span> <span class="pl-c1">`((`#</span><span class="pl-en">post</span><span class="pl-c1">)</span> <span class="pl-c1">())</span> <span class="pl-k">in</span> <span class="pl-c"><span class="pl-c">(*</span> unthunk <span class="pl-c">*)</span></span>
+   <span class="pl-k">let</span> <span class="pl-en">post</span> <span class="pl-c1">=</span> <span class="pl-en">norm_term</span> <span class="pl-c1">[]</span> <span class="pl-en">post</span> <span class="pl-k">in</span></pre></div>
+<p>Is the lemma an implication? We can try to intro</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">match</span> <span class="pl-en">term_as_formula'</span> <span class="pl-en">post</span> <span class="pl-k">with</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Implies</span> <span class="pl-en">p</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">push1</span><span class="pl-c1">);</span>
+    <span class="pl-en">apply_squash_or_lem</span> <span class="pl-c1">(</span><span class="pl-en">d</span><span class="pl-c1">-</span><span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">t</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre>   <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+       <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>mapply: can't apply (1)<span class="pl-pds">"</span></span>
+   <span class="pl-en">end</span>
+<span class="pl-c1">|</span> <span class="pl-c1">C_Total</span> <span class="pl-en">rt</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+   <span class="pl-k">begin</span> <span class="pl-k">match</span> <span class="pl-en">unsquash</span> <span class="pl-en">rt</span> <span class="pl-k">with</span></pre></div>
+<p>If the function returns a squash, just apply it, since our goals are squashed</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">rt</span> <span class="pl-c1">-&gt;</span></pre></div>
+<p>DUPLICATED, refactor!
+Is the lemma an implication? We can try to intro</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">begin</span>
+<span class="pl-k">let</span> <span class="pl-en">rt</span> <span class="pl-c1">=</span> <span class="pl-en">norm_term</span> <span class="pl-c1">[]</span> <span class="pl-en">rt</span> <span class="pl-k">in</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">match</span> <span class="pl-en">term_as_formula'</span> <span class="pl-en">rt</span> <span class="pl-k">with</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Implies</span> <span class="pl-en">p</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">push1</span><span class="pl-c1">);</span>
+    <span class="pl-en">apply_squash_or_lem</span> <span class="pl-c1">(</span><span class="pl-en">d</span><span class="pl-c1">-</span><span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">t</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>mapply: can't apply (1)<span class="pl-pds">"</span></span>
+<span class="pl-en">end</span></pre></div>
+<p>If not, we can try to introduce the squash ourselves first</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span></pre></div>
+<p>DUPLICATED, refactor!
+Is the lemma an implication? We can try to intro</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">begin</span>
+<span class="pl-k">let</span> <span class="pl-en">rt</span> <span class="pl-c1">=</span> <span class="pl-en">norm_term</span> <span class="pl-c1">[]</span> <span class="pl-en">rt</span> <span class="pl-k">in</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">match</span> <span class="pl-en">term_as_formula'</span> <span class="pl-en">rt</span> <span class="pl-k">with</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Implies</span> <span class="pl-en">p</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">push1</span><span class="pl-c1">);</span>
+    <span class="pl-en">apply_squash_or_lem</span> <span class="pl-c1">(</span><span class="pl-en">d</span><span class="pl-c1">-</span><span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">t</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre>     <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+         <span class="pl-en">apply</span> <span class="pl-c1">(`</span><span class="pl-smi">FStar.Squash.</span><span class="pl-en">return_squash</span><span class="pl-c1">);</span>
+         <span class="pl-en">apply</span> <span class="pl-en">t</span>
+     <span class="pl-en">end</span>
+   <span class="pl-en">end</span>
+<span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>mapply: can't apply (2)<span class="pl-pds">"</span></span>
+<span class="pl-en">end</span></pre></div>
+<p><code>m</code> is for <code>magic</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mapply</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">apply_squash_or_lem</span> <span class="pl-c1">10</span> <span class="pl-en">t</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">admit_dump_t</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+  <span class="pl-en">dump</span> <span class="pl-s"><span class="pl-pds">"</span>Admitting<span class="pl-pds">"</span></span><span class="pl-c1">;</span>
+  <span class="pl-en">apply</span> <span class="pl-c1">(`</span><span class="pl-k">admit</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">admit_dump</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#[</span><span class="pl-en">admit_dump_t</span> <span class="pl-c1">()]</span> <span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-c1">(unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Admit</span> <span class="pl-en">a</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Admit</span> <span class="pl-en">a</span>
+<span class="pl-k">let</span> <span class="pl-en">admit_dump</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">()</span> <span class="pl-c1">=</span> <span class="pl-en">x</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">magic_dump_t</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+  <span class="pl-en">dump</span> <span class="pl-s"><span class="pl-pds">"</span>Admitting<span class="pl-pds">"</span></span><span class="pl-c1">;</span>
+  <span class="pl-en">apply</span> <span class="pl-c1">(`</span><span class="pl-en">magic</span><span class="pl-c1">);</span>
+  <span class="pl-en">exact</span> <span class="pl-c1">(`());</span>
+  <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">magic_dump</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#[</span><span class="pl-en">magic_dump_t</span> <span class="pl-c1">()]</span> <span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span>
+<span class="pl-k">let</span> <span class="pl-en">magic_dump</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">()</span> <span class="pl-c1">=</span> <span class="pl-en">x</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">change_with</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">focus</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-en">grewrite</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span><span class="pl-c1">;</span>
+        <span class="pl-en">iseq</span> <span class="pl-c1">[</span><span class="pl-en">idtac</span><span class="pl-c1">;</span> <span class="pl-en">trivial</span><span class="pl-c1">]</span>
+    <span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">change_sq</span> <span class="pl-c1">(</span><span class="pl-en">t1</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">change</span> <span class="pl-c1">(</span><span class="pl-en">mk_e_app</span> <span class="pl-c1">(`</span><span class="pl-k">squash</span><span class="pl-c1">)</span> <span class="pl-c1">[</span><span class="pl-en">t1</span><span class="pl-c1">])</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">finish_by</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'a</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">t</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+    <span class="pl-en">or_else</span> <span class="pl-en">qed</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>finish_by: not finished<span class="pl-pds">"</span></span><span class="pl-c1">);</span>
+    <span class="pl-en">x</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">solve_then</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">t1</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">t2</span> <span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">b</span> <span class="pl-c1">=</span>
+    <span class="pl-en">dup</span> <span class="pl-c1">();</span>
+    <span class="pl-k">let</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">focus</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">finish_by</span> <span class="pl-en">t1</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">t2</span> <span class="pl-en">x</span> <span class="pl-k">in</span>
+    <span class="pl-en">trefl</span> <span class="pl-c1">();</span>
+    <span class="pl-en">y</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">add_elem</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'a</span> <span class="pl-c1">=</span> <span class="pl-en">focus</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">apply</span> <span class="pl-c1">(`</span><span class="pl-c1">Cons</span><span class="pl-c1">);</span>
+    <span class="pl-en">focus</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-k">let</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">t</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+      <span class="pl-en">qed</span> <span class="pl-c1">();</span>
+      <span class="pl-en">x</span>
+    <span class="pl-c1">)</span>
+  <span class="pl-c1">)</span></pre></div>
+<ul>
+<li>
+<p>Specialize a function by partially evaluating it</p>
+</li>
+<li>
+<p>For example:</p>
+</li>
+<li>
+<p>let rec foo (l:list int) (x:int) :St int =
+match l with
+| `` -&gt; x
+| hd::tl -&gt; x + foo tl x</p>
+<p>let f :int -&gt; St int = synth_by_tactic (specialize (foo <code>1; 2</code>) <code>%</code>foo`)</p>
+</li>
+<li>
+<p>would make the definition of f as x + x + x</p>
+</li>
+<li>
+</li>
+<li>
+<p>f is the term that needs to be specialized</p>
+</li>
+<li>
+<p>l is the list of names to be delta-ed</p>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">specialize</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-c1">string)</span> <span class="pl-c1">:unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span>
+  <span class="pl-c1">=</span> <span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">solve_then</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">exact</span> <span class="pl-c1">(</span><span class="pl-en">quote</span> <span class="pl-en">f</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">norm</span> <span class="pl-c1">[</span><span class="pl-en">delta_only</span> <span class="pl-en">l</span><span class="pl-c1">;</span> <span class="pl-en">iota</span><span class="pl-c1">;</span> <span class="pl-en">zeta</span><span class="pl-c1">])</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">tlabel</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:string)</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">goals</span> <span class="pl-c1">()</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>tlabel: no goals<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-en">h</span><span class="pl-c1">::</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-en">set_goals</span> <span class="pl-c1">(</span><span class="pl-en">set_label</span> <span class="pl-en">l</span> <span class="pl-en">h</span> <span class="pl-c1">::</span> <span class="pl-en">t</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">tlabel'</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:string)</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">goals</span> <span class="pl-c1">()</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>tlabel': no goals<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-en">h</span><span class="pl-c1">::</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">let</span> <span class="pl-en">h</span> <span class="pl-c1">=</span> <span class="pl-en">set_label</span> <span class="pl-c1">(</span><span class="pl-en">l</span> <span class="pl-c1">^</span> <span class="pl-en">get_label</span> <span class="pl-en">h</span><span class="pl-c1">)</span> <span class="pl-en">h</span> <span class="pl-k">in</span>
+        <span class="pl-en">set_goals</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">::</span> <span class="pl-en">t</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">focus_all</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">set_goals</span> <span class="pl-c1">(</span><span class="pl-en">goals</span> <span class="pl-c1">()</span> @ <span class="pl-en">smt_goals</span> <span class="pl-c1">());</span>
+    <span class="pl-en">set_smt_goals</span> <span class="pl-c1">[]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">extract_nth</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">l</span> <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">option</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> * <span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">n</span><span class="pl-c1">,</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">None</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">0</span><span class="pl-c1">,</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Some</span> <span class="pl-c1">(</span><span class="pl-en">hd</span><span class="pl-c1">,</span> <span class="pl-en">tl</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">begin</span>
+    <span class="pl-k">match</span> <span class="pl-en">extract_nth</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">-</span><span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">tl</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-c1">(</span><span class="pl-en">hd'</span><span class="pl-c1">,</span> <span class="pl-en">tl'</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Some</span> <span class="pl-c1">(</span><span class="pl-en">hd'</span><span class="pl-c1">,</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl'</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">None</span>
+  <span class="pl-k">end</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">bump_nth</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span></pre></div>
+<p>n-1 since goal numbering begins at 1</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">match</span> <span class="pl-en">extract_nth</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">goals</span> <span class="pl-c1">())</span> <span class="pl-k">with</span>
+<span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>bump_nth: not that many goals<span class="pl-pds">"</span></span>
+<span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">,</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">set_goals</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">::</span> <span class="pl-en">t</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">on_sort_bv</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">xbv</span><span class="pl-c1">:</span><span class="pl-en">bv</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">bv</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">bvv</span> <span class="pl-c1">=</span> <span class="pl-en">inspect_bv</span> <span class="pl-en">xbv</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">bvv</span> <span class="pl-c1">=</span> <span class="pl-c1">{</span> <span class="pl-en">bvv</span> <span class="pl-k">with</span> <span class="pl-en">bv_sort</span> <span class="pl-c1">=</span> <span class="pl-en">f</span> <span class="pl-en">bvv</span><span class="pl-c1">.</span><span class="pl-en">bv_sort</span> <span class="pl-c1">}</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">bv</span> <span class="pl-c1">=</span> <span class="pl-en">pack_bv</span> <span class="pl-en">bvv</span> <span class="pl-k">in</span>
+  <span class="pl-en">bv</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">on_sort_binder</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">binder</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">binder</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">bv</span><span class="pl-c1">,</span> <span class="pl-c1">(</span><span class="pl-en">q</span><span class="pl-c1">,</span> <span class="pl-en">attrs</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">inspect_binder</span> <span class="pl-en">b</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">bv</span> <span class="pl-c1">=</span> <span class="pl-en">on_sort_bv</span> <span class="pl-en">f</span> <span class="pl-en">bv</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">pack_binder</span> <span class="pl-en">bv</span> <span class="pl-en">q</span> <span class="pl-en">attrs</span> <span class="pl-k">in</span>
+  <span class="pl-en">b</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">visit_tm</span> <span class="pl-c1">(</span><span class="pl-en">ff</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">tv</span> <span class="pl-c1">=</span> <span class="pl-en">inspect_ln</span> <span class="pl-en">t</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">tv'</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">tv</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">tv</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_Var</span> <span class="pl-en">bv</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">let</span> <span class="pl-en">bv</span> <span class="pl-c1">=</span> <span class="pl-en">on_sort_bv</span> <span class="pl-c1">(</span><span class="pl-en">visit_tm</span> <span class="pl-en">ff</span><span class="pl-c1">)</span> <span class="pl-en">bv</span> <span class="pl-k">in</span>
+        <span class="pl-c1">Tv_Var</span> <span class="pl-en">bv</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Tv_BVar</span> <span class="pl-en">bv</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">let</span> <span class="pl-en">bv</span> <span class="pl-c1">=</span> <span class="pl-en">on_sort_bv</span> <span class="pl-c1">(</span><span class="pl-en">visit_tm</span> <span class="pl-en">ff</span><span class="pl-c1">)</span> <span class="pl-en">bv</span> <span class="pl-k">in</span>
+    <span class="pl-c1">Tv_BVar</span> <span class="pl-en">bv</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre>    <span class="pl-c1">|</span> <span class="pl-c1">Tv_Type</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tv_Type</span> <span class="pl-c1">()</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_Const</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tv_Const</span> <span class="pl-en">c</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_Uvar</span> <span class="pl-en">i</span> <span class="pl-en">u</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tv_Uvar</span> <span class="pl-en">i</span> <span class="pl-en">u</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_Unknown</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tv_Unknown</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_Arrow</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">let</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">on_sort_binder</span> <span class="pl-c1">(</span><span class="pl-en">visit_tm</span> <span class="pl-en">ff</span><span class="pl-c1">)</span> <span class="pl-en">b</span> <span class="pl-k">in</span>
+        <span class="pl-k">let</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">visit_comp</span> <span class="pl-en">ff</span> <span class="pl-en">c</span> <span class="pl-k">in</span>
+        <span class="pl-c1">Tv_Arrow</span> <span class="pl-en">b</span> <span class="pl-en">c</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_Abs</span> <span class="pl-en">b</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">let</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">on_sort_binder</span> <span class="pl-c1">(</span><span class="pl-en">visit_tm</span> <span class="pl-en">ff</span><span class="pl-c1">)</span> <span class="pl-en">b</span> <span class="pl-k">in</span>
+        <span class="pl-k">let</span> <span class="pl-en">t</span> <span class="pl-c1">=</span> <span class="pl-en">visit_tm</span> <span class="pl-en">ff</span> <span class="pl-en">t</span> <span class="pl-k">in</span>
+        <span class="pl-c1">Tv_Abs</span> <span class="pl-en">b</span> <span class="pl-en">t</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_App</span> <span class="pl-en">l</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">,</span> <span class="pl-en">q</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+         <span class="pl-k">let</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-en">visit_tm</span> <span class="pl-en">ff</span> <span class="pl-en">l</span> <span class="pl-k">in</span>
+         <span class="pl-k">let</span> <span class="pl-en">r</span> <span class="pl-c1">=</span> <span class="pl-en">visit_tm</span> <span class="pl-en">ff</span> <span class="pl-en">r</span> <span class="pl-k">in</span>
+         <span class="pl-c1">Tv_App</span> <span class="pl-en">l</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">,</span> <span class="pl-en">q</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_Refine</span> <span class="pl-en">b</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">let</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">on_sort_bv</span> <span class="pl-c1">(</span><span class="pl-en">visit_tm</span> <span class="pl-en">ff</span><span class="pl-c1">)</span> <span class="pl-en">b</span> <span class="pl-k">in</span>
+        <span class="pl-k">let</span> <span class="pl-en">r</span> <span class="pl-c1">=</span> <span class="pl-en">visit_tm</span> <span class="pl-en">ff</span> <span class="pl-en">r</span> <span class="pl-k">in</span>
+        <span class="pl-c1">Tv_Refine</span> <span class="pl-en">b</span> <span class="pl-en">r</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_Let</span> <span class="pl-en">r</span> <span class="pl-en">attrs</span> <span class="pl-en">b</span> <span class="pl-en">def</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">let</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">on_sort_bv</span> <span class="pl-c1">(</span><span class="pl-en">visit_tm</span> <span class="pl-en">ff</span><span class="pl-c1">)</span> <span class="pl-en">b</span> <span class="pl-k">in</span>
+        <span class="pl-k">let</span> <span class="pl-en">def</span> <span class="pl-c1">=</span> <span class="pl-en">visit_tm</span> <span class="pl-en">ff</span> <span class="pl-en">def</span> <span class="pl-k">in</span>
+        <span class="pl-k">let</span> <span class="pl-en">t</span> <span class="pl-c1">=</span> <span class="pl-en">visit_tm</span> <span class="pl-en">ff</span> <span class="pl-en">t</span> <span class="pl-k">in</span>
+        <span class="pl-c1">Tv_Let</span> <span class="pl-en">r</span> <span class="pl-en">attrs</span> <span class="pl-en">b</span> <span class="pl-en">def</span> <span class="pl-en">t</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_Match</span> <span class="pl-en">sc</span> <span class="pl-en">ret_opt</span> <span class="pl-en">brs</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">let</span> <span class="pl-en">sc</span> <span class="pl-c1">=</span> <span class="pl-en">visit_tm</span> <span class="pl-en">ff</span> <span class="pl-en">sc</span> <span class="pl-k">in</span>
+        <span class="pl-k">let</span> <span class="pl-en">ret_opt</span> <span class="pl-c1">=</span> <span class="pl-en">map_opt</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">ret</span> <span class="pl-c1">-&gt;</span>
+          <span class="pl-k">match</span> <span class="pl-en">ret</span> <span class="pl-k">with</span>
+          <span class="pl-c1">|</span> <span class="pl-c1">Inl</span> <span class="pl-en">t</span><span class="pl-c1">,</span> <span class="pl-en">tacopt</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Inl</span> <span class="pl-c1">(</span><span class="pl-en">visit_tm</span> <span class="pl-en">ff</span> <span class="pl-en">t</span><span class="pl-c1">),</span> <span class="pl-en">map_opt</span> <span class="pl-c1">(</span><span class="pl-en">visit_tm</span> <span class="pl-en">ff</span><span class="pl-c1">)</span> <span class="pl-en">tacopt</span>
+          <span class="pl-c1">|</span> <span class="pl-c1">Inr</span> <span class="pl-en">c</span><span class="pl-c1">,</span> <span class="pl-en">tacopt</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Inr</span> <span class="pl-c1">(</span><span class="pl-en">visit_comp</span> <span class="pl-en">ff</span> <span class="pl-en">c</span><span class="pl-c1">),</span> <span class="pl-en">map_opt</span> <span class="pl-c1">(</span><span class="pl-en">visit_tm</span> <span class="pl-en">ff</span><span class="pl-c1">)</span> <span class="pl-en">tacopt</span><span class="pl-c1">)</span> <span class="pl-en">ret_opt</span> <span class="pl-k">in</span>
+        <span class="pl-k">let</span> <span class="pl-en">brs</span> <span class="pl-c1">=</span> <span class="pl-en">map</span> <span class="pl-c1">(</span><span class="pl-en">visit_br</span> <span class="pl-en">ff</span><span class="pl-c1">)</span> <span class="pl-en">brs</span> <span class="pl-k">in</span>
+        <span class="pl-c1">Tv_Match</span> <span class="pl-en">sc</span> <span class="pl-en">ret_opt</span> <span class="pl-en">brs</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_AscribedT</span> <span class="pl-en">e</span> <span class="pl-en">t</span> <span class="pl-en">topt</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">let</span> <span class="pl-en">e</span> <span class="pl-c1">=</span> <span class="pl-en">visit_tm</span> <span class="pl-en">ff</span> <span class="pl-en">e</span> <span class="pl-k">in</span>
+        <span class="pl-k">let</span> <span class="pl-en">t</span> <span class="pl-c1">=</span> <span class="pl-en">visit_tm</span> <span class="pl-en">ff</span> <span class="pl-en">t</span> <span class="pl-k">in</span>
+        <span class="pl-c1">Tv_AscribedT</span> <span class="pl-en">e</span> <span class="pl-en">t</span> <span class="pl-en">topt</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_AscribedC</span> <span class="pl-en">e</span> <span class="pl-en">c</span> <span class="pl-en">topt</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">let</span> <span class="pl-en">e</span> <span class="pl-c1">=</span> <span class="pl-en">visit_tm</span> <span class="pl-en">ff</span> <span class="pl-en">e</span> <span class="pl-k">in</span>
+        <span class="pl-c1">Tv_AscribedC</span> <span class="pl-en">e</span> <span class="pl-en">c</span> <span class="pl-en">topt</span>
+  <span class="pl-k">in</span>
+  <span class="pl-en">ff</span> <span class="pl-c1">(</span><span class="pl-en">pack_ln</span> <span class="pl-en">tv'</span><span class="pl-c1">)</span>
+<span class="pl-k">and</span> <span class="pl-en">visit_br</span> <span class="pl-c1">(</span><span class="pl-en">ff</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">branch</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">branch</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">,</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">b</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-en">visit_pat</span> <span class="pl-en">ff</span> <span class="pl-en">p</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">t</span> <span class="pl-c1">=</span> <span class="pl-en">visit_tm</span> <span class="pl-en">ff</span> <span class="pl-en">t</span> <span class="pl-k">in</span>
+  <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">,</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+<span class="pl-k">and</span> <span class="pl-en">visit_pat</span> <span class="pl-c1">(</span><span class="pl-en">ff</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">pattern</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">pattern</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">p</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Pat_Constant</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Pat_Cons</span> <span class="pl-en">fv</span> <span class="pl-en">l</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-k">let</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-c1">(</span><span class="pl-k">fun</span><span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">,</span><span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">visit_pat</span> <span class="pl-en">ff</span> <span class="pl-en">p</span><span class="pl-c1">,</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+      <span class="pl-c1">Pat_Cons</span> <span class="pl-en">fv</span> <span class="pl-en">l</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Pat_Var</span> <span class="pl-en">bv</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-k">let</span> <span class="pl-en">bv</span> <span class="pl-c1">=</span> <span class="pl-en">on_sort_bv</span> <span class="pl-c1">(</span><span class="pl-en">visit_tm</span> <span class="pl-en">ff</span><span class="pl-c1">)</span> <span class="pl-en">bv</span> <span class="pl-k">in</span>
+      <span class="pl-c1">Pat_Var</span> <span class="pl-en">bv</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Pat_Wild</span> <span class="pl-en">bv</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-k">let</span> <span class="pl-en">bv</span> <span class="pl-c1">=</span> <span class="pl-en">on_sort_bv</span> <span class="pl-c1">(</span><span class="pl-en">visit_tm</span> <span class="pl-en">ff</span><span class="pl-c1">)</span> <span class="pl-en">bv</span> <span class="pl-k">in</span>
+      <span class="pl-c1">Pat_Wild</span> <span class="pl-en">bv</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Pat_Dot_Term</span> <span class="pl-en">bv</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-k">let</span> <span class="pl-en">bv</span> <span class="pl-c1">=</span> <span class="pl-en">on_sort_bv</span> <span class="pl-c1">(</span><span class="pl-en">visit_tm</span> <span class="pl-en">ff</span><span class="pl-c1">)</span> <span class="pl-en">bv</span> <span class="pl-k">in</span>
+      <span class="pl-k">let</span> <span class="pl-en">term</span> <span class="pl-c1">=</span> <span class="pl-en">visit_tm</span> <span class="pl-en">ff</span> <span class="pl-en">term</span> <span class="pl-k">in</span>
+      <span class="pl-c1">Pat_Dot_Term</span> <span class="pl-en">bv</span> <span class="pl-en">term</span>
+<span class="pl-k">and</span> <span class="pl-en">visit_comp</span> <span class="pl-c1">(</span><span class="pl-en">ff</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">c</span> <span class="pl-c1">:</span> <span class="pl-en">comp</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">comp</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">cv</span> <span class="pl-c1">=</span> <span class="pl-en">inspect_comp</span> <span class="pl-en">c</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">cv'</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">cv</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">C_Total</span> <span class="pl-en">ret</span> <span class="pl-en">decr</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">let</span> <span class="pl-en">ret</span> <span class="pl-c1">=</span> <span class="pl-en">visit_tm</span> <span class="pl-en">ff</span> <span class="pl-en">ret</span> <span class="pl-k">in</span>
+        <span class="pl-k">let</span> <span class="pl-en">decr</span> <span class="pl-c1">=</span> <span class="pl-en">map</span> <span class="pl-c1">(</span><span class="pl-en">visit_tm</span> <span class="pl-en">ff</span><span class="pl-c1">)</span> <span class="pl-en">decr</span> <span class="pl-k">in</span>
+        <span class="pl-c1">C_Total</span> <span class="pl-en">ret</span> <span class="pl-en">decr</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">C_GTotal</span> <span class="pl-en">ret</span> <span class="pl-en">decr</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">let</span> <span class="pl-en">ret</span> <span class="pl-c1">=</span> <span class="pl-en">visit_tm</span> <span class="pl-en">ff</span> <span class="pl-en">ret</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">decr</span> <span class="pl-c1">=</span> <span class="pl-en">map</span> <span class="pl-c1">(</span><span class="pl-en">visit_tm</span> <span class="pl-en">ff</span><span class="pl-c1">)</span> <span class="pl-en">decr</span> <span class="pl-k">in</span>
+    <span class="pl-c1">C_GTotal</span> <span class="pl-en">ret</span> <span class="pl-en">decr</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">C_Lemma</span> <span class="pl-en">pre</span> <span class="pl-en">post</span> <span class="pl-en">pats</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">let</span> <span class="pl-en">pre</span> <span class="pl-c1">=</span> <span class="pl-en">visit_tm</span> <span class="pl-en">ff</span> <span class="pl-en">pre</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">post</span> <span class="pl-c1">=</span> <span class="pl-en">visit_tm</span> <span class="pl-en">ff</span> <span class="pl-en">post</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">pats</span> <span class="pl-c1">=</span> <span class="pl-en">visit_tm</span> <span class="pl-en">ff</span> <span class="pl-en">pats</span> <span class="pl-k">in</span>
+    <span class="pl-c1">C_Lemma</span> <span class="pl-en">pre</span> <span class="pl-en">post</span> <span class="pl-en">pats</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre>  <span class="pl-c1">|</span> <span class="pl-c1">C_Eff</span> <span class="pl-en">us</span> <span class="pl-en">eff</span> <span class="pl-en">res</span> <span class="pl-en">args</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-k">let</span> <span class="pl-en">res</span> <span class="pl-c1">=</span> <span class="pl-en">visit_tm</span> <span class="pl-en">ff</span> <span class="pl-en">res</span> <span class="pl-k">in</span>
+      <span class="pl-k">let</span> <span class="pl-en">args</span> <span class="pl-c1">=</span> <span class="pl-en">map</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">,</span> <span class="pl-en">q</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">visit_tm</span> <span class="pl-en">ff</span> <span class="pl-en">a</span><span class="pl-c1">,</span> <span class="pl-en">q</span><span class="pl-c1">))</span> <span class="pl-en">args</span> <span class="pl-k">in</span>
+      <span class="pl-c1">C_Eff</span> <span class="pl-en">us</span> <span class="pl-en">eff</span> <span class="pl-en">res</span> <span class="pl-en">args</span>
+<span class="pl-k">in</span>
+<span class="pl-en">pack_comp</span> <span class="pl-en">cv'</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">destruct_list</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">head</span><span class="pl-c1">,</span> <span class="pl-en">args</span> <span class="pl-c1">=</span> <span class="pl-en">collect_app</span> <span class="pl-en">t</span> <span class="pl-k">in</span>
+    <span class="pl-k">match</span> <span class="pl-en">inspect_ln</span> <span class="pl-en">head</span><span class="pl-c1">,</span> <span class="pl-en">args</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-en">fv</span><span class="pl-c1">,</span> <span class="pl-c1">[(</span><span class="pl-en">a1</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">);</span> <span class="pl-c1">(</span><span class="pl-en">a2</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">)]</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-en">fv</span><span class="pl-c1">,</span> <span class="pl-c1">[(</span><span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Implicit</span><span class="pl-c1">);</span> <span class="pl-c1">(</span><span class="pl-en">a1</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">);</span> <span class="pl-c1">(</span><span class="pl-en">a2</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">)]</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-k">if</span> <span class="pl-en">inspect_fv</span> <span class="pl-en">fv</span> <span class="pl-c1">=</span> <span class="pl-en">cons_qn</span>
+      <span class="pl-k">then</span> <span class="pl-en">a1</span> <span class="pl-c1">::</span> <span class="pl-en">destruct_list</span> <span class="pl-en">a2</span>
+      <span class="pl-k">else</span> <span class="pl-en">raise</span> <span class="pl-c1">NotAListLiteral</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-en">fv</span><span class="pl-c1">,</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-k">if</span> <span class="pl-en">inspect_fv</span> <span class="pl-en">fv</span> <span class="pl-c1">=</span> <span class="pl-en">nil_qn</span>
+      <span class="pl-k">then</span> <span class="pl-c1">[]</span>
+      <span class="pl-k">else</span> <span class="pl-en">raise</span> <span class="pl-c1">NotAListLiteral</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">raise</span> <span class="pl-c1">NotAListLiteral</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">get_match_body</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-smi">FStar.Reflection.Formula.</span><span class="pl-en">unsquash</span> <span class="pl-c1">(</span><span class="pl-en">cur_goal</span> <span class="pl-c1">())</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span><span class="pl-pds">"</span></span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">match</span> <span class="pl-en">inspect</span> <span class="pl-en">t</span> <span class="pl-k">with</span>
+             <span class="pl-c1">|</span> <span class="pl-c1">Tv_Match</span> <span class="pl-en">sc</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">sc</span>
+             <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>Goal is not a match<span class="pl-pds">"</span></span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">last</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'a</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">x</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>last: empty list<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[</span><span class="pl-en">x</span><span class="pl-c1">]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">::</span><span class="pl-en">xs</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">last</span> <span class="pl-en">xs</span></pre></div>
+<h4>
+<a id="user-content-branch_on_match" class="anchor" href="#branch_on_match" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>branch_on_match</h4>
+<p>When the goal is <code>match e with | p1 -&gt; e1 ... | pn -&gt; en</code>,
+destruct it into <code>n</code> goals for each possible case, including an
+hypothesis for <code>e</code> matching the correposnding pattern.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">branch_on_match</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">focus</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-k">let</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">get_match_body</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+      <span class="pl-k">let</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-en">t_destruct</span> <span class="pl-en">x</span> <span class="pl-k">in</span>
+      <span class="pl-en">iterAll</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">let</span> <span class="pl-en">bs</span> <span class="pl-c1">=</span> <span class="pl-en">repeat</span> <span class="pl-en">intro</span> <span class="pl-k">in</span>
+        <span class="pl-k">let</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">last</span> <span class="pl-en">bs</span> <span class="pl-k">in</span> <span class="pl-c"><span class="pl-c">(*</span> this one is the equality <span class="pl-c">*)</span></span>
+        <span class="pl-en">grewrite_eq</span> <span class="pl-en">b</span><span class="pl-c1">;</span>
+        <span class="pl-en">norm</span> <span class="pl-c1">[</span><span class="pl-en">iota</span><span class="pl-c1">])</span>
+    <span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-nth_binder" class="anchor" href="#nth_binder" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>nth_binder</h4>
+<p>When the argument <code>i</code> is non-negative, <a href="#nth_binder"><code>nth_binder</code></a> grabs the nth
+binder in the current goal. When it is negative, it grabs the (-i-1)th
+binder counting from the end of the goal. That is, <code>nth_binder (-1)</code>
+will return the last binder, <code>nth_binder (-2)</code> the second to last, and
+so on.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">nth_binder</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">binder</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">bs</span> <span class="pl-c1">=</span> <span class="pl-en">cur_binders</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">k</span> <span class="pl-c1">:</span> <span class="pl-c1">int</span> <span class="pl-c1">=</span> <span class="pl-k">if</span> <span class="pl-en">i</span> &gt;<span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-en">i</span> <span class="pl-k">else</span> <span class="pl-smi">List.Tot.Base.</span><span class="pl-en">length</span> <span class="pl-en">bs</span> <span class="pl-c1">+</span> <span class="pl-en">i</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">k</span> <span class="pl-c1">:</span> <span class="pl-c1">nat</span> <span class="pl-c1">=</span> <span class="pl-k">if</span> <span class="pl-en">k</span> &lt; <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>not enough binders<span class="pl-pds">"</span></span> <span class="pl-k">else</span> <span class="pl-en">k</span> <span class="pl-k">in</span>
+  <span class="pl-k">match</span> <span class="pl-smi">List.Tot.Base.</span><span class="pl-en">nth</span> <span class="pl-en">bs</span> <span class="pl-en">k</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>not enough binders<span class="pl-pds">"</span></span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">exception</span> <span class="pl-c1">Appears</span></pre></div>
+<h4>
+<a id="user-content-name_appears_in" class="anchor" href="#name_appears_in" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>name_appears_in</h4>
+<p>Decides whether a top-level name <code>nm</code> syntactically
+appears in the term <code>t</code>.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">name_appears_in</span> <span class="pl-c1">(</span><span class="pl-en">nm</span><span class="pl-c1">:</span><span class="pl-en">name</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">ff</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">t</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-en">fv</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-k">if</span> <span class="pl-en">inspect_fv</span> <span class="pl-en">fv</span> <span class="pl-c1">=</span> <span class="pl-en">nm</span> <span class="pl-k">then</span>
+        <span class="pl-en">raise</span> <span class="pl-c1">Appears</span><span class="pl-c1">;</span>
+      <span class="pl-en">t</span>
+    <span class="pl-c1">|</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t</span>
+  <span class="pl-k">in</span>
+  <span class="pl-k">try</span> <span class="pl-en">ignore</span> <span class="pl-c1">(</span><span class="pl-en">visit_tm</span> <span class="pl-en">ff</span> <span class="pl-en">t</span><span class="pl-c1">);</span> <span class="pl-c1">false</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Appears</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">true</span>
+  <span class="pl-c1">|</span> <span class="pl-en">e</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">raise</span> <span class="pl-en">e</span></pre></div>
+<h4>
+<a id="user-content-mk_abs" class="anchor" href="#mk_abs" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>mk_abs</h4>
+<p><code>mk_abs </code>x1; ...; xn<code> t</code> returns the term <code>fun x1 ... xn -&gt; t</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">mk_abs</span> <span class="pl-c1">(</span><span class="pl-en">args</span> <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">binder</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">args</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">args</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t</span>
+  <span class="pl-c1">|</span> <span class="pl-en">a</span> <span class="pl-c1">::</span> <span class="pl-en">args'</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">let</span> <span class="pl-en">t'</span> <span class="pl-c1">=</span> <span class="pl-en">mk_abs</span> <span class="pl-en">args'</span> <span class="pl-en">t</span> <span class="pl-k">in</span>
+    <span class="pl-en">pack</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_Abs</span> <span class="pl-en">a</span> <span class="pl-en">t'</span><span class="pl-c1">)</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Tactics.Effect.html b/docs/FStar.Tactics.Effect.html
index 4dc1b26..3acb585 100644
--- a/docs/FStar.Tactics.Effect.html
+++ b/docs/FStar.Tactics.Effect.html
@@ -1,16 +1,169 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Tactics.Effect</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.tactics.effect">module FStar.Tactics.Effect</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstartacticseffect" class="anchor" href="#fstartacticseffect" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Tactics.Effect</h1>
+<ul>
+<li>Opens module <a href="FStar.Reflection.Types.html">FStar.Reflection.Types</a>
+</li>
+<li>Opens module <a href="FStar.Tactics.Types.html">FStar.Tactics.Types</a>
+</li>
+<li>Opens module <a href="FStar.Tactics.Result.html">FStar.Tactics.Result</a>
+</li>
+</ul>
+<p>This module is extracted, don't add any <code>assume val</code>s or extraction</p>
+<ul>
+<li>will break. (<code>synth_by_tactic</code> is fine)</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">__tac</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-en">proofstate</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">M</span> <span class="pl-c1">(</span><span class="pl-en">__result</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<p>monadic return</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">__ret</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">__tac</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">proofstate</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Success</span> <span class="pl-en">x</span> <span class="pl-en">s</span></pre></div>
+<p>monadic bind</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">__bind</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">r1</span> <span class="pl-en">r2</span><span class="pl-c1">:</span><span class="pl-en">range</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">t1</span><span class="pl-c1">:</span><span class="pl-en">__tac</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">t2</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">__tac</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">__tac</span> <span class="pl-en">b</span> <span class="pl-c1">=</span>
+    <span class="pl-k">fun</span> <span class="pl-en">ps</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">let</span> <span class="pl-en">ps</span> <span class="pl-c1">=</span> <span class="pl-en">set_proofstate_range</span> <span class="pl-en">ps</span> <span class="pl-c1">(</span><span class="pl-smi">FStar.Range.</span><span class="pl-en">prims_to_fstar_range</span> <span class="pl-en">r1</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+        <span class="pl-k">let</span> <span class="pl-en">ps</span> <span class="pl-c1">=</span> <span class="pl-en">incr_depth</span> <span class="pl-en">ps</span> <span class="pl-k">in</span>
+        <span class="pl-k">let</span> <span class="pl-en">r</span> <span class="pl-c1">=</span> <span class="pl-en">t1</span> <span class="pl-en">ps</span> <span class="pl-k">in</span>
+        <span class="pl-k">match</span> <span class="pl-en">r</span> <span class="pl-k">with</span>
+        <span class="pl-c1">|</span> <span class="pl-c1">Success</span> <span class="pl-en">a</span> <span class="pl-en">ps'</span> <span class="pl-c1">-&gt;</span>
+            <span class="pl-k">let</span> <span class="pl-en">ps'</span> <span class="pl-c1">=</span> <span class="pl-en">set_proofstate_range</span> <span class="pl-en">ps'</span> <span class="pl-c1">(</span><span class="pl-smi">FStar.Range.</span><span class="pl-en">prims_to_fstar_range</span> <span class="pl-en">r2</span><span class="pl-c1">)</span> <span class="pl-k">in</span></pre></div>
+<p>Force evaluation of __tracepoint q even on the interpreter</p>
+<div class="highlight highlight-source-fstar"><pre>    <span class="pl-k">begin</span> <span class="pl-k">match</span> <span class="pl-en">tracepoint</span> <span class="pl-en">ps'</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">true</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t2</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">decr_depth</span> <span class="pl-en">ps'</span><span class="pl-c1">)</span>
+    <span class="pl-k">end</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Failed</span> <span class="pl-en">e</span> <span class="pl-en">ps'</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Failed</span> <span class="pl-en">e</span> <span class="pl-en">ps'</span></pre></div>
+<p>Actions</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">__get</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-en">__tac</span> <span class="pl-en">proofstate</span> <span class="pl-c1">=</span> <span class="pl-k">fun</span> <span class="pl-en">s0</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Success</span> <span class="pl-en">s0</span> <span class="pl-en">s0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">__raise</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">e</span><span class="pl-c1">:</span><span class="pl-en">exn</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">__tac</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">ps</span><span class="pl-c1">:</span><span class="pl-en">proofstate</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Failed</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">e</span> <span class="pl-en">ps</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">__tac_wp</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">proofstate</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">__result</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type0</span></pre></div>
+<p>The DMFF-generated <code>bind_wp</code> doesn't the contain the "don't</p>
+<ul>
+<li>duplicate the post-condition" optimization, which causes VCs (for</li>
+<li>well-formedness of tactics) to blow up.</li>
+<li>
+</li>
+<li>Plus, we don't need to model the ranges and depths: they make no</li>
+<li>difference since the proofstate type is abstract and the SMT never</li>
+<li>sees a concrete one.</li>
+<li>
+</li>
+<li>So, override <code>bind_wp</code> for the effect with an efficient one.</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">g_bind</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp</span><span class="pl-c1">:</span><span class="pl-en">__tac_wp</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">__tac_wp</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-k">fun</span> <span class="pl-en">ps</span> <span class="pl-en">post</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">wp</span> <span class="pl-en">ps</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">m'</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">match</span> <span class="pl-en">m'</span> <span class="pl-k">with</span>
+                     <span class="pl-c1">|</span> <span class="pl-c1">Success</span> <span class="pl-en">a</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span> <span class="pl-en">a</span> <span class="pl-en">q</span> <span class="pl-en">post</span>
+                     <span class="pl-c1">|</span> <span class="pl-c1">Failed</span> <span class="pl-en">e</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">post</span> <span class="pl-c1">(</span><span class="pl-c1">Failed</span> <span class="pl-en">e</span> <span class="pl-en">q</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">g_compact</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp</span><span class="pl-c1">:</span><span class="pl-en">__tac_wp</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">__tac_wp</span> <span class="pl-en">a</span> <span class="pl-c1">=</span>
+    <span class="pl-k">fun</span> <span class="pl-en">ps</span> <span class="pl-en">post</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">forall</span> <span class="pl-en">k</span><span class="pl-c1">.</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">__result</span> <span class="pl-en">a</span><span class="pl-c1">).{:pattern</span> <span class="pl-c1">(</span><span class="pl-en">guard_free</span> <span class="pl-c1">(</span><span class="pl-en">k</span> <span class="pl-en">r</span><span class="pl-c1">))}</span> <span class="pl-en">post</span> <span class="pl-en">r</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">k</span> <span class="pl-en">r</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">wp</span> <span class="pl-en">ps</span> <span class="pl-en">k</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">__TAC_eff_override_bind_wp</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp</span><span class="pl-c1">:</span><span class="pl-en">__tac_wp</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">__tac_wp</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-en">g_compact</span> <span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">g_bind</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-en">wp</span> <span class="pl-en">f</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@ <span class="pl-en">dm4f_bind_range</span> <span class="pl-c1">]</span>
+<span class="pl-k">new_effect</span> <span class="pl-c1">{</span>
+  <span class="pl-c1">TAC</span> <span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Effect</span>
+  <span class="pl-k">with</span> <span class="pl-en">repr</span>     <span class="pl-c1">=</span> <span class="pl-en">__tac</span>
+     <span class="pl-c1">;</span> <span class="pl-en">bind</span>     <span class="pl-c1">=</span> <span class="pl-en">__bind</span>
+     <span class="pl-c1">;</span> <span class="pl-en">return</span>   <span class="pl-c1">=</span> <span class="pl-en">__ret</span>
+     <span class="pl-c1">;</span> <span class="pl-en">__raise</span>  <span class="pl-c1">=</span> <span class="pl-en">__raise</span>
+     <span class="pl-c1">;</span> <span class="pl-en">__get</span>    <span class="pl-c1">=</span> <span class="pl-en">__get</span>
+<span class="pl-c1">}</span></pre></div>
+<p>Hoare variant</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">effect</span> <span class="pl-c1">TacH</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">pre</span> <span class="pl-c1">:</span> <span class="pl-en">proofstate</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">(</span><span class="pl-en">post</span> <span class="pl-c1">:</span> <span class="pl-en">proofstate</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">__result</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">=</span>
+    <span class="pl-c1">TAC</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">ps</span> <span class="pl-en">post'</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">pre</span> <span class="pl-en">ps</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">r</span><span class="pl-c1">.</span> <span class="pl-en">post</span> <span class="pl-en">ps</span> <span class="pl-en">r</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">post'</span> <span class="pl-en">r</span><span class="pl-c1">))</span></pre></div>
+<p>"Total" variant</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">effect</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-c1">TacH</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span></pre></div>
+<p>Metaprograms that succeed</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">effect</span> <span class="pl-c1">TacS</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-c1">TacH</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">_ps</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Success</span><span class="pl-c1">?</span> <span class="pl-en">r</span><span class="pl-c1">))</span></pre></div>
+<p>A variant that doesn't prove totality (nor type safety!)</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">effect</span> <span class="pl-c1">TacF</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-c1">TacH</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">False</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">lift_div_tac</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">wp</span><span class="pl-c1">:</span><span class="pl-en">pure_wp</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">__tac_wp</span> <span class="pl-en">a</span> <span class="pl-c1">=</span>
+    <span class="pl-k">fun</span> <span class="pl-en">ps</span> <span class="pl-en">p</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">wp</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-c1">(</span><span class="pl-c1">Success</span> <span class="pl-en">x</span> <span class="pl-en">ps</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">sub_effect</span> <span class="pl-c1">DIV</span> <span class="pl-c1">~&gt;</span> <span class="pl-c1">TAC</span> <span class="pl-c1">=</span> <span class="pl-en">lift_div_tac</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">get</span> <span class="pl-c1">=</span> <span class="pl-c1">TAC</span><span class="pl-c1">?.</span><span class="pl-en">__get</span>
+<span class="pl-k">let</span> <span class="pl-en">raise</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">e</span><span class="pl-c1">:</span><span class="pl-en">exn</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">TAC</span><span class="pl-c1">?.</span><span class="pl-en">__raise</span> <span class="pl-en">a</span> <span class="pl-en">e</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">with_tactic</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span></pre></div>
+<p>This syntactic marker will generate a goal of the shape x == ?u for</p>
+<ul>
+<li>a new unification variable ?u, and run tactic <code>t</code> to solve this goal.</li>
+<li>If after running <code>t</code>, the uvar was solved and only trivial goals remain</li>
+<li>in the proofstate, then <code>rewrite_with_tactic t x</code> will be replaced</li>
+<li>by the solution of ?u</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">rewrite_with_tactic</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit)</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">a</span></pre></div>
+<p>This will run the tactic in order to (try to) produce a term of type</p>
+<ul>
+<li>t. Note that the type looks dangerous from a logical perspective. It</li>
+<li>should not lead to any inconsistency, however, as any time this term</li>
+<li>appears during typechecking, it is forced to be fully applied and the</li>
+<li>tactic is run. A failure of the tactic is a typechecking failure. It</li>
+<li>can be thought as a language construct, and not a real function.</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">synth_by_tactic</span> <span class="pl-c1">:</span> <span class="pl-c1">(#</span><span class="pl-en">t</span><span class="pl-c1">:Type)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">t</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">assert_by_tactic</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">unit</span>
+         <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">set_range_of</span> <span class="pl-c1">(</span><span class="pl-en">with_tactic</span> <span class="pl-en">t</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-en">p</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">range_of</span> <span class="pl-en">t</span><span class="pl-c1">)))</span>
+         <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">))</span></pre></div>
+<p>We don't peel off all <code>with_tactic</code>s in negative positions, so give</p>
+<ul>
+<li>the SMT a way to reason about them</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">by_tactic_seman</span> <span class="pl-c1">:</span> <span class="pl-en">tau</span><span class="pl-c1">:(unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">phi</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">with_tactic</span> <span class="pl-en">tau</span> <span class="pl-en">phi</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">phi</span><span class="pl-c1">)</span>
+                                                                  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">with_tactic</span> <span class="pl-en">tau</span> <span class="pl-en">phi</span><span class="pl-c1">)]</span></pre></div>
+<p>One can always bypass the well-formedness of metaprograms. It does</p>
+<ul>
+<li>not matter as they are only run at typechecking time, and if they get</li>
+<li>stuck, the compiler will simply raise an error.</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">assume_safe</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">tau</span><span class="pl-c1">:unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">TacF</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-k">admit</span> <span class="pl-c1">();</span> <span class="pl-en">tau</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">tac</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">b</span>
+<span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">tactic</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">tac</span> <span class="pl-c1">unit</span> <span class="pl-en">a</span></pre></div>
+<p>A hook to preprocess a definition before it is typechecked and</p>
+<ul>
+<li>elaborated. This attribute should be used for top-level lets. The</li>
+<li>tactic <code>tau</code> will be called on a quoting of the definition of the let</li>
+<li>(if many, once for each) and the result of the tactic will replace</li>
+<li>the definition. There are no goals involved, nor any proof obligation</li>
+<li>to be done by the tactic.</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">preprocess_with</span> <span class="pl-c1">(</span><span class="pl-en">tau</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">unit</span></pre></div>
+<p>A hook to postprocess a definition, after typechecking, and rewrite</p>
+<ul>
+<li>it into a (provably equal) shape chosen by the user. This can be used</li>
+<li>to implement custom transformations previous to extraction, such as</li>
+<li>selective inlining. When ran added to a definition <code>let x = E</code>, the</li>
+<li>
+<code>tau</code> metaprogram is presented with a goal of the shape <code>E == ?u</code> for</li>
+<li>a fresh uvar <code>?u</code>. The metaprogram should then both instantiate <code>?u</code>
+</li>
+<li>and prove the equality.</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">postprocess_with</span> <span class="pl-c1">(</span><span class="pl-en">tau</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">unit</span></pre></div>
+<p>Similar semantics to <code>postprocess_with</code>, but the metaprogram only</p>
+<ul>
+<li>runs before extraction, and hence typechecking and the logical</li>
+<li>environment should not be affected at all.</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">postprocess_for_extraction_with</span> <span class="pl-c1">(</span><span class="pl-en">tau</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">unit</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#set-options</span> "<span class="pl-s">--no_tactics</span>"</pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">unfold_with_tactic</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:Type)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">p</span><span class="pl-c1">)</span>
+          <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">with_tactic</span> <span class="pl-en">t</span> <span class="pl-en">p</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">unfold_rewrite_with_tactic</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit)</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">rewrite_with_tactic</span> <span class="pl-en">t</span> <span class="pl-en">p</span> <span class="pl-c1">==</span> <span class="pl-en">p</span><span class="pl-c1">)</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Tactics.Logic.html b/docs/FStar.Tactics.Logic.html
index 87208c0..bff848e 100644
--- a/docs/FStar.Tactics.Logic.html
+++ b/docs/FStar.Tactics.Logic.html
@@ -1,16 +1,266 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Tactics.Logic</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.tactics.logic">module FStar.Tactics.Logic</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstartacticslogic" class="anchor" href="#fstartacticslogic" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Tactics.Logic</h1>
+<ul>
+<li>Opens module <a href="FStar.Tactics.Effect.html">FStar.Tactics.Effect</a>
+</li>
+<li>Opens module <a href="FStar.Tactics.Builtins.html">FStar.Tactics.Builtins</a>
+</li>
+<li>Opens module <a href="FStar.Tactics.Derived.html">FStar.Tactics.Derived</a>
+</li>
+<li>Opens module <a href="FStar.Tactics.Util.html">FStar.Tactics.Util</a>
+</li>
+<li>Opens module <a href="FStar.Reflection.html">FStar.Reflection</a>
+</li>
+<li>Opens module <a href="FStar.Reflection.Formula.html">FStar.Reflection.Formula</a>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">cur_formula</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">formula</span> <span class="pl-c1">=</span> <span class="pl-en">term_as_formula</span> <span class="pl-c1">(</span><span class="pl-en">cur_goal</span> <span class="pl-c1">())</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">revert_squash</span> <span class="pl-c1">:</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">b</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">-&gt;</span>
+                            <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span>
+                            <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">revert_squash</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-en">s</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-c1">_</span><span class="pl-c1">:unit{</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">})</span> <span class="pl-c1">=</span> <span class="pl-en">s</span> <span class="pl-k">in</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">l_revert</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">revert</span> <span class="pl-c1">();</span>
+    <span class="pl-en">apply</span> <span class="pl-c1">(`</span><span class="pl-en">revert_squash</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">l_revert_all</span> <span class="pl-c1">(</span><span class="pl-en">bs</span><span class="pl-c1">:</span><span class="pl-en">binders</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">bs</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span>    <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">begin</span> <span class="pl-en">l_revert</span> <span class="pl-c1">();</span> <span class="pl-en">l_revert_all</span> <span class="pl-en">tl</span> <span class="pl-k">end</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">fa_intro_lem</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)))</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-smi">FStar.Classical.</span><span class="pl-en">lemma_forall_intro_gtot</span>
+    <span class="pl-c1">((</span><span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.IndefiniteDescription.</span><span class="pl-en">elim_squash</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">))</span> <span class="pl-c1">&lt;:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">forall_intro</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">binder</span> <span class="pl-c1">=</span>
+    <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">fa_intro_lem</span><span class="pl-c1">);</span>
+    <span class="pl-en">intro</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">forall_intro_as</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:string)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">binder</span> <span class="pl-c1">=</span>
+    <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">fa_intro_lem</span><span class="pl-c1">);</span>
+    <span class="pl-en">intro_as</span> <span class="pl-en">s</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">forall_intros</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">binders</span> <span class="pl-c1">=</span> <span class="pl-en">repeat1</span> <span class="pl-en">forall_intro</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">split_lem</span> <span class="pl-c1">:</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">-&gt;</span>
+                        <span class="pl-k">squash</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">/\</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">split_lem</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-en">sa</span> <span class="pl-en">sb</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">split</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-k">try</span> <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">split_lem</span><span class="pl-c1">)</span>
+    <span class="pl-k">with</span> <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>Could not split goal<span class="pl-pds">"</span></span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">imp_intro_lem</span> <span class="pl-c1">:</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">b</span> <span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">-&gt;</span>
+                            <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+                            <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">imp_intro_lem</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-en">f</span> <span class="pl-c1">=</span>
+  <span class="pl-smi">FStar.Classical.</span><span class="pl-en">give_witness</span> <span class="pl-c1">(</span><span class="pl-smi">FStar.Classical.</span><span class="pl-en">arrow_to_impl</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-k">squash</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Squash.</span><span class="pl-en">bind_squash</span> <span class="pl-en">x</span> <span class="pl-en">f</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">implies_intro</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">binder</span> <span class="pl-c1">=</span>
+    <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">imp_intro_lem</span><span class="pl-c1">);</span>
+    <span class="pl-en">intro</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">implies_intros</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">binders</span> <span class="pl-c1">=</span> <span class="pl-en">repeat1</span> <span class="pl-en">implies_intro</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">l_intro</span> <span class="pl-c1">()</span> <span class="pl-c1">=</span> <span class="pl-en">forall_intro</span> <span class="pl-c1">`</span><span class="pl-en">or_else</span><span class="pl-c1">`</span> <span class="pl-en">implies_intro</span>
+<span class="pl-k">let</span> <span class="pl-en">l_intros</span> <span class="pl-c1">()</span> <span class="pl-c1">=</span> <span class="pl-en">repeat</span> <span class="pl-en">l_intro</span></pre></div>
+<p>This should be next to mapply... bring mapply here?</p>
+<ul>
+<li>Or make a separate module?</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mintro</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">binder</span> <span class="pl-c1">=</span>
+    <span class="pl-en">first</span> <span class="pl-c1">[</span><span class="pl-en">intro</span><span class="pl-c1">;</span> <span class="pl-en">implies_intro</span><span class="pl-c1">;</span> <span class="pl-en">forall_intro</span><span class="pl-c1">;</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>cannot intro<span class="pl-pds">"</span></span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mintros</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-en">binder</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-en">repeat</span> <span class="pl-en">mintro</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">squash_intro</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">apply</span> <span class="pl-c1">(`</span><span class="pl-smi">FStar.Squash.</span><span class="pl-en">return_squash</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">l_exact</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-k">try</span> <span class="pl-en">exact</span> <span class="pl-en">t</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">squash_intro</span> <span class="pl-c1">();</span> <span class="pl-en">exact</span> <span class="pl-en">t</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">hyp</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">binder</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span> <span class="pl-en">l_exact</span> <span class="pl-c1">(</span><span class="pl-en">binder_to_term</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">__lemma_to_squash</span> <span class="pl-c1">#</span><span class="pl-en">req</span> <span class="pl-c1">#</span><span class="pl-en">ens</span> <span class="pl-c1">(</span><span class="pl-c1">_</span> <span class="pl-c1">:</span> <span class="pl-k">squash</span> <span class="pl-en">req</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">:</span> <span class="pl-c1">(unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">req</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">ens</span><span class="pl-c1">)))</span> <span class="pl-c1">:</span> <span class="pl-k">squash</span> <span class="pl-en">ens</span> <span class="pl-c1">=</span>
+  <span class="pl-en">h</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">pose_lemma</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">binder</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">tcc</span> <span class="pl-c1">(</span><span class="pl-en">cur_env</span> <span class="pl-c1">())</span> <span class="pl-en">t</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">pre</span><span class="pl-c1">,</span> <span class="pl-en">post</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">inspect_comp</span> <span class="pl-en">c</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">C_Lemma</span> <span class="pl-en">pre</span> <span class="pl-en">post</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">pre</span><span class="pl-c1">,</span> <span class="pl-en">post</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span><span class="pl-pds">"</span></span>
+  <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">post</span> <span class="pl-c1">=</span> <span class="pl-c1">`((`#</span><span class="pl-en">post</span><span class="pl-c1">)</span> <span class="pl-c1">())</span> <span class="pl-k">in</span> <span class="pl-c"><span class="pl-c">(*</span> unthunk <span class="pl-c">*)</span></span>
+  <span class="pl-k">let</span> <span class="pl-en">post</span> <span class="pl-c1">=</span> <span class="pl-en">norm_term</span> <span class="pl-c1">[]</span> <span class="pl-en">post</span> <span class="pl-k">in</span></pre></div>
+<p>If the precondition is trivial, do not cut by it</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">match</span> <span class="pl-en">term_as_formula'</span> <span class="pl-en">pre</span> <span class="pl-k">with</span>
+<span class="pl-c1">|</span> <span class="pl-c1">True_</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-en">pose</span> <span class="pl-c1">(`(</span><span class="pl-en">__lemma_to_squash</span> <span class="pl-c1">#(`#</span><span class="pl-en">pre</span><span class="pl-c1">)</span> <span class="pl-c1">#(`#</span><span class="pl-en">post</span><span class="pl-c1">)</span> <span class="pl-c1">()</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(`#</span><span class="pl-en">t</span><span class="pl-c1">))))</span>
+<span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-k">let</span> <span class="pl-en">reqb</span> <span class="pl-c1">=</span> <span class="pl-en">tcut</span> <span class="pl-c1">(`</span><span class="pl-k">squash</span> <span class="pl-c1">(`#</span><span class="pl-en">pre</span><span class="pl-c1">))</span> <span class="pl-k">in</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">pose</span> <span class="pl-c1">(`(</span><span class="pl-en">__lemma_to_squash</span> <span class="pl-c1">#(`#</span><span class="pl-en">pre</span><span class="pl-c1">)</span> <span class="pl-c1">#(`#</span><span class="pl-en">post</span><span class="pl-c1">)</span> <span class="pl-c1">(`#(</span><span class="pl-en">binder_to_term</span> <span class="pl-en">reqb</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(`#</span><span class="pl-en">t</span><span class="pl-c1">))))</span> <span class="pl-k">in</span>
+<span class="pl-en">flip</span> <span class="pl-c1">();</span>
+<span class="pl-en">ignore</span> <span class="pl-c1">(</span><span class="pl-en">trytac</span> <span class="pl-en">trivial</span><span class="pl-c1">);</span>
+<span class="pl-en">b</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">explode</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">ignore</span> <span class="pl-c1">(</span>
+    <span class="pl-en">repeatseq</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">first</span> <span class="pl-c1">[(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">ignore</span> <span class="pl-c1">(</span><span class="pl-en">l_intro</span> <span class="pl-c1">()));</span>
+                                <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">ignore</span> <span class="pl-c1">(</span><span class="pl-en">split</span> <span class="pl-c1">()))]))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">visit</span> <span class="pl-c1">(</span><span class="pl-en">callback</span><span class="pl-c1">:unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">focus</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span>
+            <span class="pl-en">or_else</span> <span class="pl-en">callback</span>
+                   <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span>
+                    <span class="pl-k">let</span> <span class="pl-en">g</span> <span class="pl-c1">=</span> <span class="pl-en">cur_goal</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+                    <span class="pl-k">match</span> <span class="pl-en">term_as_formula</span> <span class="pl-en">g</span> <span class="pl-k">with</span>
+                    <span class="pl-c1">|</span> <span class="pl-c1">Forall</span> <span class="pl-en">b</span> <span class="pl-en">phi</span> <span class="pl-c1">-&gt;</span>
+                        <span class="pl-k">let</span> <span class="pl-en">binders</span> <span class="pl-c1">=</span> <span class="pl-en">forall_intros</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+                        <span class="pl-en">seq</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">visit</span> <span class="pl-en">callback</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l_revert_all</span> <span class="pl-en">binders</span><span class="pl-c1">)</span>
+                    <span class="pl-c1">|</span> <span class="pl-c1">And</span> <span class="pl-en">p</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span>
+                        <span class="pl-en">seq</span> <span class="pl-en">split</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">visit</span> <span class="pl-en">callback</span><span class="pl-c1">)</span>
+                    <span class="pl-c1">|</span> <span class="pl-c1">Implies</span> <span class="pl-en">p</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span>
+                        <span class="pl-k">let</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-en">implies_intro</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+                        <span class="pl-en">seq</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">visit</span> <span class="pl-en">callback</span><span class="pl-c1">)</span> <span class="pl-en">l_revert</span>
+                    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+                        <span class="pl-c1">()</span>
+                   <span class="pl-c1">)</span>
+          <span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">simplify_eq_implication</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">e</span> <span class="pl-c1">=</span> <span class="pl-en">cur_env</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">g</span> <span class="pl-c1">=</span> <span class="pl-en">cur_goal</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">r</span> <span class="pl-c1">=</span> <span class="pl-en">destruct_equality_implication</span> <span class="pl-en">g</span> <span class="pl-k">in</span>
+    <span class="pl-k">match</span> <span class="pl-en">r</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>Not an equality implication<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-c1">(</span><span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-en">rhs</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">let</span> <span class="pl-en">eq_h</span> <span class="pl-c1">=</span> <span class="pl-en">implies_intro</span> <span class="pl-c1">()</span> <span class="pl-k">in</span> <span class="pl-c">// G, eq_h:x=e |- P</span>
+        <span class="pl-en">rewrite</span> <span class="pl-en">eq_h</span><span class="pl-c1">;</span> <span class="pl-c">// G, eq_h:x=e |- P[e/x]</span>
+        <span class="pl-en">clear_top</span> <span class="pl-c1">();</span> <span class="pl-c">// G |- P[e/x]</span>
+        <span class="pl-en">visit</span> <span class="pl-en">simplify_eq_implication</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">rewrite_all_equalities</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">visit</span> <span class="pl-en">simplify_eq_implication</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">unfold_definition_and_simplify_eq</span> <span class="pl-c1">(</span><span class="pl-en">tm</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">g</span> <span class="pl-c1">=</span> <span class="pl-en">cur_goal</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+    <span class="pl-k">match</span> <span class="pl-en">term_as_formula</span> <span class="pl-en">g</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">App</span> <span class="pl-en">hd</span> <span class="pl-en">arg</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">if</span> <span class="pl-en">term_eq</span> <span class="pl-en">hd</span> <span class="pl-en">tm</span>
+        <span class="pl-k">then</span> <span class="pl-en">trivial</span> <span class="pl-c1">()</span>
+        <span class="pl-k">else</span> <span class="pl-c1">()</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">begin</span>
+        <span class="pl-k">let</span> <span class="pl-en">r</span> <span class="pl-c1">=</span> <span class="pl-en">destruct_equality_implication</span> <span class="pl-en">g</span> <span class="pl-k">in</span>
+        <span class="pl-k">match</span> <span class="pl-en">r</span> <span class="pl-k">with</span>
+        <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>Not an equality implication<span class="pl-pds">"</span></span>
+        <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-c1">(</span><span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-en">rhs</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+            <span class="pl-k">let</span> <span class="pl-en">eq_h</span> <span class="pl-c1">=</span> <span class="pl-en">implies_intro</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+            <span class="pl-en">rewrite</span> <span class="pl-en">eq_h</span><span class="pl-c1">;</span>
+            <span class="pl-en">clear_top</span> <span class="pl-c1">();</span>
+            <span class="pl-en">visit</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">unfold_definition_and_simplify_eq</span> <span class="pl-en">tm</span><span class="pl-c1">)</span>
+        <span class="pl-k">end</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">vbind</span> <span class="pl-c1">:</span> <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:Type)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">q</span><span class="pl-c1">:Type)</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-en">p</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-en">q</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-en">q</span>
+<span class="pl-k">let</span> <span class="pl-en">vbind</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">#</span><span class="pl-en">q</span> <span class="pl-en">sq</span> <span class="pl-en">f</span> <span class="pl-c1">=</span> <span class="pl-smi">FStar.Classical.</span><span class="pl-en">give_witness_from_squash</span> <span class="pl-c1">(</span><span class="pl-smi">FStar.Squash.</span><span class="pl-en">bind_squash</span> <span class="pl-en">sq</span> <span class="pl-en">f</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">unsquash</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">v</span> <span class="pl-c1">=</span> <span class="pl-c1">`</span><span class="pl-en">vbind</span> <span class="pl-k">in</span>
+    <span class="pl-en">apply_lemma</span> <span class="pl-c1">(</span><span class="pl-en">mk_e_app</span> <span class="pl-en">v</span> <span class="pl-c1">[</span><span class="pl-en">t</span><span class="pl-c1">]);</span>
+    <span class="pl-k">let</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">intro</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+    <span class="pl-en">pack_ln</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_Var</span> <span class="pl-c1">(</span><span class="pl-en">bv_of_binder</span> <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">or_ind</span> <span class="pl-c1">:</span> <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:Type)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">q</span><span class="pl-c1">:Type)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">phi</span><span class="pl-c1">:Type)</span> <span class="pl-c1">-&gt;</span>
+                     <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">\/</span> <span class="pl-en">q</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+                     <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">phi</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span>
+                     <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">q</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">phi</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span>
+                     <span class="pl-c1">Lemma</span> <span class="pl-en">phi</span>
+<span class="pl-k">let</span> <span class="pl-en">or_ind</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">#</span><span class="pl-en">q</span> <span class="pl-c1">#</span><span class="pl-en">phi</span> <span class="pl-en">o</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">cases_or</span> <span class="pl-c1">(</span><span class="pl-en">o</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">apply_lemma</span> <span class="pl-c1">(</span><span class="pl-en">mk_e_app</span> <span class="pl-c1">(`</span><span class="pl-en">or_ind</span><span class="pl-c1">)</span> <span class="pl-c1">[</span><span class="pl-en">o</span><span class="pl-c1">])</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">bool_ind</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">phi</span><span class="pl-c1">:Type)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">==</span> <span class="pl-c1">true</span>  <span class="pl-c1">==&gt;</span> <span class="pl-en">phi</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span>
+                                                 <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">==</span> <span class="pl-c1">false</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">phi</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span>
+                                                 <span class="pl-c1">Lemma</span> <span class="pl-en">phi</span>
+<span class="pl-k">let</span> <span class="pl-en">bool_ind</span> <span class="pl-en">b</span> <span class="pl-en">phi</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">cases_bool</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">bi</span> <span class="pl-c1">=</span> <span class="pl-c1">`</span><span class="pl-en">bool_ind</span> <span class="pl-k">in</span>
+    <span class="pl-en">seq</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">apply_lemma</span> <span class="pl-c1">(</span><span class="pl-en">mk_e_app</span> <span class="pl-en">bi</span> <span class="pl-c1">[</span><span class="pl-en">b</span><span class="pl-c1">]))</span>
+        <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">let</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-en">trytac</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">let</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">implies_intro</span> <span class="pl-c1">()</span> <span class="pl-k">in</span> <span class="pl-en">rewrite</span> <span class="pl-en">b</span><span class="pl-c1">;</span> <span class="pl-en">clear_top</span> <span class="pl-c1">())</span> <span class="pl-k">in</span> <span class="pl-c1">())</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">or_intro_1</span> <span class="pl-c1">:</span> <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:Type)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">q</span><span class="pl-c1">:Type)</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-en">p</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">\/</span> <span class="pl-en">q</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">or_intro_1</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">#</span><span class="pl-en">q</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">or_intro_2</span> <span class="pl-c1">:</span> <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:Type)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">q</span><span class="pl-c1">:Type)</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">\/</span> <span class="pl-en">q</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">or_intro_2</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">#</span><span class="pl-en">q</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">left</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">or_intro_1</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">right</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">or_intro_2</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">__and_elim</span> <span class="pl-c1">:</span> <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:Type)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">q</span><span class="pl-c1">:Type)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">phi</span><span class="pl-c1">:Type)</span> <span class="pl-c1">-&gt;</span>
+                              <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">/\</span> <span class="pl-en">q</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+                              <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">q</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">phi</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+                              <span class="pl-c1">Lemma</span> <span class="pl-en">phi</span>
+<span class="pl-k">let</span> <span class="pl-en">__and_elim</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">#</span><span class="pl-en">q</span> <span class="pl-c1">#</span><span class="pl-en">phi</span> <span class="pl-en">p_and_q</span> <span class="pl-en">f</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">__and_elim'</span> <span class="pl-c1">:</span> <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:Type)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">q</span><span class="pl-c1">:Type)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">phi</span><span class="pl-c1">:Type)</span> <span class="pl-c1">-&gt;</span>
+                              <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">/\</span> <span class="pl-en">q</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+                              <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">q</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">phi</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+                              <span class="pl-c1">Lemma</span> <span class="pl-en">phi</span>
+<span class="pl-k">let</span> <span class="pl-en">__and_elim'</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">#</span><span class="pl-en">q</span> <span class="pl-c1">#</span><span class="pl-en">phi</span> <span class="pl-en">p_and_q</span> <span class="pl-en">f</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">and_elim</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-k">begin</span>
+     <span class="pl-k">try</span> <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`(</span><span class="pl-en">__and_elim</span> <span class="pl-c1">(`#</span><span class="pl-en">t</span><span class="pl-c1">)))</span>
+     <span class="pl-k">with</span> <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`(</span><span class="pl-en">__and_elim'</span> <span class="pl-c1">(`#</span><span class="pl-en">t</span><span class="pl-c1">)))</span>
+    <span class="pl-k">end</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">destruct_and</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">binder</span> * <span class="pl-en">binder</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-en">and_elim</span> <span class="pl-en">t</span><span class="pl-c1">;</span>
+    <span class="pl-c1">(</span><span class="pl-en">implies_intro</span> <span class="pl-c1">(),</span> <span class="pl-en">implies_intro</span> <span class="pl-c1">())</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">__witness</span> <span class="pl-c1">:</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+<span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">__witness</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">x</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">witness</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">apply_raw</span> <span class="pl-c1">(`</span><span class="pl-en">__witness</span><span class="pl-c1">);</span>
+    <span class="pl-en">exact</span> <span class="pl-en">t</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">__elim_exists'</span> <span class="pl-c1">#</span><span class="pl-en">t</span> <span class="pl-c1">(#</span><span class="pl-en">pred</span> <span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">#</span><span class="pl-en">goal</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">pred</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+                          <span class="pl-c1">(</span><span class="pl-en">k</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">pred</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-en">goal</span><span class="pl-c1">))</span> <span class="pl-c1">:</span> <span class="pl-k">squash</span> <span class="pl-en">goal</span> <span class="pl-c1">=</span>
+  <span class="pl-smi">FStar.Squash.</span><span class="pl-en">bind_squash</span> <span class="pl-c1">#(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-c1">&amp;</span> <span class="pl-en">pred</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-en">h</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(|</span><span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-en">pf</span><span class="pl-c1">|)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">k</span> <span class="pl-en">x</span> <span class="pl-en">pf</span><span class="pl-c1">)</span></pre></div>
+<p>returns witness and proof as binders</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">elim_exists</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">binder</span> <span class="pl-c1">&amp;</span> <span class="pl-en">binder</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`(</span><span class="pl-en">__elim_exists'</span> <span class="pl-c1">(`#(</span><span class="pl-en">t</span><span class="pl-c1">))));</span>
+  <span class="pl-k">let</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">intro</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">pf</span> <span class="pl-c1">=</span> <span class="pl-en">intro</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-en">pf</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">__forall_inst</span> <span class="pl-c1">#</span><span class="pl-en">t</span> <span class="pl-c1">(#</span><span class="pl-en">pred</span> <span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">pred</span> <span class="pl-en">x</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">pred</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-c1">()</span></pre></div>
+<p>GM: annoying that this doesn't just work by SMT</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">__forall_inst_sq</span> <span class="pl-c1">#</span><span class="pl-en">t</span> <span class="pl-c1">(#</span><span class="pl-en">pred</span> <span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">(</span><span class="pl-en">h</span> <span class="pl-c1">:</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">pred</span> <span class="pl-en">x</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">pred</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-smi">FStar.Squash.</span><span class="pl-en">bind_squash</span> <span class="pl-en">h</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">pred</span> <span class="pl-en">x</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">__forall_inst</span> <span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">instantiate</span> <span class="pl-c1">(</span><span class="pl-en">fa</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">binder</span> <span class="pl-c1">=</span>
+    <span class="pl-k">try</span> <span class="pl-en">pose</span> <span class="pl-c1">(`</span><span class="pl-en">__forall_inst_sq</span> <span class="pl-c1">(`#</span><span class="pl-en">fa</span><span class="pl-c1">)</span> <span class="pl-c1">(`#</span><span class="pl-en">x</span><span class="pl-c1">))</span> <span class="pl-k">with</span> <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">try</span> <span class="pl-en">pose</span> <span class="pl-c1">(`</span><span class="pl-en">__forall_inst</span> <span class="pl-c1">(`#</span><span class="pl-en">fa</span><span class="pl-c1">)</span> <span class="pl-c1">(`#</span><span class="pl-en">x</span><span class="pl-c1">))</span> <span class="pl-k">with</span> <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>could not instantiate<span class="pl-pds">"</span></span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">sklem0</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">p</span> <span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">($</span><span class="pl-en">v</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">phi</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">:</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-en">x</span><span class="pl-c1">.</span> <span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">phi</span><span class="pl-c1">))</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">phi</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">sk_binder'</span> <span class="pl-c1">(</span><span class="pl-en">acc</span><span class="pl-c1">:</span><span class="pl-en">binders</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">binder</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">binders</span> * <span class="pl-en">binder</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">focus</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">try</span>
+      <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`(</span><span class="pl-en">sklem0</span> <span class="pl-c1">(`#(</span><span class="pl-en">binder_to_term</span> <span class="pl-en">b</span><span class="pl-c1">))));</span>
+      <span class="pl-k">if</span> <span class="pl-en">ngoals</span> <span class="pl-c1">()</span> &lt;&gt; <span class="pl-c1">1</span> <span class="pl-k">then</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>no<span class="pl-pds">"</span></span><span class="pl-c1">;</span>
+      <span class="pl-en">clear</span> <span class="pl-en">b</span><span class="pl-c1">;</span>
+      <span class="pl-k">let</span> <span class="pl-en">bx</span> <span class="pl-c1">=</span> <span class="pl-en">forall_intro</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+      <span class="pl-k">let</span> <span class="pl-en">b'</span> <span class="pl-c1">=</span> <span class="pl-en">implies_intro</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+      <span class="pl-en">sk_binder'</span> <span class="pl-c1">(</span><span class="pl-en">bx</span><span class="pl-c1">::</span><span class="pl-en">acc</span><span class="pl-c1">)</span> <span class="pl-en">b'</span> <span class="pl-c"><span class="pl-c">(*</span> We might have introduced a new existential, so possibly recurse <span class="pl-c">*)</span></span>
+    <span class="pl-k">with</span> <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">acc</span><span class="pl-c1">,</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c"><span class="pl-c">(*</span> If the above failed, just return <span class="pl-c">*)</span></span>
+  <span class="pl-c1">)</span></pre></div>
+<p>Skolemizes a given binder for an existential, returning the introduced new binders</p>
+<ul>
+<li>and the skolemized formula.</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">sk_binder</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">sk_binder'</span> <span class="pl-c1">[]</span> <span class="pl-en">b</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">skolem</span> <span class="pl-c1">()</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">bs</span> <span class="pl-c1">=</span> <span class="pl-en">binders_of_env</span> <span class="pl-c1">(</span><span class="pl-en">cur_env</span> <span class="pl-c1">())</span> <span class="pl-k">in</span>
+  <span class="pl-en">map</span> <span class="pl-en">sk_binder</span> <span class="pl-en">bs</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">val</span> <span class="pl-en">lemma_from_squash</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:(</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+<span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">lemma_from_squash</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-k">in</span> <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">easy_fill</span> <span class="pl-c1">()</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-en">repeat</span> <span class="pl-en">intro</span> <span class="pl-k">in</span></pre></div>
+<p>If the goal is <code>a -&gt; Lemma b</code>, intro will fail, try to use this switch</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-en">trytac</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">apply</span> <span class="pl-c1">(`</span><span class="pl-en">lemma_from_squash</span><span class="pl-c1">);</span> <span class="pl-en">intro</span> <span class="pl-c1">())</span> <span class="pl-k">in</span>
+<span class="pl-en">smt</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">easy</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#[</span><span class="pl-en">easy_fill</span> <span class="pl-c1">()]</span> <span class="pl-c1">_</span> <span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span>
+<span class="pl-k">let</span> <span class="pl-en">easy</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">x</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Tactics.PatternMatching.html b/docs/FStar.Tactics.PatternMatching.html
index 4dd2f92..7f6ff31 100644
--- a/docs/FStar.Tactics.PatternMatching.html
+++ b/docs/FStar.Tactics.PatternMatching.html
@@ -1,112 +1,843 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Tactics.PatternMatching</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.tactics.patternmatching">module FStar.Tactics.PatternMatching</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((mustfail #a (t:Unidentified product: [<span class="dt">unit</span>] (Tac a)) (message:<span class="dt">string</span>)):(Tac <span class="dt">unit</span>)):<span class="kw">match</span> trytac t <span class="kw">with</span> (Some _)  -&gt; fail message | None  -&gt; ()</code></pre></div>
+<blockquote>
+<h1>
+<a id="user-content-pattern-matching-tactics" class="anchor" href="#pattern-matching-tactics" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>==========================
+Pattern-matching tactics</h1>
+<p>:Author: Clément Pit-Claudel
+:Contact: <a href="mailto:clement.pitclaudel@live.com">clement.pitclaudel@live.com</a>
+:Date: 2017-10-13</p>
+</blockquote>
+<h1>
+<a id="user-content-fstartacticspatternmatching" class="anchor" href="#fstartacticspatternmatching" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Tactics.PatternMatching</h1>
+<ul>
+<li>Opens module <a href="FStar.Tactics.html">FStar.Tactics</a>
+</li>
+</ul>
+<blockquote>
+<h1>
+<a id="user-content-contents" class="anchor" href="#contents" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Contents</h1>
+<p>1  Contents
+2  Motivation
+3  Some utility functions
+4  Pattern types
+5  Pattern matching exceptions
+5.1  Types of exceptions
+5.2  The exception monad
+5.3  Liftings
+6  Pattern interpretation
+7  Pattern-matching problems
+7.1  Definitions
+7.2  Resolution
+8  A DSL for pattern-matching
+8.1  Pattern notations
+8.2  Problem notations
+8.3  Continuations
+9  Putting it all together
+10  Examples
+10.1  Simple examples
+10.2  A real-life example
+11  Possible extensions
+12  Notes</p>
+<h1>
+<a id="user-content-motivation" class="anchor" href="#motivation" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Motivation</h1>
+<p>Suppose you have a goal of the form <code>squash (a == b)</code>.  How do you capture
+<code>a</code> and <code>b</code> for further inspection?</p>
+<p>Here's a basic (but cumbersome!) implementation:</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">fetch_eq_side</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">term</span> * <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">g</span> <span class="pl-c1">=</span> <span class="pl-en">cur_goal</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+  <span class="pl-k">match</span> <span class="pl-en">inspect</span> <span class="pl-en">g</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_App</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">g</span><span class="pl-c1">,</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-k">match</span> <span class="pl-en">inspect</span> <span class="pl-k">squash</span> <span class="pl-k">with</span>
+     <span class="pl-c1">|</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-k">squash</span> <span class="pl-c1">-&gt;</span>
+       <span class="pl-k">if</span> <span class="pl-en">fv_to_string</span> <span class="pl-k">squash</span> <span class="pl-c1">=</span> <span class="pl-en">flatten_name</span> <span class="pl-en">squash_qn</span> <span class="pl-k">then</span>
+         <span class="pl-c1">(</span><span class="pl-k">match</span> <span class="pl-en">inspect</span> <span class="pl-en">g</span> <span class="pl-k">with</span>
+          <span class="pl-c1">|</span> <span class="pl-c1">Tv_App</span> <span class="pl-en">eq_type_x</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">,</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+            <span class="pl-c1">(</span><span class="pl-k">match</span> <span class="pl-en">inspect</span> <span class="pl-en">eq_type_x</span> <span class="pl-k">with</span>
+             <span class="pl-c1">|</span> <span class="pl-c1">Tv_App</span> <span class="pl-en">eq_type</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+               <span class="pl-c1">(</span><span class="pl-k">match</span> <span class="pl-en">inspect</span> <span class="pl-en">eq_type</span> <span class="pl-k">with</span>
+                <span class="pl-c1">|</span> <span class="pl-c1">Tv_App</span> <span class="pl-en">eq</span> <span class="pl-c1">(</span><span class="pl-en">typ</span><span class="pl-c1">,</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+                  <span class="pl-c1">(</span><span class="pl-k">match</span> <span class="pl-en">inspect</span> <span class="pl-en">eq</span> <span class="pl-k">with</span>
+                   <span class="pl-c1">|</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-en">eq</span> <span class="pl-c1">-&gt;</span>
+                     <span class="pl-k">if</span> <span class="pl-en">fv_to_string</span> <span class="pl-en">eq</span> <span class="pl-c1">=</span> <span class="pl-en">flatten_name</span> <span class="pl-en">eq2_qn</span> <span class="pl-k">then</span>
+                       <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+                     <span class="pl-k">else</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>not an equality<span class="pl-pds">"</span></span>
+                   <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>not an app2 of fvar: <span class="pl-pds">"</span></span><span class="pl-c1">)</span>
+                <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>not an app3<span class="pl-pds">"</span></span><span class="pl-c1">)</span>
+             <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>not an app2<span class="pl-pds">"</span></span><span class="pl-c1">)</span>
+          <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>not an app under squash<span class="pl-pds">"</span></span><span class="pl-c1">)</span>
+       <span class="pl-k">else</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>not a squash<span class="pl-pds">"</span></span>
+     <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>not an app of fvar at top level<span class="pl-pds">"</span></span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>not an app at top level<span class="pl-pds">"</span></span></pre></div>
+<blockquote>
+<p>…and here's how you could use it:</p>
+</blockquote>
+<p>let _ =</p>
+<p>assert_by_tactic (1 + 1 == 2)</p>
+<p>(fun () -&gt; let l, r = fetch_eq_side () in</p>
+<p>print (term_to_string l ^ " / " ^ term_to_string r))</p>
+<blockquote>
+<p>This file defines pattern-matching primitives that let you write the same
+thing like this…</p>
+<p>.. code:: fstar</p>
+<p>let fetch_eq_side' #a () : Tac (term * term) =
+gpm (fun (left right: a) (g: pm_goal (squash (left == right))) -&gt;
+(quote left, quote right) &lt;: Tac (term * term))</p>
+<p>let _ =
+assert_by_tactic (1 + 1 == 2)
+(fun () -&gt; let l, r = fetch_eq_side' #int () in
+print (term_to_string l ^ " / " ^ term_to_string r))</p>
+<p>…or, more succinctly, like this:</p>
+<p>.. code:: fstar</p>
+<p>let _ =
+assert_by_tactic (1 + 1 == 2)
+(gpm (fun (left right: int) (g: pm_goal (squash (left == right))) -&gt;
+let l, r = quote left, quote right in
+print (term_to_string l ^ " / " ^ term_to_string r) &lt;: Tac unit))</p>
+</blockquote>
+<p>Many of the tactics are written in the <code>Tac</code> effect, which isn't
+well-supported in SMT.  FIXME: remove this once <code>Tac</code> is marked as a stable
+effect.
+GM: Tac is now stable, but some VCs are still tough on z3, so there are a few admit()s.</p>
+<blockquote>
+<h1>
+<a id="user-content-some-utility-functions" class="anchor" href="#some-utility-functions" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Some utility functions</h1>
+<p>(Skip over this part on a quick read — these are just convenience functions)</p>
+</blockquote>
+<h4>
+<a id="user-content-mustfail" class="anchor" href="#mustfail" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>mustfail</h4>
 <p>Ensure that tactic <code>t</code> fails. *</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((exact_hyp (a:Type0) (h:binder)):(Tac <span class="dt">unit</span>)):<span class="kw">let</span>  hd = quote ((FStar<span class="kw">.</span>Squash<span class="kw">.</span>return_squash #a)) <span class="kw">in</span> exact (mk_app hd (Prims<span class="kw">.</span>Cons ((FStar<span class="kw">.</span>Pervasives<span class="kw">.</span>Native<span class="kw">.</span>Mktuple2 (pack ((Tv_Var (bv_of_binder h)))) Q_Explicit)) (Prims<span class="kw">.</span>Nil )))</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mustfail</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">message</span><span class="pl-c1">:</span> <span class="pl-c1">string)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">trytac</span> <span class="pl-en">t</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-en">message</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span></pre></div>
+<blockquote>
+<p>The following two tactics are needed because of issues with the <code>Tac</code>
+effect.</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">implies_intro'</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-en">implies_intro</span> <span class="pl-c1">()</span> <span class="pl-k">in</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">repeat'</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-en">repeat</span> <span class="pl-en">f</span> <span class="pl-k">in</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">and_elim'</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-en">binder</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+  <span class="pl-en">and_elim</span> <span class="pl-c1">(</span><span class="pl-en">pack</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_Var</span> <span class="pl-c1">(</span><span class="pl-en">bv_of_binder</span> <span class="pl-en">h</span><span class="pl-c1">)));</span>
+  <span class="pl-en">clear</span> <span class="pl-en">h</span></pre></div>
+<h4>
+<a id="user-content-exact_hyp" class="anchor" href="#exact_hyp" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>exact_hyp</h4>
 <p>Use a hypothesis at type a to satisfy a goal at type squash a</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((exact_hyp&#39; (h:binder)):(Tac <span class="dt">unit</span>)):exact (pack ((Tv_Var (bv_of_binder h))))</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">exact_hyp</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-en">binder</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">hd</span> <span class="pl-c1">=</span> <span class="pl-en">quote</span> <span class="pl-c1">(</span><span class="pl-smi">FStar.Squash.</span><span class="pl-en">return_squash</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+  <span class="pl-en">exact</span> <span class="pl-c1">(</span><span class="pl-en">mk_app</span> <span class="pl-en">hd</span> <span class="pl-c1">[((</span><span class="pl-en">pack</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_Var</span> <span class="pl-c1">(</span><span class="pl-en">bv_of_binder</span> <span class="pl-en">h</span><span class="pl-c1">))),</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">)])</span></pre></div>
+<h4>
+<a id="user-content-exact_hyp-1" class="anchor" href="#exact_hyp-1" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>exact_hyp'</h4>
 <p>Use a hypothesis h (of type a) to satisfy a goal at type a</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((interp_pattern_aux (pat:pattern) (cur_bindings:bindings) (tm:term)):(Tac (match_res bindings))):admit (); <span class="kw">let</span>  (interp_any () cur_bindings tm) = <span class="kw">return</span> (Prims<span class="kw">.</span>Nil ) <span class="kw">in</span> <span class="kw">let</span>  (interp_var (v:varname) cur_bindings tm) = <span class="kw">match</span> List<span class="kw">.</span>Tot<span class="kw">.</span>assoc v cur_bindings <span class="kw">with</span> (Some tm&#39;)  -&gt; <span class="kw">if</span> term_eq tm tm&#39; <span class="kw">then</span> <span class="kw">return</span> cur_bindings <span class="kw">else</span> raise ((NonLinearMismatch ((FStar<span class="kw">.</span>Pervasives<span class="kw">.</span>Native<span class="kw">.</span>Mktuple3 v tm tm&#39;)))) | None  -&gt; <span class="kw">return</span> ((Prims<span class="kw">.</span>Cons ((FStar<span class="kw">.</span>Pervasives<span class="kw">.</span>Native<span class="kw">.</span>Mktuple2 v tm)) cur_bindings)) <span class="kw">in</span> <span class="kw">let</span>  (interp_qn (qn:qn) cur_bindings tm) = <span class="kw">match</span> inspect tm <span class="kw">with</span> (Tv_FVar fv)  -&gt; <span class="kw">if</span> =(fv_to_string fv, qn) <span class="kw">then</span> <span class="kw">return</span> cur_bindings <span class="kw">else</span> raise ((NameMismatch ((FStar<span class="kw">.</span>Pervasives<span class="kw">.</span>Native<span class="kw">.</span>Mktuple2 qn (fv_to_string fv))))) | _  -&gt; raise ((SimpleMismatch ((FStar<span class="kw">.</span>Pervasives<span class="kw">.</span>Native<span class="kw">.</span>Mktuple2 pat tm)))) <span class="kw">in</span> <span class="kw">let</span>  (interp_type cur_bindings tm) = <span class="kw">match</span> inspect tm <span class="kw">with</span> (Tv_Type ())  -&gt; <span class="kw">return</span> cur_bindings | _  -&gt; raise ((SimpleMismatch ((FStar<span class="kw">.</span>Pervasives<span class="kw">.</span>Native<span class="kw">.</span>Mktuple2 pat tm)))) <span class="kw">in</span> <span class="kw">let</span>  (interp_app (p_hd:(p:pattern:{<span class="st">&lt;&lt;(p, pat)})) (p_arg:(p:pattern:{&lt;&lt;(p, pat)})) cur_bindings tm) = match inspect tm with (Tv_App hd (arg, _))  -&gt; with_hd &lt;- interp_pattern_aux p_hd cur_bindings hd; with_arg &lt;- interp_pattern_aux p_arg with_hd arg; return with_arg | _  -&gt; raise ((SimpleMismatch ((FStar.Pervasives.Native.Mktuple2 pat tm)))) in match pat with PAny  -&gt; interp_any () cur_bindings tm | (PVar var)  -&gt; interp_var var cur_bindings tm | (PQn qn)  -&gt; interp_qn qn cur_bindings tm | PType  -&gt; interp_type cur_bindings tm | (PApp p_hd p_arg)  -&gt; interp_app p_hd p_arg cur_bindings tm | _  -&gt; fail &quot;?&quot;</span></code></pre></div>
-<p>Match a pattern against a term. <code>cur_bindings</code> is a list of bindings collected while matching previous parts of the pattern. Returns a result in the exception monad. *</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((interp_pattern (pat:pattern)):Unidentified product: [term] (Tac (match_res bindings))):(<span class="kw">fun</span> (tm:term) -&gt; rev_bindings &lt;- interp_pattern_aux pat (Prims<span class="kw">.</span>Nil ) tm; <span class="kw">return</span> (List<span class="kw">.</span>Tot<span class="kw">.</span>rev rev_bindings))</code></pre></div>
-<p>Match a pattern <code>pat</code> against a term. Returns a result in the exception monad. *</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((match_term pat (tm:term)):(Tac bindings)):<span class="kw">match</span> interp_pattern pat (norm_term (Prims<span class="kw">.</span>Nil ) tm) <span class="kw">with</span> (Success bb)  -&gt; bb | (Failure ex)  -&gt; Tactics<span class="kw">.</span>fail (string_of_match_exception ex)</code></pre></div>
-<p>Match a term <code>tm</code> against a pattern <code>pat</code>. Raises an exception if the match fails. This is mostly useful for debugging: use <code>mgw</code> to capture matches. *</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((assoc_varname_fail (#b:Type) (key:varname) (ls:list <span class="co">(*(varname, b)))):(Tac b)):match List.Tot.assoc key ls with None  -&gt; fail (^(&quot;Not found: &quot;, key)) | (Some x)  -&gt; x</span></code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">exact_hyp'</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-en">binder</span><span class="pl-c1">):</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+  <span class="pl-en">exact</span> <span class="pl-c1">(</span><span class="pl-en">pack</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_Var</span> <span class="pl-c1">(</span><span class="pl-en">bv_of_binder</span> <span class="pl-en">h</span><span class="pl-c1">)))</span></pre></div>
+<blockquote>
+<h1>
+<a id="user-content-pattern-types" class="anchor" href="#pattern-types" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Pattern types</h1>
+<p>Patterns are defined using a simple inductive type, mirroring the structure
+of <code>term_view</code>.</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">varname</span> <span class="pl-c1">=</span> <span class="pl-c1">string</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-c1">string</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">pattern</span> <span class="pl-c1">=</span>
+<span class="pl-c1">|</span> <span class="pl-c1">PAny</span><span class="pl-c1">:</span> <span class="pl-en">pattern</span>
+<span class="pl-c1">|</span> <span class="pl-c1">PVar</span><span class="pl-c1">:</span> <span class="pl-en">name</span><span class="pl-c1">:</span> <span class="pl-en">varname</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">pattern</span>
+<span class="pl-c1">|</span> <span class="pl-c1">PQn</span><span class="pl-c1">:</span> <span class="pl-en">qn</span><span class="pl-c1">:</span> <span class="pl-en">qn</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">pattern</span>
+<span class="pl-c1">|</span> <span class="pl-c1">PType</span><span class="pl-c1">:</span> <span class="pl-en">pattern</span>
+<span class="pl-c1">|</span> <span class="pl-c1">PApp</span><span class="pl-c1">:</span> <span class="pl-en">hd</span><span class="pl-c1">:</span> <span class="pl-en">pattern</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">arg</span><span class="pl-c1">:</span> <span class="pl-en">pattern</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">pattern</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">desc_of_pattern</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+<span class="pl-c1">|</span> <span class="pl-c1">PAny</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>anything<span class="pl-pds">"</span></span>
+<span class="pl-c1">|</span> <span class="pl-c1">PVar</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>a variable<span class="pl-pds">"</span></span>
+<span class="pl-c1">|</span> <span class="pl-c1">PQn</span> <span class="pl-en">qn</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>a constant (<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">qn</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span>
+<span class="pl-c1">|</span> <span class="pl-c1">PType</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Type<span class="pl-pds">"</span></span>
+<span class="pl-c1">|</span> <span class="pl-c1">PApp</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>a function application<span class="pl-pds">"</span></span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">string_of_pattern</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+<span class="pl-c1">|</span> <span class="pl-c1">PAny</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>__<span class="pl-pds">"</span></span>
+<span class="pl-c1">|</span> <span class="pl-c1">PVar</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>?<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">x</span>
+<span class="pl-c1">|</span> <span class="pl-c1">PQn</span> <span class="pl-en">qn</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">qn</span>
+<span class="pl-c1">|</span> <span class="pl-c1">PType</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Type<span class="pl-pds">"</span></span>
+<span class="pl-c1">|</span> <span class="pl-c1">PApp</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>(<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">string_of_pattern</span> <span class="pl-en">l</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span> <span class="pl-pds">"</span></span>
+                 <span class="pl-c1">^</span> <span class="pl-en">string_of_pattern</span> <span class="pl-en">r</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span></pre></div>
+<blockquote>
+<h1>
+<a id="user-content-pattern-matching-exceptions" class="anchor" href="#pattern-matching-exceptions" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Pattern matching exceptions</h1>
+<p>Pattern-matching is defined as a pure, monadic function (because of issues
+with combining DM4F effects, but also because it helps with debugging).
+This section defines the exception monad.</p>
+<h2>
+<a id="user-content-types-of-exceptions" class="anchor" href="#types-of-exceptions" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Types of exceptions</h2>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">noeq</span> <span class="pl-k">type</span> <span class="pl-en">match_exception</span> <span class="pl-c1">=</span>
+<span class="pl-c1">|</span> <span class="pl-c1">NameMismatch</span> <span class="pl-en">of</span> <span class="pl-en">qn</span> * <span class="pl-en">qn</span>
+<span class="pl-c1">|</span> <span class="pl-c1">SimpleMismatch</span> <span class="pl-en">of</span> <span class="pl-en">pattern</span> * <span class="pl-en">term</span>
+<span class="pl-c1">|</span> <span class="pl-c1">NonLinearMismatch</span> <span class="pl-en">of</span> <span class="pl-en">varname</span> * <span class="pl-en">term</span> * <span class="pl-en">term</span>
+<span class="pl-c1">|</span> <span class="pl-c1">UnsupportedTermInPattern</span> <span class="pl-en">of</span> <span class="pl-en">term</span>
+<span class="pl-c1">|</span> <span class="pl-c1">IncorrectTypeInAbsPatBinder</span> <span class="pl-en">of</span> <span class="pl-en">typ</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">term_head</span> <span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">string</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">inspect</span> <span class="pl-en">t</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_Var</span> <span class="pl-en">bv</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Tv_Var<span class="pl-pds">"</span></span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_BVar</span> <span class="pl-en">fv</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Tv_BVar<span class="pl-pds">"</span></span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-en">fv</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Tv_FVar<span class="pl-pds">"</span></span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_App</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Tv_App<span class="pl-pds">"</span></span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_Abs</span> <span class="pl-en">x</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Tv_Abs<span class="pl-pds">"</span></span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_Arrow</span> <span class="pl-en">x</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Tv_Arrow<span class="pl-pds">"</span></span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_Type</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Tv_Type<span class="pl-pds">"</span></span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_Refine</span> <span class="pl-en">x</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Tv_Refine<span class="pl-pds">"</span></span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_Const</span> <span class="pl-en">cst</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Tv_Const<span class="pl-pds">"</span></span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_Uvar</span> <span class="pl-en">i</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Tv_Uvar<span class="pl-pds">"</span></span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_Let</span> <span class="pl-en">r</span> <span class="pl-en">attrs</span> <span class="pl-en">b</span> <span class="pl-en">t1</span> <span class="pl-en">t2</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Tv_Let<span class="pl-pds">"</span></span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_Match</span> <span class="pl-en">t</span> <span class="pl-c1">_</span> <span class="pl-en">branches</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Tv_Match<span class="pl-pds">"</span></span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_AscribedT</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Tv_AscribedT<span class="pl-pds">"</span></span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_AscribedC</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Tv_AscribedC<span class="pl-pds">"</span></span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_Unknown</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Tv_Unknown<span class="pl-pds">"</span></span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">string_of_match_exception</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">NameMismatch</span> <span class="pl-c1">(</span><span class="pl-en">qn1</span><span class="pl-c1">,</span> <span class="pl-en">qn2</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-s"><span class="pl-pds">"</span>Match failure (name mismatch): expecting <span class="pl-pds">"</span></span> <span class="pl-c1">^</span>
+    <span class="pl-en">qn1</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>, found <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">qn2</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">SimpleMismatch</span> <span class="pl-c1">(</span><span class="pl-en">pat</span><span class="pl-c1">,</span> <span class="pl-en">tm</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-s"><span class="pl-pds">"</span>Match failure (sort mismatch): expecting <span class="pl-pds">"</span></span> <span class="pl-c1">^</span>
+    <span class="pl-en">desc_of_pattern</span> <span class="pl-en">pat</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>, got <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">tm</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">NonLinearMismatch</span> <span class="pl-c1">(</span><span class="pl-en">nm</span><span class="pl-c1">,</span> <span class="pl-en">t1</span><span class="pl-c1">,</span> <span class="pl-en">t2</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-s"><span class="pl-pds">"</span>Match failure (nonlinear mismatch): variable <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">nm</span> <span class="pl-c1">^</span>
+    <span class="pl-s"><span class="pl-pds">"</span> needs to match both <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">term_to_string</span> <span class="pl-en">t1</span><span class="pl-c1">)</span> <span class="pl-c1">^</span>
+    <span class="pl-s"><span class="pl-pds">"</span> and <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">term_to_string</span> <span class="pl-en">t2</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">UnsupportedTermInPattern</span> <span class="pl-en">tm</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-s"><span class="pl-pds">"</span>Match failure (unsupported term in pattern): <span class="pl-pds">"</span></span> <span class="pl-c1">^</span>
+    <span class="pl-en">term_to_string</span> <span class="pl-en">tm</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span> (<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_head</span> <span class="pl-en">tm</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span>
+  <span class="pl-c1">|</span> <span class="pl-c1">IncorrectTypeInAbsPatBinder</span> <span class="pl-en">typ</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-s"><span class="pl-pds">"</span>Incorrect type in pattern-matching binder: <span class="pl-pds">"</span></span> <span class="pl-c1">^</span>
+    <span class="pl-en">term_to_string</span> <span class="pl-en">typ</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span> (use one of ``var``, ``hyp …``, or ``goal …``)<span class="pl-pds">"</span></span></pre></div>
+<blockquote>
+<h2>
+<a id="user-content-the-exception-monad" class="anchor" href="#the-exception-monad" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>The exception monad</h2>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">noeq</span> <span class="pl-k">type</span> <span class="pl-en">match_res</span> <span class="pl-en">a</span> <span class="pl-c1">=</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Success</span> <span class="pl-en">of</span> <span class="pl-en">a</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Failure</span> <span class="pl-en">of</span> <span class="pl-en">match_exception</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">return</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">match_res</span> <span class="pl-en">a</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">Success</span> <span class="pl-en">x</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">bind</span> <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span>
+         <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-en">match_res</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+         <span class="pl-c1">(</span><span class="pl-en">g</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">match_res</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">match_res</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">f</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Success</span> <span class="pl-en">aa</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">g</span> <span class="pl-en">aa</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Failure</span> <span class="pl-en">ex</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Failure</span> <span class="pl-en">ex</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">raise</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">ex</span><span class="pl-c1">:</span> <span class="pl-en">match_exception</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">match_res</span> <span class="pl-en">a</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">Failure</span> <span class="pl-en">ex</span></pre></div>
+<blockquote>
+<h2>
+<a id="user-content-liftings" class="anchor" href="#liftings" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Liftings</h2>
+<p>There's a natural lifting from the exception monad into the tactic effect:</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lift_exn_tac</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">match_res</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">aa</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">b</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">f</span> <span class="pl-en">aa</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Success</span> <span class="pl-en">bb</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">bb</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Failure</span> <span class="pl-en">ex</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">Tactics.</span><span class="pl-en">fail</span> <span class="pl-c1">(</span><span class="pl-en">string_of_match_exception</span> <span class="pl-en">ex</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lift_exn_tactic</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">match_res</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">aa</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">b</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">f</span> <span class="pl-en">aa</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Success</span> <span class="pl-en">bb</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">bb</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Failure</span> <span class="pl-en">ex</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">Tactics.</span><span class="pl-en">fail</span> <span class="pl-c1">(</span><span class="pl-en">string_of_match_exception</span> <span class="pl-en">ex</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<h1>
+<a id="user-content-pattern-interpretation" class="anchor" href="#pattern-interpretation" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Pattern interpretation</h1>
+<p>This section implement pattern-matching.  This is strictly a one term, one
+pattern implementation — handling cases in which mutliple hypotheses match
+the same pattern is done later.</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">bindings</span> <span class="pl-c1">=</span> <span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">varname</span> * <span class="pl-en">term</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">string_of_bindings</span> <span class="pl-c1">(</span><span class="pl-en">bindings</span><span class="pl-c1">:</span> <span class="pl-en">bindings</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-smi">String.</span><span class="pl-en">concat</span> <span class="pl-s"><span class="pl-pds">"</span><span class="pl-cce">\n</span><span class="pl-pds">"</span></span>
+    <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">nm</span><span class="pl-c1">,</span> <span class="pl-en">tm</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-s"><span class="pl-pds">"</span>&gt;&gt; <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">nm</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>: <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">tm</span><span class="pl-c1">))</span>
+                  <span class="pl-en">bindings</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-interp_pattern_aux" class="anchor" href="#interp_pattern_aux" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>interp_pattern_aux</h4>
+<p>Match a pattern against a term.
+<code>cur_bindings</code> is a list of bindings collected while matching previous parts of
+the pattern.  Returns a result in the exception monad. *</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">interp_pattern_aux</span> <span class="pl-c1">(</span><span class="pl-en">pat</span><span class="pl-c1">:</span> <span class="pl-en">pattern</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">cur_bindings</span><span class="pl-c1">:</span> <span class="pl-en">bindings</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">tm</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">match_res</span> <span class="pl-en">bindings</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">admit</span><span class="pl-c1">();</span>
+  <span class="pl-k">let</span> <span class="pl-en">interp_any</span> <span class="pl-c1">()</span> <span class="pl-en">cur_bindings</span> <span class="pl-en">tm</span> <span class="pl-c1">=</span>
+    <span class="pl-en">return</span> <span class="pl-c1">[]</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">interp_var</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:</span> <span class="pl-en">varname</span><span class="pl-c1">)</span> <span class="pl-en">cur_bindings</span> <span class="pl-en">tm</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-smi">List.Tot.Base.</span><span class="pl-en">assoc</span> <span class="pl-en">v</span> <span class="pl-en">cur_bindings</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">tm'</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">if</span> <span class="pl-en">term_eq</span> <span class="pl-en">tm</span> <span class="pl-en">tm'</span> <span class="pl-k">then</span> <span class="pl-en">return</span> <span class="pl-en">cur_bindings</span>
+                 <span class="pl-k">else</span> <span class="pl-en">raise</span> <span class="pl-c1">(</span><span class="pl-c1">NonLinearMismatch</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">,</span> <span class="pl-en">tm</span><span class="pl-c1">,</span> <span class="pl-en">tm'</span><span class="pl-c1">))</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">return</span> <span class="pl-c1">((</span><span class="pl-en">v</span><span class="pl-c1">,</span> <span class="pl-en">tm</span><span class="pl-c1">)</span> <span class="pl-c1">::</span> <span class="pl-en">cur_bindings</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">interp_qn</span> <span class="pl-c1">(</span><span class="pl-en">qn</span><span class="pl-c1">:</span> <span class="pl-en">qn</span><span class="pl-c1">)</span> <span class="pl-en">cur_bindings</span> <span class="pl-en">tm</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">inspect</span> <span class="pl-en">tm</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-en">fv</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-k">if</span> <span class="pl-en">fv_to_string</span> <span class="pl-en">fv</span> <span class="pl-c1">=</span> <span class="pl-en">qn</span> <span class="pl-k">then</span> <span class="pl-en">return</span> <span class="pl-en">cur_bindings</span>
+      <span class="pl-k">else</span> <span class="pl-en">raise</span> <span class="pl-c1">(</span><span class="pl-c1">NameMismatch</span> <span class="pl-c1">(</span><span class="pl-en">qn</span><span class="pl-c1">,</span> <span class="pl-c1">(</span><span class="pl-en">fv_to_string</span> <span class="pl-en">fv</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">raise</span> <span class="pl-c1">(</span><span class="pl-c1">SimpleMismatch</span> <span class="pl-c1">(</span><span class="pl-en">pat</span><span class="pl-c1">,</span> <span class="pl-en">tm</span><span class="pl-c1">))</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">interp_type</span> <span class="pl-en">cur_bindings</span> <span class="pl-en">tm</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">inspect</span> <span class="pl-en">tm</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_Type</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">return</span> <span class="pl-en">cur_bindings</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">raise</span> <span class="pl-c1">(</span><span class="pl-c1">SimpleMismatch</span> <span class="pl-c1">(</span><span class="pl-en">pat</span><span class="pl-c1">,</span> <span class="pl-en">tm</span><span class="pl-c1">))</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">interp_app</span> <span class="pl-c1">(</span><span class="pl-en">p_hd</span> <span class="pl-en">p_arg</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">pattern</span><span class="pl-c1">{</span><span class="pl-en">p</span> &lt;&lt; <span class="pl-en">pat</span><span class="pl-c1">}))</span> <span class="pl-en">cur_bindings</span> <span class="pl-en">tm</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">inspect</span> <span class="pl-en">tm</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_App</span> <span class="pl-en">hd</span> <span class="pl-c1">(</span><span class="pl-en">arg</span><span class="pl-c1">,</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">with_hd</span> <span class="pl-c1">&lt;--</span> <span class="pl-en">interp_pattern_aux</span> <span class="pl-en">p_hd</span> <span class="pl-en">cur_bindings</span> <span class="pl-en">hd</span><span class="pl-c1">;</span>
+      <span class="pl-en">with_arg</span> <span class="pl-c1">&lt;--</span> <span class="pl-en">interp_pattern_aux</span> <span class="pl-en">p_arg</span> <span class="pl-en">with_hd</span> <span class="pl-en">arg</span><span class="pl-c1">;</span>
+      <span class="pl-en">return</span> <span class="pl-en">with_arg</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">raise</span> <span class="pl-c1">(</span><span class="pl-c1">SimpleMismatch</span> <span class="pl-c1">(</span><span class="pl-en">pat</span><span class="pl-c1">,</span> <span class="pl-en">tm</span><span class="pl-c1">))</span> <span class="pl-k">in</span>
+    <span class="pl-k">match</span> <span class="pl-en">pat</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">PAny</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">interp_any</span> <span class="pl-c1">()</span> <span class="pl-en">cur_bindings</span> <span class="pl-en">tm</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">PVar</span> <span class="pl-en">var</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">interp_var</span> <span class="pl-en">var</span> <span class="pl-en">cur_bindings</span> <span class="pl-en">tm</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">PQn</span> <span class="pl-en">qn</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">interp_qn</span> <span class="pl-en">qn</span> <span class="pl-en">cur_bindings</span> <span class="pl-en">tm</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">PType</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">interp_type</span> <span class="pl-en">cur_bindings</span> <span class="pl-en">tm</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">PApp</span> <span class="pl-en">p_hd</span> <span class="pl-en">p_arg</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">interp_app</span> <span class="pl-en">p_hd</span> <span class="pl-en">p_arg</span> <span class="pl-en">cur_bindings</span> <span class="pl-en">tm</span></pre></div>
+<p>GM: Jul 11 2018, sadly this is needed, seems this monad layered
+on top of Tac causesq queries to be hard on Z3</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>?<span class="pl-pds">"</span></span></pre></div>
+<h4>
+<a id="user-content-interp_pattern" class="anchor" href="#interp_pattern" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>interp_pattern</h4>
+<p>Match a pattern <code>pat</code> against a term.
+Returns a result in the exception monad. *</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">interp_pattern</span> <span class="pl-c1">(</span><span class="pl-en">pat</span><span class="pl-c1">:</span> <span class="pl-en">pattern</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">match_res</span> <span class="pl-en">bindings</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">tm</span><span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">rev_bindings</span> <span class="pl-c1">&lt;--</span> <span class="pl-en">interp_pattern_aux</span> <span class="pl-en">pat</span> <span class="pl-c1">[]</span> <span class="pl-en">tm</span><span class="pl-c1">;</span>
+    <span class="pl-en">return</span> <span class="pl-c1">(</span><span class="pl-smi">List.Tot.Base.</span><span class="pl-en">rev</span> <span class="pl-en">rev_bindings</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-match_term" class="anchor" href="#match_term" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>match_term</h4>
+<p>Match a term <code>tm</code> against a pattern <code>pat</code>.
+Raises an exception if the match fails.  This is mostly useful for debugging:
+use <code>mgw</code> to capture matches. *</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">match_term</span> <span class="pl-en">pat</span> <span class="pl-c1">(</span><span class="pl-en">tm</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">bindings</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">interp_pattern</span> <span class="pl-en">pat</span> <span class="pl-c1">(</span><span class="pl-en">norm_term</span> <span class="pl-c1">[]</span> <span class="pl-en">tm</span><span class="pl-c1">)</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Success</span> <span class="pl-en">bb</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">bb</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Failure</span> <span class="pl-en">ex</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">Tactics.</span><span class="pl-en">fail</span> <span class="pl-c1">(</span><span class="pl-en">string_of_match_exception</span> <span class="pl-en">ex</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<h1>
+<a id="user-content-pattern-matching-problems" class="anchor" href="#pattern-matching-problems" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Pattern-matching problems</h1>
+<p>Generalizing past single-term single-pattern problems, we obtain the
+following notions of pattern-matching problems and solutions:</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">debug</span> <span class="pl-en">msg</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span> <span class="pl-c">// print msg</span></pre></div>
+<blockquote>
+<h2>
+<a id="user-content-definitions" class="anchor" href="#definitions" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Definitions</h2>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">absvar</span> <span class="pl-c1">=</span> <span class="pl-en">binder</span>
+<span class="pl-k">type</span> <span class="pl-en">hypothesis</span> <span class="pl-c1">=</span> <span class="pl-en">binder</span></pre></div>
+<blockquote>
+<p>A matching problem is composed of holes (<code>mp_vars</code>), hypothesis patterns
+(<code>mp_hyps</code>), and a goal pattern (<code>mp_goal</code>).</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">noeq</span> <span class="pl-k">type</span> <span class="pl-en">matching_problem</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">{</span> <span class="pl-en">mp_vars</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">varname</span><span class="pl-c1">;</span>
+    <span class="pl-en">mp_hyps</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">varname</span> * <span class="pl-en">pattern</span><span class="pl-c1">);</span>
+    <span class="pl-en">mp_goal</span><span class="pl-c1">:</span> <span class="pl-en">option</span> <span class="pl-en">pattern</span> <span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">string_of_matching_problem</span> <span class="pl-en">mp</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">vars</span> <span class="pl-c1">=</span>
+    <span class="pl-smi">String.</span><span class="pl-en">concat</span> <span class="pl-s"><span class="pl-pds">"</span>, <span class="pl-pds">"</span></span> <span class="pl-en">mp</span><span class="pl-c1">.</span><span class="pl-en">mp_vars</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">hyps</span> <span class="pl-c1">=</span>
+    <span class="pl-smi">String.</span><span class="pl-en">concat</span> <span class="pl-s"><span class="pl-pds">"</span><span class="pl-cce">\n</span>        <span class="pl-pds">"</span></span>
+      <span class="pl-c1">(</span><span class="pl-smi">List.Tot.Base.</span><span class="pl-en">map</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">nm</span><span class="pl-c1">,</span> <span class="pl-en">pat</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-en">nm</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>: <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">string_of_pattern</span> <span class="pl-en">pat</span><span class="pl-c1">))</span> <span class="pl-en">mp</span><span class="pl-c1">.</span><span class="pl-en">mp_hyps</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">goal</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">mp</span><span class="pl-c1">.</span><span class="pl-en">mp_goal</span> <span class="pl-k">with</span>
+             <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>_<span class="pl-pds">"</span></span>
+             <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">pat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">string_of_pattern</span> <span class="pl-en">pat</span> <span class="pl-k">in</span>
+  <span class="pl-s"><span class="pl-pds">"</span><span class="pl-cce">\n</span>{ vars: <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">vars</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span><span class="pl-cce">\n</span><span class="pl-pds">"</span></span> <span class="pl-c1">^</span>
+  <span class="pl-s"><span class="pl-pds">"</span>  hyps: <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">hyps</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span><span class="pl-cce">\n</span><span class="pl-pds">"</span></span> <span class="pl-c1">^</span>
+  <span class="pl-s"><span class="pl-pds">"</span>  goal: <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">goal</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span> }<span class="pl-pds">"</span></span></pre></div>
+<blockquote>
+<p>A solution is composed of terms captured to mach the holes, and binders
+captured to match hypothesis patterns.</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">noeq</span> <span class="pl-k">type</span> <span class="pl-en">matching_solution</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">{</span> <span class="pl-en">ms_vars</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">varname</span> * <span class="pl-en">term</span><span class="pl-c1">);</span>
+    <span class="pl-en">ms_hyps</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">varname</span> * <span class="pl-en">hypothesis</span><span class="pl-c1">)</span> <span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">string_of_matching_solution</span> <span class="pl-en">ms</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">vars</span> <span class="pl-c1">=</span>
+    <span class="pl-smi">String.</span><span class="pl-en">concat</span> <span class="pl-s"><span class="pl-pds">"</span><span class="pl-cce">\n</span>            <span class="pl-pds">"</span></span>
+      <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">varname</span><span class="pl-c1">,</span> <span class="pl-en">tm</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-en">varname</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>: <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">term_to_string</span> <span class="pl-en">tm</span><span class="pl-c1">))</span> <span class="pl-en">ms</span><span class="pl-c1">.</span><span class="pl-en">ms_vars</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">hyps</span> <span class="pl-c1">=</span>
+    <span class="pl-smi">String.</span><span class="pl-en">concat</span> <span class="pl-s"><span class="pl-pds">"</span><span class="pl-cce">\n</span>        <span class="pl-pds">"</span></span>
+      <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">nm</span><span class="pl-c1">,</span> <span class="pl-en">binder</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-en">nm</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>: <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">binder_to_string</span> <span class="pl-en">binder</span><span class="pl-c1">))</span> <span class="pl-en">ms</span><span class="pl-c1">.</span><span class="pl-en">ms_hyps</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+  <span class="pl-s"><span class="pl-pds">"</span><span class="pl-cce">\n</span>{ vars: <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">vars</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span><span class="pl-cce">\n</span><span class="pl-pds">"</span></span> <span class="pl-c1">^</span>
+  <span class="pl-s"><span class="pl-pds">"</span>  hyps: <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">hyps</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span> }<span class="pl-pds">"</span></span></pre></div>
+<h4>
+<a id="user-content-assoc_varname_fail" class="anchor" href="#assoc_varname_fail" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>assoc_varname_fail</h4>
 <p>Find a varname in an association list; fail if it can't be found. *</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((solve_mp_for_single_hyp #a (name:varname) (pat:pattern) (hypotheses:list hypothesis) (body:Unidentified product: [matching_solution] (Tac a)) (part_sol:matching_solution)):(Tac a)):<span class="kw">match</span> hypotheses <span class="kw">with</span> []  -&gt; fail #a <span class="st">&quot;No matching hypothesis&quot;</span> | (Prims<span class="kw">.</span>Cons h hs)  -&gt; or_else ((<span class="kw">fun</span> () -&gt; <span class="kw">match</span> interp_pattern_aux pat part_sol.ms_vars (type_of_binder h) <span class="kw">with</span> (Failure ex)  -&gt; fail (^(<span class="st">&quot;Failed to match hyp: &quot;</span>, (string_of_match_exception ex))) | (Success bindings)  -&gt; <span class="kw">let</span>  ms_hyps = (Prims<span class="kw">.</span>Cons ((FStar<span class="kw">.</span>Pervasives<span class="kw">.</span>Native<span class="kw">.</span>Mktuple2 name h)) part_sol.ms_hyps) <span class="kw">in</span> body ({part_sol <span class="kw">with</span> ms_vars=bindings ms_hyps=ms_hyps}))) ((<span class="kw">fun</span> () -&gt; solve_mp_for_single_hyp name pat hs body part_sol))</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">assoc_varname_fail</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">key</span><span class="pl-c1">:</span> <span class="pl-en">varname</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ls</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">varname</span> * <span class="pl-en">b</span><span class="pl-c1">))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">b</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-smi">List.Tot.Base.</span><span class="pl-en">assoc</span> <span class="pl-en">key</span> <span class="pl-en">ls</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-c1">(</span><span class="pl-s"><span class="pl-pds">"</span>Not found: <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">key</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">ms_locate_hyp</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">solution</span><span class="pl-c1">:</span> <span class="pl-en">matching_solution</span><span class="pl-c1">)</span>
+                  <span class="pl-c1">(</span><span class="pl-en">name</span><span class="pl-c1">:</span> <span class="pl-en">varname</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">binder</span> <span class="pl-c1">=</span>
+  <span class="pl-en">assoc_varname_fail</span> <span class="pl-en">name</span> <span class="pl-en">solution</span><span class="pl-c1">.</span><span class="pl-en">ms_hyps</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">ms_locate_var</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">solution</span><span class="pl-c1">:</span> <span class="pl-en">matching_solution</span><span class="pl-c1">)</span>
+                  <span class="pl-c1">(</span><span class="pl-en">name</span><span class="pl-c1">:</span> <span class="pl-en">varname</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">a</span> <span class="pl-c1">=</span>
+  <span class="pl-en">unquote</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">assoc_varname_fail</span> <span class="pl-en">name</span> <span class="pl-en">solution</span><span class="pl-c1">.</span><span class="pl-en">ms_vars</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">ms_locate_unit</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-en">_solution</span> <span class="pl-en">_binder_name</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">()</span></pre></div>
+<blockquote>
+<h2>
+<a id="user-content-resolution" class="anchor" href="#resolution" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Resolution</h2>
+<p>Solving a matching problem is a two-steps process: find an initial
+assignment for holes based on the goal pattern, then find a set of
+hypotheses matching hypothesis patterns.</p>
+<p>Note that the implementation takes a continuation of type
+<code>matching_solution -&gt; Tac a</code>.  This continuation is needed because we want
+users to be able to provide extra criteria on matching solutions (most
+commonly, this criterion is that a particular tactic should run
+successfuly).</p>
+<p>This makes it easy to implement a simple for of search through the context,
+where one can find a hypothesis matching a particular predicate by
+constructing a trivial matching problem and passing the predicate as the
+continuation.</p>
+</blockquote>
+<h4>
+<a id="user-content-solve_mp_for_single_hyp" class="anchor" href="#solve_mp_for_single_hyp" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>solve_mp_for_single_hyp</h4>
 <p>Scan <code>hypotheses</code> for a match for <code>pat</code> that lets <code>body</code> succeed.</p>
-<p><code>name</code> is used to refer to the hypothesis matched in the final solution. <code>part_sol</code> includes bindings gathered while matching previous solutions. *</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((solve_mp_for_hyps #a (mp_hyps:list <span class="co">(*(varname, pattern))) (hypotheses:list hypothesis) (body:Unidentified product: [matching_solution] (Tac a)) (partial_solution:matching_solution)):(Tac a)):match mp_hyps with []  -&gt; body partial_solution | (Prims.Cons (name, pat) pats)  -&gt; solve_mp_for_single_hyp name pat hypotheses (solve_mp_for_hyps pats hypotheses body) partial_solution</span></code></pre></div>
-<p>Scan <code>hypotheses</code> for matches for <code>mp_hyps</code> that lets <code>body</code> succeed. *</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((solve_mp #a (problem:matching_problem) (hypotheses:binders) (goal:term) (body:Unidentified product: [matching_solution] (Tac a))):(Tac a)):<span class="kw">let</span>  goal_ps = <span class="kw">match</span> problem.mp_goal <span class="kw">with</span> None  -&gt; {ms_vars=(Prims<span class="kw">.</span>Nil ) ms_hyps=(Prims<span class="kw">.</span>Nil )} | (Some pat)  -&gt; <span class="kw">match</span> interp_pattern pat goal <span class="kw">with</span> (Failure ex)  -&gt; fail (^(<span class="st">&quot;Failed to match goal: &quot;</span>, (string_of_match_exception ex))) | (Success bindings)  -&gt; {ms_vars=bindings ms_hyps=(Prims<span class="kw">.</span>Nil )} <span class="kw">in</span> solve_mp_for_hyps #a problem.mp_hyps hypotheses body goal_ps</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">solve_mp_for_single_hyp</span> <span class="pl-c1">#</span><span class="pl-en">a</span>
+                                <span class="pl-c1">(</span><span class="pl-en">name</span><span class="pl-c1">:</span> <span class="pl-en">varname</span><span class="pl-c1">)</span>
+                                <span class="pl-c1">(</span><span class="pl-en">pat</span><span class="pl-c1">:</span> <span class="pl-en">pattern</span><span class="pl-c1">)</span>
+                                <span class="pl-c1">(</span><span class="pl-en">hypotheses</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">hypothesis</span><span class="pl-c1">)</span>
+                                <span class="pl-c1">(</span><span class="pl-en">body</span><span class="pl-c1">:</span> <span class="pl-en">matching_solution</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+                                <span class="pl-c1">(</span><span class="pl-en">part_sol</span><span class="pl-c1">:</span> <span class="pl-en">matching_solution</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">a</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">hypotheses</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">fail</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-s"><span class="pl-pds">"</span>No matching hypothesis<span class="pl-pds">"</span></span>
+  <span class="pl-c1">|</span> <span class="pl-en">h</span> <span class="pl-c1">::</span> <span class="pl-en">hs</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">or_else</span> <span class="pl-c">// Must be in ``Tac`` here to run `body`</span>
+      <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span>
+         <span class="pl-k">match</span> <span class="pl-en">interp_pattern_aux</span> <span class="pl-en">pat</span> <span class="pl-en">part_sol</span><span class="pl-c1">.</span><span class="pl-en">ms_vars</span> <span class="pl-c1">(</span><span class="pl-en">type_of_binder</span> <span class="pl-en">h</span><span class="pl-c1">)</span> <span class="pl-k">with</span>
+         <span class="pl-c1">|</span> <span class="pl-c1">Failure</span> <span class="pl-en">ex</span> <span class="pl-c1">-&gt;</span>
+           <span class="pl-en">fail</span> <span class="pl-c1">(</span><span class="pl-s"><span class="pl-pds">"</span>Failed to match hyp: <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">string_of_match_exception</span> <span class="pl-en">ex</span><span class="pl-c1">))</span>
+         <span class="pl-c1">|</span> <span class="pl-c1">Success</span> <span class="pl-en">bindings</span> <span class="pl-c1">-&gt;</span>
+           <span class="pl-k">let</span> <span class="pl-en">ms_hyps</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">name</span><span class="pl-c1">,</span> <span class="pl-en">h</span><span class="pl-c1">)</span> <span class="pl-c1">::</span> <span class="pl-en">part_sol</span><span class="pl-c1">.</span><span class="pl-en">ms_hyps</span> <span class="pl-k">in</span>
+           <span class="pl-en">body</span> <span class="pl-c1">({</span> <span class="pl-en">part_sol</span> <span class="pl-k">with</span> <span class="pl-en">ms_vars</span> <span class="pl-c1">=</span> <span class="pl-en">bindings</span><span class="pl-c1">;</span> <span class="pl-en">ms_hyps</span> <span class="pl-c1">=</span> <span class="pl-en">ms_hyps</span> <span class="pl-c1">}))</span>
+      <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span>
+         <span class="pl-en">solve_mp_for_single_hyp</span> <span class="pl-en">name</span> <span class="pl-en">pat</span> <span class="pl-en">hs</span> <span class="pl-en">body</span> <span class="pl-en">part_sol</span><span class="pl-c1">)</span></pre></div>
+<p><code>name</code> is used to refer to the hypothesis matched in the final solution.
+<code>part_sol</code> includes bindings gathered while matching previous solutions. *</p>
+<h4>
+<a id="user-content-solve_mp_for_hyps" class="anchor" href="#solve_mp_for_hyps" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>solve_mp_for_hyps</h4>
+<p>Scan <code>hypotheses</code> for matches for <code>mp_hyps</code> that lets <code>body</code>
+succeed. *</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">solve_mp_for_hyps</span> <span class="pl-c1">#</span><span class="pl-en">a</span>
+                          <span class="pl-c1">(</span><span class="pl-en">mp_hyps</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">varname</span> * <span class="pl-en">pattern</span><span class="pl-c1">))</span>
+                          <span class="pl-c1">(</span><span class="pl-en">hypotheses</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">hypothesis</span><span class="pl-c1">)</span>
+                          <span class="pl-c1">(</span><span class="pl-en">body</span><span class="pl-c1">:</span> <span class="pl-en">matching_solution</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+                          <span class="pl-c1">(</span><span class="pl-en">partial_solution</span><span class="pl-c1">:</span> <span class="pl-en">matching_solution</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">a</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">mp_hyps</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">body</span> <span class="pl-en">partial_solution</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">(</span><span class="pl-en">name</span><span class="pl-c1">,</span> <span class="pl-en">pat</span><span class="pl-c1">)</span> <span class="pl-c1">::</span> <span class="pl-en">pats</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">solve_mp_for_single_hyp</span> <span class="pl-en">name</span> <span class="pl-en">pat</span> <span class="pl-en">hypotheses</span>
+      <span class="pl-c1">(</span><span class="pl-en">solve_mp_for_hyps</span> <span class="pl-en">pats</span> <span class="pl-en">hypotheses</span> <span class="pl-en">body</span><span class="pl-c1">)</span>
+      <span class="pl-en">partial_solution</span></pre></div>
+<h4>
+<a id="user-content-solve_mp" class="anchor" href="#solve_mp" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>solve_mp</h4>
 <p>Solve a matching problem.</p>
-<p>The solution returned is constructed to ensure that the continuation <code>body</code> succeeds: this implements the usual backtracking-match semantics. *</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((pattern_of_term_ex tm):(Tac (match_res pattern))):<span class="kw">match</span> inspect tm <span class="kw">with</span> (Tv_Var bv)  -&gt; <span class="kw">return</span> ((PVar (name_of_bv bv))) | (Tv_FVar fv)  -&gt; <span class="kw">let</span>  qn = fv_to_string fv <span class="kw">in</span> <span class="kw">return</span> (<span class="kw">if</span> =(qn, any_qn) <span class="kw">then</span> PAny <span class="kw">else</span> (PQn qn)) | (Tv_Type ())  -&gt; <span class="kw">return</span> PType | (Tv_App f (x, _))  -&gt; <span class="kw">let</span>  is_any = <span class="kw">match</span> inspect f <span class="kw">with</span> (Tv_FVar fv)  -&gt; =(fv_to_string fv, any_qn) | _  -&gt; <span class="kw">false</span> <span class="kw">in</span> <span class="kw">if</span> is_any <span class="kw">then</span> <span class="kw">return</span> PAny <span class="kw">else</span> (fpat &lt;- pattern_of_term_ex f; xpat &lt;- pattern_of_term_ex x; <span class="kw">return</span> ((PApp fpat xpat))) | _  -&gt; raise ((UnsupportedTermInPattern tm))</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">solve_mp</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">problem</span><span class="pl-c1">:</span> <span class="pl-en">matching_problem</span><span class="pl-c1">)</span>
+                <span class="pl-c1">(</span><span class="pl-en">hypotheses</span><span class="pl-c1">:</span> <span class="pl-en">binders</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">goal</span><span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span>
+                <span class="pl-c1">(</span><span class="pl-en">body</span><span class="pl-c1">:</span> <span class="pl-en">matching_solution</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">a</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">goal_ps</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">problem</span><span class="pl-c1">.</span><span class="pl-en">mp_goal</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">{</span> <span class="pl-en">ms_vars</span> <span class="pl-c1">=</span> <span class="pl-c1">[];</span> <span class="pl-en">ms_hyps</span> <span class="pl-c1">=</span> <span class="pl-c1">[]</span> <span class="pl-c1">}</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">pat</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-k">match</span> <span class="pl-en">interp_pattern</span> <span class="pl-en">pat</span> <span class="pl-en">goal</span> <span class="pl-k">with</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Failure</span> <span class="pl-en">ex</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-c1">(</span><span class="pl-s"><span class="pl-pds">"</span>Failed to match goal: <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">string_of_match_exception</span> <span class="pl-en">ex</span><span class="pl-c1">))</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Success</span> <span class="pl-en">bindings</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">{</span> <span class="pl-en">ms_vars</span> <span class="pl-c1">=</span> <span class="pl-en">bindings</span><span class="pl-c1">;</span> <span class="pl-en">ms_hyps</span> <span class="pl-c1">=</span> <span class="pl-c1">[]</span> <span class="pl-c1">}</span> <span class="pl-k">in</span>
+  <span class="pl-en">solve_mp_for_hyps</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">problem</span><span class="pl-c1">.</span><span class="pl-en">mp_hyps</span> <span class="pl-en">hypotheses</span> <span class="pl-en">body</span> <span class="pl-en">goal_ps</span></pre></div>
+<p>The solution returned is constructed to ensure that the continuation <code>body</code>
+succeeds: this implements the usual backtracking-match semantics. *</p>
+<blockquote>
+<h1>
+<a id="user-content-a-dsl-for-pattern-matching" class="anchor" href="#a-dsl-for-pattern-matching" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>A DSL for pattern-matching</h1>
+<p>Using pattern-matching problems as defined above is relatively cumbersome,
+so we now introduce a lightweight notation, in two steps: pattern notations,
+and matching-problem notations.</p>
+<h2>
+<a id="user-content-pattern-notations" class="anchor" href="#pattern-notations" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Pattern notations</h2>
+<p>The first part of our pattern-matching syntax is pattern notations: we
+provide a reflective function which constructs a pattern from a term:
+variables are holes, free variables are constants, and applications are
+application patterns.</p>
+</blockquote>
+<p>This is a hack to allow users to capture anything.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">assume</span> <span class="pl-k">val</span> <span class="pl-en">__</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">t</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t</span>
+<span class="pl-k">let</span> <span class="pl-en">any_qn</span> <span class="pl-c1">=</span> <span class="pl-c1">`</span>%<span class="pl-en">__</span></pre></div>
+<h4>
+<a id="user-content-pattern_of_term_ex" class="anchor" href="#pattern_of_term_ex" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>pattern_of_term_ex</h4>
 <p>Compile a term <code>tm</code> into a pattern. *</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((beta_reduce (tm:term)):(Tac term)):norm_term (Prims<span class="kw">.</span>Nil ) tm</code></pre></div>
-<p>β-reduce a term <code>tm</code>. This is useful to remove needles function applications introduced by F<em>, like <code>(fun a b c -&gt; a) 1 2 3</code>. </em></p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((pattern_of_term tm):(Tac pattern)):<span class="kw">match</span> pattern_of_term_ex tm <span class="kw">with</span> (Success bb)  -&gt; bb | (Failure ex)  -&gt; Tactics<span class="kw">.</span>fail (string_of_match_exception ex)</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">pattern_of_term_ex</span> <span class="pl-en">tm</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">match_res</span> <span class="pl-en">pattern</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">inspect</span> <span class="pl-en">tm</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_Var</span> <span class="pl-en">bv</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">return</span> <span class="pl-c1">(</span><span class="pl-c1">PVar</span> <span class="pl-c1">(</span><span class="pl-en">name_of_bv</span> <span class="pl-en">bv</span><span class="pl-c1">))</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-en">fv</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">let</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">fv_to_string</span> <span class="pl-en">fv</span> <span class="pl-k">in</span>
+    <span class="pl-en">return</span> <span class="pl-c1">(</span><span class="pl-k">if</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">any_qn</span> <span class="pl-k">then</span> <span class="pl-c1">PAny</span> <span class="pl-k">else</span> <span class="pl-c1">PQn</span> <span class="pl-en">qn</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_Type</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">return</span> <span class="pl-c1">PType</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_App</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">let</span> <span class="pl-en">is_any</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">inspect</span> <span class="pl-en">f</span> <span class="pl-k">with</span>
+                 <span class="pl-c1">|</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-en">fv</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fv_to_string</span> <span class="pl-en">fv</span> <span class="pl-c1">=</span> <span class="pl-en">any_qn</span>
+                 <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">false</span> <span class="pl-k">in</span>
+    <span class="pl-k">if</span> <span class="pl-en">is_any</span> <span class="pl-k">then</span>
+      <span class="pl-en">return</span> <span class="pl-c1">PAny</span>
+    <span class="pl-k">else</span>
+      <span class="pl-c1">(</span><span class="pl-en">fpat</span> <span class="pl-c1">&lt;--</span> <span class="pl-en">pattern_of_term_ex</span> <span class="pl-en">f</span><span class="pl-c1">;</span>
+       <span class="pl-en">xpat</span> <span class="pl-c1">&lt;--</span> <span class="pl-en">pattern_of_term_ex</span> <span class="pl-en">x</span><span class="pl-c1">;</span>
+       <span class="pl-en">return</span> <span class="pl-c1">(</span><span class="pl-c1">PApp</span> <span class="pl-en">fpat</span> <span class="pl-en">xpat</span><span class="pl-c1">))</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">raise</span> <span class="pl-c1">(</span><span class="pl-c1">UnsupportedTermInPattern</span> <span class="pl-en">tm</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-beta_reduce" class="anchor" href="#beta_reduce" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>beta_reduce</h4>
+<p>β-reduce a term <code>tm</code>.
+This is useful to remove needles function applications introduced by F*, like
+<code>(fun a b c -&gt; a) 1 2 3</code>. *</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">beta_reduce</span> <span class="pl-c1">(</span><span class="pl-en">tm</span><span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span> <span class="pl-c1">=</span>
+  <span class="pl-en">norm_term</span> <span class="pl-c1">[]</span> <span class="pl-en">tm</span></pre></div>
+<h4>
+<a id="user-content-pattern_of_term" class="anchor" href="#pattern_of_term" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>pattern_of_term</h4>
 <p>Compile a term <code>tm</code> into a pattern. *</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((binders_and_body_of_abs tm):(Tac <span class="co">(*(binders, term)))):match inspect tm with (Tv_Abs binder tm)  -&gt; let  (binders, body) = binders_and_body_of_abs tm in (FStar.Pervasives.Native.Mktuple2 (Prims.Cons binder binders) body) | _  -&gt; (FStar.Pervasives.Native.Mktuple2 (Prims.Nil ) tm)</span></code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">pattern_of_term</span> <span class="pl-en">tm</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">pattern</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">pattern_of_term_ex</span> <span class="pl-en">tm</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Success</span> <span class="pl-en">bb</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">bb</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Failure</span> <span class="pl-en">ex</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">Tactics.</span><span class="pl-en">fail</span> <span class="pl-c1">(</span><span class="pl-en">string_of_match_exception</span> <span class="pl-en">ex</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<h2>
+<a id="user-content-problem-notations" class="anchor" href="#problem-notations" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Problem notations</h2>
+<p>We then introduce a DSL for matching problems, best explained on the
+following example::</p>
+<p>(fun (a b c: ①) (h1 h2 h3: hyp ②) (g: pm_goal ③) → ④)</p>
+<p>This notation is intended to express a pattern-matching problems with three
+holes <code>a</code>, <code>b</code>, and <code>c</code> of type ①, matching hypotheses <code>h1</code>, <code>h2</code>,
+and <code>h3</code> against pattern ② and the goal against the pattern ③.  The body
+of the notation (④) is then run with appropriate terms bound to <code>a</code>,
+<code>b</code>, and <code>c</code>, appropriate binders bound to <code>h1</code>, <code>h2</code>, and <code>h3</code>,
+and <code>()</code> bound to <code>g</code>.</p>
+<p>We call these patterns <code>abspat</code>s (abstraction patterns), and we provide
+facilities to parse them into matching problems, and to run their bodies
+against a particular matching solution.</p>
+</blockquote>
+<p>We used to annotate variables with an explicit 'var' marker, but then that
+var annotation leaked into the types of other hypotheses due to type
+inference, requiring non-trivial normalization.</p>
+<p>let var (a: Type) = a</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">hyp</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">=</span> <span class="pl-en">binder</span>
+<span class="pl-k">let</span> <span class="pl-en">pm_goal</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">=</span> <span class="pl-c1">unit</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">hyp_qn</span>  <span class="pl-c1">=</span> <span class="pl-c1">`</span>%<span class="pl-en">hyp</span>
+<span class="pl-k">let</span> <span class="pl-en">goal_qn</span> <span class="pl-c1">=</span> <span class="pl-c1">`</span>%<span class="pl-en">pm_goal</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">noeq</span> <span class="pl-k">type</span> <span class="pl-en">abspat_binder_kind</span> <span class="pl-c1">=</span>
+<span class="pl-c1">|</span> <span class="pl-c1">ABKVar</span> <span class="pl-en">of</span> <span class="pl-en">typ</span>
+<span class="pl-c1">|</span> <span class="pl-c1">ABKHyp</span>
+<span class="pl-c1">|</span> <span class="pl-c1">ABKGoal</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">string_of_abspat_binder_kind</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">ABKVar</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>varname<span class="pl-pds">"</span></span>
+  <span class="pl-c1">|</span> <span class="pl-c1">ABKHyp</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>hyp<span class="pl-pds">"</span></span>
+  <span class="pl-c1">|</span> <span class="pl-c1">ABKGoal</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>goal<span class="pl-pds">"</span></span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">noeq</span> <span class="pl-k">type</span> <span class="pl-en">abspat_argspec</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">{</span> <span class="pl-en">asa_name</span><span class="pl-c1">:</span> <span class="pl-en">absvar</span><span class="pl-c1">;</span>
+    <span class="pl-en">asa_kind</span><span class="pl-c1">:</span> <span class="pl-en">abspat_binder_kind</span> <span class="pl-c1">}</span></pre></div>
+<p>We must store this continuation, because recomputing it yields different
+names when the binders are re-opened.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">abspat_continuation</span> <span class="pl-c1">=</span>
+  <span class="pl-en">list</span> <span class="pl-en">abspat_argspec</span> * <span class="pl-en">term</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">classify_abspat_binder</span> <span class="pl-en">binder</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">abspat_binder_kind</span> * <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">varname</span> <span class="pl-c1">=</span> <span class="pl-s"><span class="pl-pds">"</span>v<span class="pl-pds">"</span></span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">hyp_pat</span> <span class="pl-c1">=</span> <span class="pl-c1">PApp</span> <span class="pl-c1">(</span><span class="pl-c1">PQn</span> <span class="pl-en">hyp_qn</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-c1">PVar</span> <span class="pl-en">varname</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">goal_pat</span> <span class="pl-c1">=</span> <span class="pl-c1">PApp</span> <span class="pl-c1">(</span><span class="pl-c1">PQn</span> <span class="pl-en">goal_qn</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-c1">PVar</span> <span class="pl-en">varname</span><span class="pl-c1">)</span> <span class="pl-k">in</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">typ</span> <span class="pl-c1">=</span> <span class="pl-en">type_of_binder</span> <span class="pl-en">binder</span> <span class="pl-k">in</span>
+<span class="pl-k">match</span> <span class="pl-en">interp_pattern</span> <span class="pl-en">hyp_pat</span> <span class="pl-en">typ</span> <span class="pl-k">with</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Success</span> <span class="pl-c1">[(</span><span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-en">hyp_typ</span><span class="pl-c1">)]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ABKHyp</span><span class="pl-c1">,</span> <span class="pl-en">hyp_typ</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Success</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>classifiy_abspat_binder: impossible (1)<span class="pl-pds">"</span></span>
+<span class="pl-c1">|</span> <span class="pl-c1">Failure</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-k">match</span> <span class="pl-en">interp_pattern</span> <span class="pl-en">goal_pat</span> <span class="pl-en">typ</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Success</span> <span class="pl-c1">[(</span><span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-en">goal_typ</span><span class="pl-c1">)]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ABKGoal</span><span class="pl-c1">,</span> <span class="pl-en">goal_typ</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Success</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>classifiy_abspat_binder: impossible (2)<span class="pl-pds">"</span></span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Failure</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">ABKVar</span> <span class="pl-en">typ</span><span class="pl-c1">,</span> <span class="pl-en">typ</span></pre></div>
+<h4>
+<a id="user-content-binders_and_body_of_abs" class="anchor" href="#binders_and_body_of_abs" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>binders_and_body_of_abs</h4>
 <p>Split an abstraction <code>tm</code> into a list of binders and a body. *</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((matching_problem_of_abs (tm:term)):(Tac <span class="co">(*(matching_problem, abspat_continuation)))):let  (binders, body) = binders_and_body_of_abs (cleanup_abspat tm) in debug (^(&quot;Got binders: &quot;, (String.concat &quot;, &quot; (map ((fun b -&gt; (name_of_binder b : (Tac string)))) binders)))); let  classified_binders = map ((fun binder -&gt; let  bv_name = name_of_binder binder in debug (^(&quot;Got binder: &quot;, ^(bv_name, ^(&quot;; type is &quot;, term_to_string (type_of_binder binder))))); let  (binder_kind, typ) = classify_abspat_binder binder in ((FStar.Pervasives.Native.Mktuple4 binder bv_name binder_kind typ)))) binders in let  problem = fold_left ((fun problem (binder, bv_name, binder_kind, typ) -&gt; debug (^(&quot;Compiling binder &quot;, ^(name_of_binder binder, ^(&quot;, classified as &quot;, ^(string_of_abspat_binder_kind binder_kind, ^(&quot;, with type &quot;, term_to_string typ)))))); match binder_kind with (ABKVar _)  -&gt; {problem with mp_vars=(Prims.Cons bv_name problem.mp_vars)} | ABKHyp  -&gt; {problem with mp_hyps=(Prims.Cons ((FStar.Pervasives.Native.Mktuple2 bv_name (pattern_of_term typ))) problem.mp_hyps)} | ABKGoal  -&gt; {problem with mp_goal=(Some (pattern_of_term typ))})) ({mp_vars=(Prims.Nil ) mp_hyps=(Prims.Nil ) mp_goal=None}) classified_binders in let  continuation = let  ((abspat_argspec_of_binder xx):(Tac abspat_argspec)) = match xx with (binder, xx, binder_kind, yy)  -&gt; {asa_name=binder asa_kind=binder_kind} in ((FStar.Pervasives.Native.Mktuple2 map abspat_argspec_of_binder classified_binders tm)) in let  mp = {mp_vars=List.rev #varname problem.mp_vars mp_hyps=List.rev #(*(varname, pattern)) problem.mp_hyps mp_goal=problem.mp_goal} in debug (^(&quot;Got matching problem: &quot;, (string_of_matching_problem mp))); (FStar.Pervasives.Native.Mktuple2 mp continuation)</span></code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">binders_and_body_of_abs</span> <span class="pl-en">tm</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">binders</span> * <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">inspect</span> <span class="pl-en">tm</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_Abs</span> <span class="pl-en">binder</span> <span class="pl-en">tm</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">let</span> <span class="pl-en">binders</span><span class="pl-c1">,</span> <span class="pl-en">body</span> <span class="pl-c1">=</span> <span class="pl-en">binders_and_body_of_abs</span> <span class="pl-en">tm</span> <span class="pl-k">in</span>
+    <span class="pl-en">binder</span> <span class="pl-c1">::</span> <span class="pl-en">binders</span><span class="pl-c1">,</span> <span class="pl-en">body</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[],</span> <span class="pl-en">tm</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">cleanup_abspat</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span> <span class="pl-c1">=</span>
+  <span class="pl-en">norm_term</span> <span class="pl-c1">[]</span> <span class="pl-en">t</span></pre></div>
+<h4>
+<a id="user-content-matching_problem_of_abs" class="anchor" href="#matching_problem_of_abs" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>matching_problem_of_abs</h4>
 <p>Parse a notation into a matching problem and a continuation.</p>
-<p>Pattern-matching notations are of the form <code>(fun binders… -&gt; continuation)</code>, where <code>binders</code> are of one of the forms <code>var …</code>, <code>hyp …</code>, or <code>goal …</code>. <code>var</code> binders are typed holes to be used in other binders; <code>hyp</code> binders indicate a pattern to be matched against hypotheses; and <code>goal</code> binders match the goal.</p>
-<p>A reduction phase is run to ensure that the pattern looks reasonable; it is needed because F* tends to infer arguments in β-expanded form.</p>
-<p>The continuation returned can't directly be applied to a pattern-matching solution; see <code>interp_abspat_continuation</code> below for that. *</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((arg_type_of_binder_kind binder_kind):(Tac term)):<span class="kw">match</span> binder_kind <span class="kw">with</span> (ABKVar typ)  -&gt; typ | ABKHyp  -&gt; (`(binder)) | ABKGoal  -&gt; (`(<span class="dt">unit</span>))</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">matching_problem_of_abs</span> <span class="pl-c1">(</span><span class="pl-en">tm</span><span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">matching_problem</span> * <span class="pl-en">abspat_continuation</span><span class="pl-c1">)</span> <span class="pl-c1">=</span></pre></div>
+<p>Pattern-matching notations are of the form <code>(fun binders… -&gt; continuation)</code>,
+where <code>binders</code> are of one of the forms <code>var …</code>, <code>hyp …</code>, or <code>goal …</code>.
+<code>var</code> binders are typed holes to be used in other binders; <code>hyp</code> binders
+indicate a pattern to be matched against hypotheses; and <code>goal</code> binders match
+the goal.</p>
+<p>A reduction phase is run to ensure that the pattern looks reasonable; it is
+needed because F* tends to infer arguments in β-expanded form.</p>
+<p>The continuation returned can't directly be applied to a pattern-matching
+solution; see <code>[</code>interp_abspat_continuation<code>](#interp_abspat_continuation)</code> below for that. *</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">binders</span><span class="pl-c1">,</span> <span class="pl-en">body</span> <span class="pl-c1">=</span> <span class="pl-en">binders_and_body_of_abs</span> <span class="pl-c1">(</span><span class="pl-en">cleanup_abspat</span> <span class="pl-en">tm</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+<span class="pl-en">debug</span> <span class="pl-c1">(</span><span class="pl-s"><span class="pl-pds">"</span>Got binders: <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-smi">String.</span><span class="pl-en">concat</span> <span class="pl-s"><span class="pl-pds">"</span>, <span class="pl-pds">"</span></span>
+       <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">name_of_binder</span> <span class="pl-en">b</span> <span class="pl-c1">&lt;:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">string)</span> <span class="pl-en">binders</span><span class="pl-c1">)));</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">classified_binders</span> <span class="pl-c1">=</span>
+  <span class="pl-en">map</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">binder</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-k">let</span> <span class="pl-en">bv_name</span> <span class="pl-c1">=</span> <span class="pl-en">name_of_binder</span> <span class="pl-en">binder</span> <span class="pl-k">in</span>
+      <span class="pl-en">debug</span> <span class="pl-c1">(</span><span class="pl-s"><span class="pl-pds">"</span>Got binder: <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">bv_name</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>; type is <span class="pl-pds">"</span></span> <span class="pl-c1">^</span>
+             <span class="pl-en">term_to_string</span> <span class="pl-c1">(</span><span class="pl-en">type_of_binder</span> <span class="pl-en">binder</span><span class="pl-c1">));</span>
+      <span class="pl-k">let</span> <span class="pl-en">binder_kind</span><span class="pl-c1">,</span> <span class="pl-en">typ</span> <span class="pl-c1">=</span> <span class="pl-en">classify_abspat_binder</span> <span class="pl-en">binder</span> <span class="pl-k">in</span>
+      <span class="pl-c1">(</span><span class="pl-en">binder</span><span class="pl-c1">,</span> <span class="pl-en">bv_name</span><span class="pl-c1">,</span> <span class="pl-en">binder_kind</span><span class="pl-c1">,</span> <span class="pl-en">typ</span><span class="pl-c1">))</span>
+    <span class="pl-en">binders</span> <span class="pl-k">in</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">problem</span> <span class="pl-c1">=</span>
+  <span class="pl-en">fold_left</span>
+    <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">problem</span> <span class="pl-c1">(</span><span class="pl-en">binder</span><span class="pl-c1">,</span> <span class="pl-en">bv_name</span><span class="pl-c1">,</span> <span class="pl-en">binder_kind</span><span class="pl-c1">,</span> <span class="pl-en">typ</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+       <span class="pl-en">debug</span> <span class="pl-c1">(</span><span class="pl-s"><span class="pl-pds">"</span>Compiling binder <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">name_of_binder</span> <span class="pl-en">binder</span> <span class="pl-c1">^</span>
+              <span class="pl-s"><span class="pl-pds">"</span>, classified as <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">string_of_abspat_binder_kind</span> <span class="pl-en">binder_kind</span> <span class="pl-c1">^</span>
+              <span class="pl-s"><span class="pl-pds">"</span>, with type <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">typ</span><span class="pl-c1">);</span>
+       <span class="pl-k">match</span> <span class="pl-en">binder_kind</span> <span class="pl-k">with</span>
+       <span class="pl-c1">|</span> <span class="pl-c1">ABKVar</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">{</span> <span class="pl-en">problem</span> <span class="pl-k">with</span> <span class="pl-en">mp_vars</span> <span class="pl-c1">=</span> <span class="pl-en">bv_name</span> <span class="pl-c1">::</span> <span class="pl-en">problem</span><span class="pl-c1">.</span><span class="pl-en">mp_vars</span> <span class="pl-c1">}</span>
+       <span class="pl-c1">|</span> <span class="pl-c1">ABKHyp</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">{</span> <span class="pl-en">problem</span> <span class="pl-k">with</span> <span class="pl-en">mp_hyps</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">bv_name</span><span class="pl-c1">,</span> <span class="pl-c1">(</span><span class="pl-en">pattern_of_term</span> <span class="pl-en">typ</span><span class="pl-c1">))</span>
+                                           <span class="pl-c1">::</span> <span class="pl-en">problem</span><span class="pl-c1">.</span><span class="pl-en">mp_hyps</span> <span class="pl-c1">}</span>
+       <span class="pl-c1">|</span> <span class="pl-c1">ABKGoal</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">{</span> <span class="pl-en">problem</span> <span class="pl-k">with</span> <span class="pl-en">mp_goal</span> <span class="pl-c1">=</span> <span class="pl-c1">Some</span> <span class="pl-c1">(</span><span class="pl-en">pattern_of_term</span> <span class="pl-en">typ</span><span class="pl-c1">)</span> <span class="pl-c1">})</span>
+    <span class="pl-c1">({</span> <span class="pl-en">mp_vars</span> <span class="pl-c1">=</span> <span class="pl-c1">[];</span> <span class="pl-en">mp_hyps</span> <span class="pl-c1">=</span> <span class="pl-c1">[];</span> <span class="pl-en">mp_goal</span> <span class="pl-c1">=</span> <span class="pl-c1">None</span> <span class="pl-c1">})</span>
+    <span class="pl-en">classified_binders</span> <span class="pl-k">in</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">continuation</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">abspat_argspec_of_binder</span> <span class="pl-en">xx</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">abspat_argspec</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">xx</span> <span class="pl-k">with</span> <span class="pl-c1">|</span> <span class="pl-c1">(</span><span class="pl-en">binder</span><span class="pl-c1">,</span> <span class="pl-en">xx</span><span class="pl-c1">,</span> <span class="pl-en">binder_kind</span><span class="pl-c1">,</span> <span class="pl-en">yy</span><span class="pl-c1">)</span>  <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">{</span> <span class="pl-en">asa_name</span> <span class="pl-c1">=</span> <span class="pl-en">binder</span><span class="pl-c1">;</span> <span class="pl-en">asa_kind</span> <span class="pl-c1">=</span> <span class="pl-en">binder_kind</span> <span class="pl-c1">}</span> <span class="pl-k">in</span>
+  <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">abspat_argspec_of_binder</span> <span class="pl-en">classified_binders</span><span class="pl-c1">,</span> <span class="pl-en">tm</span><span class="pl-c1">)</span> <span class="pl-k">in</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mp</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">{</span> <span class="pl-en">mp_vars</span> <span class="pl-c1">=</span> <span class="pl-smi">List.Tot.Base.</span><span class="pl-en">rev</span> <span class="pl-c1">#</span><span class="pl-en">varname</span> <span class="pl-en">problem</span><span class="pl-c1">.</span><span class="pl-en">mp_vars</span><span class="pl-c1">;</span>
+    <span class="pl-en">mp_hyps</span> <span class="pl-c1">=</span> <span class="pl-smi">List.Tot.Base.</span><span class="pl-en">rev</span> <span class="pl-c1">#(</span><span class="pl-en">varname</span> * <span class="pl-en">pattern</span><span class="pl-c1">)</span> <span class="pl-en">problem</span><span class="pl-c1">.</span><span class="pl-en">mp_hyps</span><span class="pl-c1">;</span>
+    <span class="pl-en">mp_goal</span> <span class="pl-c1">=</span> <span class="pl-en">problem</span><span class="pl-c1">.</span><span class="pl-en">mp_goal</span> <span class="pl-c1">}</span> <span class="pl-k">in</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">debug</span> <span class="pl-c1">(</span><span class="pl-s"><span class="pl-pds">"</span>Got matching problem: <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">string_of_matching_problem</span> <span class="pl-en">mp</span><span class="pl-c1">));</span>
+<span class="pl-en">mp</span><span class="pl-c1">,</span> <span class="pl-en">continuation</span></pre></div>
+<blockquote>
+<h2>
+<a id="user-content-continuations" class="anchor" href="#continuations" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Continuations</h2>
+<p>Parsing an abspat yields a matching problem and a continuation of type
+<code>abspat_continuation</code>, which is essentially just a list of binders and a
+term (the body of the abstraction pattern).</p>
+</blockquote>
+<h4>
+<a id="user-content-arg_type_of_binder_kind" class="anchor" href="#arg_type_of_binder_kind" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>arg_type_of_binder_kind</h4>
 <p>Get the (quoted) type expected by a specific kind of abspat binder. *</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> (locate_fn_of_binder_kind binder_kind):<span class="kw">match</span> binder_kind <span class="kw">with</span> (ABKVar _)  -&gt; (`(ms_locate_var)) | ABKHyp  -&gt; (`(ms_locate_hyp)) | ABKGoal  -&gt; (`(ms_locate_unit))</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">arg_type_of_binder_kind</span> <span class="pl-en">binder_kind</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">binder_kind</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">ABKVar</span> <span class="pl-en">typ</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">typ</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">ABKHyp</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">`</span><span class="pl-en">binder</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">ABKGoal</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">`unit</span></pre></div>
+<h4>
+<a id="user-content-locate_fn_of_binder_kind" class="anchor" href="#locate_fn_of_binder_kind" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>locate_fn_of_binder_kind</h4>
 <p>Retrieve the function used to locate a value for a given abspat binder. *</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((abspat_arg_of_abspat_argspec solution_term (argspec:abspat_argspec)):(Tac term)):<span class="kw">let</span>  loc_fn = locate_fn_of_binder_kind argspec.asa_kind <span class="kw">in</span> <span class="kw">let</span>  name_tm = pack ((Tv_Const ((C_String (name_of_binder argspec.asa_name))))) <span class="kw">in</span> <span class="kw">let</span>  locate_args = (Prims<span class="kw">.</span>Cons ((FStar<span class="kw">.</span>Pervasives<span class="kw">.</span>Native<span class="kw">.</span>Mktuple2 arg_type_of_binder_kind argspec.asa_kind Q_Explicit)) (Prims<span class="kw">.</span>Cons ((FStar<span class="kw">.</span>Pervasives<span class="kw">.</span>Native<span class="kw">.</span>Mktuple2 solution_term Q_Explicit)) (Prims<span class="kw">.</span>Cons ((FStar<span class="kw">.</span>Pervasives<span class="kw">.</span>Native<span class="kw">.</span>Mktuple2 name_tm Q_Explicit)) (Prims<span class="kw">.</span>Nil )))) <span class="kw">in</span> mk_app loc_fn locate_args</code></pre></div>
-<p>Construct a term fetching the value of an abspat argument from a quoted matching solution <code>solution_term</code>. *</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((specialize_abspat_continuation&#39; (continuation:abspat_continuation) (solution_term:term)):(Tac term)):<span class="kw">let</span>  (mk_arg argspec) = ((FStar<span class="kw">.</span>Pervasives<span class="kw">.</span>Native<span class="kw">.</span>Mktuple2 abspat_arg_of_abspat_argspec solution_term argspec Q_Explicit)) <span class="kw">in</span> <span class="kw">let</span>  (argspecs, body) = continuation <span class="kw">in</span> mk_app body (map mk_arg argspecs)</code></pre></div>
-<p>Specialize a continuation of type <code>abspat_continuation</code>. This constructs a fully applied version of <code>continuation</code>, but it requires a quoted solution to be passed in. *</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((specialize_abspat_continuation (continuation:abspat_continuation)):(Tac term)):<span class="kw">let</span>  solution_binder = fresh_binder ((`(matching_solution))) <span class="kw">in</span> <span class="kw">let</span>  solution_term = pack ((Tv_Var (bv_of_binder solution_binder))) <span class="kw">in</span> <span class="kw">let</span>  applied = specialize_abspat_continuation&#39; continuation solution_term <span class="kw">in</span> <span class="kw">let</span>  thunked = pack ((Tv_Abs solution_binder applied)) <span class="kw">in</span> debug (^(<span class="st">&quot;Specialized into &quot;</span>, (term_to_string thunked))); <span class="kw">let</span>  normalized = beta_reduce thunked <span class="kw">in</span> debug (^(<span class="st">&quot;… which reduces to &quot;</span>, (term_to_string normalized))); thunked</code></pre></div>
-<p>Specialize a continuation of type <code>abspat_continuation</code>. This yields a quoted function taking a matching solution and running its body with appropriate bindings. *</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((interp_abspat_continuation (a:Type0) (continuation:abspat_continuation)):(Tac (Unidentified product: [matching_solution] (Tac a)))):<span class="kw">let</span>  applied = specialize_abspat_continuation continuation <span class="kw">in</span> unquote #(Unidentified product: [matching_solution] (Tac a)) applied</code></pre></div>
-<p>Interpret a continuation of type <code>abspat_continuation</code>. This yields a function taking a matching solution and running the body of the continuation with appropriate bindings. *</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((interp_abspat #a (abspat:a)):(Tac <span class="co">(*(matching_problem, abspat_continuation)))):matching_problem_of_abs (quote (abspat))</span></code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">locate_fn_of_binder_kind</span> <span class="pl-en">binder_kind</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">binder_kind</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">ABKVar</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">`</span><span class="pl-en">ms_locate_var</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">ABKHyp</span>   <span class="pl-c1">-&gt;</span> <span class="pl-c1">`</span><span class="pl-en">ms_locate_hyp</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">ABKGoal</span>  <span class="pl-c1">-&gt;</span> <span class="pl-c1">`</span><span class="pl-en">ms_locate_unit</span></pre></div>
+<h4>
+<a id="user-content-abspat_arg_of_abspat_argspec" class="anchor" href="#abspat_arg_of_abspat_argspec" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>abspat_arg_of_abspat_argspec</h4>
+<p>Construct a term fetching the value of an abspat argument from a quoted
+matching solution <code>solution_term</code>. *</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">abspat_arg_of_abspat_argspec</span> <span class="pl-en">solution_term</span> <span class="pl-c1">(</span><span class="pl-en">argspec</span><span class="pl-c1">:</span> <span class="pl-en">abspat_argspec</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">loc_fn</span> <span class="pl-c1">=</span> <span class="pl-en">locate_fn_of_binder_kind</span> <span class="pl-en">argspec</span><span class="pl-c1">.</span><span class="pl-en">asa_kind</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">name_tm</span> <span class="pl-c1">=</span> <span class="pl-en">pack</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_Const</span> <span class="pl-c1">(</span><span class="pl-c1">C_String</span> <span class="pl-c1">(</span><span class="pl-en">name_of_binder</span> <span class="pl-en">argspec</span><span class="pl-c1">.</span><span class="pl-en">asa_name</span><span class="pl-c1">)))</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">locate_args</span> <span class="pl-c1">=</span> <span class="pl-c1">[(</span><span class="pl-en">arg_type_of_binder_kind</span> <span class="pl-en">argspec</span><span class="pl-c1">.</span><span class="pl-en">asa_kind</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">);</span>
+                     <span class="pl-c1">(</span><span class="pl-en">solution_term</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">);</span> <span class="pl-c1">(</span><span class="pl-en">name_tm</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">)]</span> <span class="pl-k">in</span>
+  <span class="pl-en">mk_app</span> <span class="pl-en">loc_fn</span> <span class="pl-en">locate_args</span></pre></div>
+<h4>
+<a id="user-content-specialize_abspat_continuation" class="anchor" href="#specialize_abspat_continuation" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>specialize_abspat_continuation'</h4>
+<p>Specialize a continuation of type <code>abspat_continuation</code>.
+This constructs a fully applied version of <code>continuation</code>, but it requires a
+quoted solution to be passed in. *</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">specialize_abspat_continuation'</span> <span class="pl-c1">(</span><span class="pl-en">continuation</span><span class="pl-c1">:</span> <span class="pl-en">abspat_continuation</span><span class="pl-c1">)</span>
+                                    <span class="pl-c1">(</span><span class="pl-en">solution_term</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">mk_arg</span> <span class="pl-en">argspec</span> <span class="pl-c1">=</span>
+    <span class="pl-c1">(</span><span class="pl-en">abspat_arg_of_abspat_argspec</span> <span class="pl-en">solution_term</span> <span class="pl-en">argspec</span><span class="pl-c1">,</span> <span class="pl-c1">Q_Explicit</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">argspecs</span><span class="pl-c1">,</span> <span class="pl-en">body</span> <span class="pl-c1">=</span> <span class="pl-en">continuation</span> <span class="pl-k">in</span>
+  <span class="pl-en">mk_app</span> <span class="pl-en">body</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-en">mk_arg</span> <span class="pl-en">argspecs</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-specialize_abspat_continuation-1" class="anchor" href="#specialize_abspat_continuation-1" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>specialize_abspat_continuation</h4>
+<p>Specialize a continuation of type <code>abspat_continuation</code>.  This yields a
+quoted function taking a matching solution and running its body with appropriate
+bindings. *</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">specialize_abspat_continuation</span> <span class="pl-c1">(</span><span class="pl-en">continuation</span><span class="pl-c1">:</span> <span class="pl-en">abspat_continuation</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">solution_binder</span> <span class="pl-c1">=</span> <span class="pl-en">fresh_binder</span> <span class="pl-c1">(`</span><span class="pl-en">matching_solution</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">solution_term</span> <span class="pl-c1">=</span> <span class="pl-en">pack</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_Var</span> <span class="pl-c1">(</span><span class="pl-en">bv_of_binder</span> <span class="pl-en">solution_binder</span><span class="pl-c1">))</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">applied</span> <span class="pl-c1">=</span> <span class="pl-en">specialize_abspat_continuation'</span> <span class="pl-en">continuation</span> <span class="pl-en">solution_term</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">thunked</span> <span class="pl-c1">=</span> <span class="pl-en">pack</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_Abs</span> <span class="pl-en">solution_binder</span> <span class="pl-en">applied</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+  <span class="pl-en">debug</span> <span class="pl-c1">(</span><span class="pl-s"><span class="pl-pds">"</span>Specialized into <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">term_to_string</span> <span class="pl-en">thunked</span><span class="pl-c1">));</span>
+  <span class="pl-k">let</span> <span class="pl-en">normalized</span> <span class="pl-c1">=</span> <span class="pl-en">beta_reduce</span> <span class="pl-en">thunked</span> <span class="pl-k">in</span>
+  <span class="pl-en">debug</span> <span class="pl-c1">(</span><span class="pl-s"><span class="pl-pds">"</span>… which reduces to <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">term_to_string</span> <span class="pl-en">normalized</span><span class="pl-c1">));</span>
+  <span class="pl-en">thunked</span></pre></div>
+<h4>
+<a id="user-content-interp_abspat_continuation" class="anchor" href="#interp_abspat_continuation" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>interp_abspat_continuation</h4>
+<p>Interpret a continuation of type <code>abspat_continuation</code>.
+This yields a function taking a matching solution and running the body of the
+continuation with appropriate bindings. *</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">interp_abspat_continuation</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(</span><span class="pl-en">continuation</span><span class="pl-c1">:</span> <span class="pl-en">abspat_continuation</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">matching_solution</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">applied</span> <span class="pl-c1">=</span> <span class="pl-en">specialize_abspat_continuation</span> <span class="pl-en">continuation</span> <span class="pl-k">in</span>
+  <span class="pl-en">unquote</span> <span class="pl-c1">#(</span><span class="pl-en">matching_solution</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">applied</span></pre></div>
+<blockquote>
+<h1>
+<a id="user-content-putting-it-all-together" class="anchor" href="#putting-it-all-together" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Putting it all together</h1>
+<p>We now have all we need to use pattern-matching, short of a few convenience functions:</p>
+</blockquote>
+<h4>
+<a id="user-content-interp_abspat" class="anchor" href="#interp_abspat" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>interp_abspat</h4>
 <p>Construct a matching problem from an abspat. *</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((match_abspat #b #a (abspat:a) (k:Unidentified product: [abspat_continuation] (Tac (Unidentified product: [matching_solution] (Tac b))))):(Tac b)):<span class="kw">let</span>  goal = cur_goal () <span class="kw">in</span> <span class="kw">let</span>  hypotheses = binders_of_env (cur_env ()) <span class="kw">in</span> <span class="kw">let</span>  (problem, continuation) = interp_abspat abspat <span class="kw">in</span> admit (); solve_mp #matching_solution problem hypotheses goal (k continuation)</code></pre></div>
-<p>Construct an solve a matching problem. This higher-order function isn't very usable on its own — it's mostly a convenience function to avoid duplicating the problem-parsing code. *</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((inspect_abspat_problem #a (abspat:a)):(Tac matching_problem)):fst (interp_abspat #a abspat)</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">interp_abspat</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">abspat</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">matching_problem</span> * <span class="pl-en">abspat_continuation</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">matching_problem_of_abs</span> <span class="pl-c1">(</span><span class="pl-en">quote</span> <span class="pl-en">abspat</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-match_abspat" class="anchor" href="#match_abspat" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>match_abspat</h4>
+<p>Construct an solve a matching problem.
+This higher-order function isn't very usable on its own — it's mostly a
+convenience function to avoid duplicating the problem-parsing code. *</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">match_abspat</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">abspat</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+                 <span class="pl-c1">(</span><span class="pl-en">k</span><span class="pl-c1">:</span> <span class="pl-en">abspat_continuation</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">matching_solution</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-en">b</span><span class="pl-c1">))</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">b</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">goal</span> <span class="pl-c1">=</span> <span class="pl-en">cur_goal</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">hypotheses</span> <span class="pl-c1">=</span> <span class="pl-en">binders_of_env</span> <span class="pl-c1">(</span><span class="pl-en">cur_env</span> <span class="pl-c1">())</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">problem</span><span class="pl-c1">,</span> <span class="pl-en">continuation</span> <span class="pl-c1">=</span> <span class="pl-en">interp_abspat</span> <span class="pl-en">abspat</span> <span class="pl-k">in</span>
+  <span class="pl-k">admit</span><span class="pl-c1">();</span>  <span class="pl-c">//NS: imprecision in the encoding of the impure result function type</span>
+  <span class="pl-en">solve_mp</span> <span class="pl-c1">#</span><span class="pl-en">matching_solution</span> <span class="pl-en">problem</span> <span class="pl-en">hypotheses</span> <span class="pl-en">goal</span> <span class="pl-c1">(</span><span class="pl-en">k</span> <span class="pl-en">continuation</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-inspect_abspat_problem" class="anchor" href="#inspect_abspat_problem" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>inspect_abspat_problem</h4>
 <p>Inspect the matching problem produced by parsing an abspat. *</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((inspect_abspat_solution #a (abspat:a)):(Tac matching_solution)):match_abspat abspat ((<span class="kw">fun</span> _ -&gt; (((<span class="kw">fun</span> solution -&gt; solution)) : (Tac _))))</code></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">inspect_abspat_problem</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">abspat</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">matching_problem</span> <span class="pl-c1">=</span>
+  <span class="pl-en">fst</span> <span class="pl-c1">(</span><span class="pl-en">interp_abspat</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">abspat</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-inspect_abspat_solution" class="anchor" href="#inspect_abspat_solution" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>inspect_abspat_solution</h4>
 <p>Inspect the matching solution produced by parsing and solving an abspat. *</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((gpm #b #a (abspat:a) ()):(Tac b)):<span class="kw">let</span>  (continuation, solution) = match_abspat abspat tpair <span class="kw">in</span> interp_abspat_continuation b continuation solution</code></pre></div>
-<p>Solve a greedy pattern-matching problem and run its continuation. This if for pattern-matching problems in the <code>Tac</code> effect. *</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">let</span> ((pm #b #a (abspat:a)):(Tac b)):match_abspat abspat (interp_abspat_continuation b)</code></pre></div>
-<p>Solve a greedy pattern-matching problem and run its continuation. This if for pattern-matching problems in the <code>Tac</code> effect. *</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">inspect_abspat_solution</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">abspat</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">matching_solution</span> <span class="pl-c1">=</span>
+  <span class="pl-en">match_abspat</span> <span class="pl-en">abspat</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">solution</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">solution</span> <span class="pl-c1">&lt;:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">_</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">tpair</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">=</span>
+  <span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">,</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<p>Our first convenient entry point!</p>
+<p>This takes an abspat, parses it, computes a solution, and runs the body of
+the abspat with appropriate bindings.  It implements what others call ‘lazy’
+pattern-matching, so called because the success of the body of the pattern
+isn't taken into account when deciding whether a particular set of matched
+hypothesis should be retained.  In other words, it picks the first matching
+set of hypotheses, and commits to it.</p>
+<p>If you think that sounds like a greedy algorithm, it does.  That's why it's
+called ‘gpm’ below: greedy pattern-matching.</p>
+</blockquote>
+<h4>
+<a id="user-content-gpm" class="anchor" href="#gpm" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>gpm</h4>
+<p>Solve a greedy pattern-matching problem and run its continuation.
+This if for pattern-matching problems in the <code>Tac</code> effect. *</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">gpm</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">abspat</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">b</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">continuation</span><span class="pl-c1">,</span> <span class="pl-en">solution</span> <span class="pl-c1">=</span> <span class="pl-en">match_abspat</span> <span class="pl-en">abspat</span> <span class="pl-en">tpair</span> <span class="pl-k">in</span>
+  <span class="pl-en">interp_abspat_continuation</span> <span class="pl-en">b</span> <span class="pl-en">continuation</span> <span class="pl-en">solution</span></pre></div>
+<blockquote>
+<p>And here's the non-greedy version of the same.  It's informative to compare
+the implementations!  This one will only find assignments that let the body
+run successfuly.</p>
+</blockquote>
+<h4>
+<a id="user-content-pm" class="anchor" href="#pm" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>pm</h4>
+<p>Solve a greedy pattern-matching problem and run its continuation.
+This if for pattern-matching problems in the <code>Tac</code> effect. *</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">pm</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">abspat</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">b</span> <span class="pl-c1">=</span>
+  <span class="pl-en">match_abspat</span> <span class="pl-en">abspat</span> <span class="pl-c1">(</span><span class="pl-en">interp_abspat_continuation</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<h1>
+<a id="user-content-examples" class="anchor" href="#examples" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Examples</h1>
+<p>We conclude with a small set of examples.</p>
+</blockquote>
+<blockquote>
+<h2>
+<a id="user-content-simple-examples" class="anchor" href="#simple-examples" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Simple examples</h2>
+<p>Here's the example from the intro, which we can now run!</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">fetch_eq_side'</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">term</span> * <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">gpm</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">left</span> <span class="pl-en">right</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">g</span><span class="pl-c1">:</span> <span class="pl-en">pm_goal</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">left</span> <span class="pl-c1">==</span> <span class="pl-en">right</span><span class="pl-c1">)))</span> <span class="pl-c1">-&gt;</span>
+         <span class="pl-c1">(</span><span class="pl-en">quote</span> <span class="pl-en">left</span><span class="pl-c1">,</span> <span class="pl-en">quote</span> <span class="pl-en">right</span><span class="pl-c1">))</span> <span class="pl-c1">()</span></pre></div>
+<p>TODO: GM: The following definition breaks extraction with</p>
+<p>FStar.Tactics.Effect.fst(20,16-20,21): (Error 76) Ill-typed application: application is FStar.Tactics.PatternMatching.fetch_eq_side' (FStar.Tactics.Types.incr_depth (FStar.Tactics.Types.set_proofstate_range
+ps
+(FStar.Range.prims_to_fstar_range FStar.Tactics.PatternMatching.fst(811,26-811,45))))
+remaining args are FStar.Tactics.Types.incr_depth (FStar.Tactics.Types.set_proofstate_range ps
+(FStar.Range.prims_to_fstar_range FStar.Tactics.PatternMatching.fst(811,26-811,45)))
+ml type of head is (FStar_Reflection_Types.term * FStar_Reflection_Types.term)</p>
+<p>let _ =</p>
+<p>assert_by_tactic (1 + 1 == 2)</p>
+<p>(fun () -&gt; let l, r = fetch_eq_side' #int in</p>
+<p>print (term_to_string l ^ " / " ^ term_to_string r))</p>
+<p>let _ =</p>
+<p>assert_by_tactic (1 + 1 == 2)</p>
+<p>(gpm (fun (left right: int) (g: pm_goal (squash (left == right))) -&gt;</p>
+<p>let l, r = quote left, quote right in</p>
+<p>print (term_to_string l ^ " / " ^ term_to_string r) &lt;: Tac unit))</p>
+<blockquote>
+<p>Commenting out the following example and comparing <code>[</code>pm<code>](#pm)</code> and <code>[</code>gpm<code>](#gpm)</code> can be
+instructive:</p>
+</blockquote>
+<p>let test_bt (a: Type0) (b: Type0) (c: Type0) (d: Type0) =
+assert_by_tactic ((a ==&gt; d) ==&gt; (b ==&gt; d) ==&gt; (c ==&gt; d) ==&gt; a ==&gt; d)
+(fun () -&gt; repeat' implies_intro';
+gpm (fun (a b: Type0) (h: hyp (a ==&gt; b)) -&gt;
+print (binder_to_string h);
+fail "fail here" &lt;: Tac unit);
+qed ())</p>
+<blockquote>
+<h2>
+<a id="user-content-a-real-life-example" class="anchor" href="#a-real-life-example" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>A real-life example</h2>
+<p>The following tactics combines mutliple simple building blocks to solve a
+goal.  Each use of <code>lpm</code> recognizes a specific pattern; and each tactic is
+tried in succession, until one succeeds.  The whole process is repeated as
+long as at least one tactic succeeds.</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">example</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">(#</span><span class="pl-en">c</span><span class="pl-c1">:Type0)</span> <span class="pl-c1">:unit</span> <span class="pl-c1">=</span>
+  <span class="pl-en">assert_by_tactic</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">/\</span> <span class="pl-en">b</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">c</span> <span class="pl-c1">==</span> <span class="pl-en">b</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">repeat'</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span>
+                 <span class="pl-en">gpm</span> <span class="pl-c1">#unit</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-en">hyp</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-en">a</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span>
+                              <span class="pl-en">clear</span> <span class="pl-en">h</span> <span class="pl-c1">&lt;:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit)</span> <span class="pl-c1">`</span><span class="pl-en">or_else</span><span class="pl-c1">`</span>
+                 <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">gpm</span> <span class="pl-c1">#unit</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">(</span><span class="pl-en">g</span><span class="pl-c1">:</span> <span class="pl-en">pm_goal</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">b</span><span class="pl-c1">)))</span> <span class="pl-c1">-&gt;</span>
+                              <span class="pl-en">implies_intro'</span> <span class="pl-c1">()</span> <span class="pl-c1">&lt;:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit)</span> <span class="pl-c1">`</span><span class="pl-en">or_else</span><span class="pl-c1">`</span>
+                 <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">gpm</span> <span class="pl-c1">#unit</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-en">hyp</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">/\</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span>
+                              <span class="pl-en">and_elim'</span> <span class="pl-en">h</span> <span class="pl-c1">&lt;:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit)</span> <span class="pl-c1">`</span><span class="pl-en">or_else</span><span class="pl-c1">`</span>
+                 <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">gpm</span> <span class="pl-c1">#unit</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">:</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-en">hyp</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">==</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">g</span><span class="pl-c1">:</span> <span class="pl-en">pm_goal</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-en">a</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span>
+                              <span class="pl-en">rewrite</span> <span class="pl-en">h</span> <span class="pl-c1">&lt;:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit)</span> <span class="pl-c1">`</span><span class="pl-en">or_else</span><span class="pl-c1">`</span>
+                 <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">gpm</span> <span class="pl-c1">#unit</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type0)</span> <span class="pl-c1">(</span><span class="pl-en">h</span><span class="pl-c1">:</span> <span class="pl-en">hyp</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">g</span><span class="pl-c1">:</span> <span class="pl-en">pm_goal</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-en">a</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span>
+                              <span class="pl-en">exact_hyp</span> <span class="pl-en">a</span> <span class="pl-en">h</span> <span class="pl-c1">&lt;:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit)</span> <span class="pl-c1">())))));</span>
+               <span class="pl-en">qed</span> <span class="pl-c1">())</span></pre></div>
+<blockquote>
+<h1>
+<a id="user-content-possible-extensions" class="anchor" href="#possible-extensions" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Possible extensions</h1>
+<p>The following tasks would make for interesting extensions of this
+experiment:</p>
+<ul>
+<li>Handling multiple goal patterns (easy)</li>
+<li>Extending the matching language (match under binders?)</li>
+<li>Introducing specialized syntax</li>
+<li>Thinking about a sound way of supporting ‘match-anything’ patterns in
+abspat notations</li>
+<li>Using the normalizer to partially-evaluated pattern-matching tactics</li>
+<li>Migrating to a compile-time version of <code>quote</code>
+</li>
+</ul>
+</blockquote>
+
 </body>
 </html>
diff --git a/docs/FStar.Tactics.Print.html b/docs/FStar.Tactics.Print.html
new file mode 100644
index 0000000..31bfd06
--- /dev/null
+++ b/docs/FStar.Tactics.Print.html
@@ -0,0 +1,89 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+  <title>FStar.Tactics.Print</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
+</head>
+<body>
+<h1>
+<a id="user-content-fstartacticsprint" class="anchor" href="#fstartacticsprint" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Tactics.Print</h1>
+<ul>
+<li>Opens module <a href="FStar.Reflection.html">FStar.Reflection</a>
+</li>
+<li>Opens module <a href="FStar.Tactics.Effect.html">FStar.Tactics.Effect</a>
+</li>
+<li>Opens module <a href="FStar.Tactics.Builtins.html">FStar.Tactics.Builtins</a>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">paren</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:string)</span> <span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">=</span> <span class="pl-s"><span class="pl-pds">"</span>(<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">s</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>)<span class="pl-pds">"</span></span></pre></div>
+<p>TODO: making this a local definition in print_list fails to extract.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">print_list_aux</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">string)</span> <span class="pl-c1">(</span><span class="pl-en">xs</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">string</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">xs</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span><span class="pl-pds">"</span></span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[</span><span class="pl-en">x</span><span class="pl-c1">]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span> <span class="pl-en">x</span>
+  <span class="pl-c1">|</span> <span class="pl-en">x</span><span class="pl-c1">::</span><span class="pl-en">xs</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>; <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">print_list_aux</span> <span class="pl-en">f</span> <span class="pl-en">xs</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">print_list</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">string)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">string</span> <span class="pl-c1">=</span>
+   <span class="pl-s"><span class="pl-pds">"</span>[<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">print_list_aux</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>]<span class="pl-pds">"</span></span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">term_to_ast_string</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">string</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">inspect</span> <span class="pl-en">t</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_Var</span> <span class="pl-en">bv</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Tv_Var <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">bv_to_string</span> <span class="pl-en">bv</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_BVar</span> <span class="pl-en">bv</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Tv_BVar <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">bv_to_string</span> <span class="pl-en">bv</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-en">fv</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Tv_FVar <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">fv_to_string</span> <span class="pl-en">fv</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_App</span> <span class="pl-en">hd</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">,</span> <span class="pl-c1">_</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Tv_App <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">paren</span> <span class="pl-c1">(</span><span class="pl-en">term_to_ast_string</span> <span class="pl-en">hd</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>, <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_ast_string</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_Abs</span> <span class="pl-en">x</span> <span class="pl-en">e</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Tv_Abs <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">paren</span> <span class="pl-c1">(</span><span class="pl-en">binder_to_string</span> <span class="pl-en">x</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>, <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_ast_string</span> <span class="pl-en">e</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_Arrow</span> <span class="pl-en">x</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Tv_Arrow <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">paren</span> <span class="pl-c1">(</span><span class="pl-en">binder_to_string</span> <span class="pl-en">x</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>, <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">comp_to_ast_string</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_Type</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Type<span class="pl-pds">"</span></span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_Refine</span> <span class="pl-en">x</span> <span class="pl-en">e</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Tv_Refine <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">paren</span> <span class="pl-c1">(</span><span class="pl-en">bv_to_string</span> <span class="pl-en">x</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>, <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_ast_string</span> <span class="pl-en">e</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_Const</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">const_to_ast_string</span> <span class="pl-en">c</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_Uvar</span> <span class="pl-en">i</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Tv_Uvar <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">string_of_int</span> <span class="pl-en">i</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_Let</span> <span class="pl-en">recf</span> <span class="pl-c1">_</span> <span class="pl-en">x</span> <span class="pl-en">e1</span> <span class="pl-en">e2</span> <span class="pl-c1">-&gt;</span>
+           <span class="pl-s"><span class="pl-pds">"</span>Tv_Let <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">paren</span> <span class="pl-c1">(</span><span class="pl-en">string_of_bool</span> <span class="pl-en">recf</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>, <span class="pl-pds">"</span></span> <span class="pl-c1">^</span>
+                              <span class="pl-en">bv_to_string</span> <span class="pl-en">x</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>, <span class="pl-pds">"</span></span> <span class="pl-c1">^</span>
+                              <span class="pl-en">term_to_ast_string</span> <span class="pl-en">e1</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>, <span class="pl-pds">"</span></span> <span class="pl-c1">^</span>
+                              <span class="pl-en">term_to_ast_string</span> <span class="pl-en">e2</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_Match</span> <span class="pl-en">e</span> <span class="pl-en">ret_opt</span> <span class="pl-en">brs</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">let</span> <span class="pl-en">tacopt_to_string</span> <span class="pl-en">tacopt</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">string</span> <span class="pl-c1">=</span>
+      <span class="pl-k">match</span> <span class="pl-en">tacopt</span> <span class="pl-k">with</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span><span class="pl-pds">"</span></span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">tac</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span> by <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">term_to_ast_string</span> <span class="pl-en">tac</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+    <span class="pl-s"><span class="pl-pds">"</span>Tv_Match <span class="pl-pds">"</span></span> <span class="pl-c1">^</span>
+      <span class="pl-en">paren</span> <span class="pl-c1">(</span>
+        <span class="pl-en">term_to_ast_string</span> <span class="pl-en">e</span> <span class="pl-c1">^</span>
+        <span class="pl-s"><span class="pl-pds">"</span>, <span class="pl-pds">"</span></span> <span class="pl-c1">^</span>
+        <span class="pl-c1">(</span><span class="pl-k">match</span> <span class="pl-en">ret_opt</span> <span class="pl-k">with</span>
+         <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>None<span class="pl-pds">"</span></span>
+         <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-c1">(</span><span class="pl-c1">Inl</span> <span class="pl-en">t</span><span class="pl-c1">,</span> <span class="pl-en">tacopt</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">term_to_ast_string</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">tacopt_to_string</span> <span class="pl-en">tacopt</span><span class="pl-c1">)</span>
+         <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-c1">(</span><span class="pl-c1">Inr</span> <span class="pl-en">c</span><span class="pl-c1">,</span> <span class="pl-en">tacopt</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">comp_to_ast_string</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">^</span> <span class="pl-c1">(</span><span class="pl-en">tacopt_to_string</span> <span class="pl-en">tacopt</span><span class="pl-c1">))</span> <span class="pl-c1">^</span>
+        <span class="pl-s"><span class="pl-pds">"</span>, <span class="pl-pds">"</span></span> <span class="pl-c1">^</span>
+        <span class="pl-en">branches_to_ast_string</span> <span class="pl-en">brs</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_AscribedT</span> <span class="pl-en">e</span> <span class="pl-en">t</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Tv_AscribedT <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">paren</span> <span class="pl-c1">(</span><span class="pl-en">term_to_ast_string</span> <span class="pl-en">e</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>, <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_ast_string</span> <span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_AscribedC</span> <span class="pl-en">e</span> <span class="pl-en">c</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Tv_AscribedC <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">paren</span> <span class="pl-c1">(</span><span class="pl-en">term_to_ast_string</span> <span class="pl-en">e</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>, <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">comp_to_ast_string</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Tv_Unknown</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>_<span class="pl-pds">"</span></span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">and</span> <span class="pl-en">branches_to_ast_string</span> <span class="pl-c1">(</span><span class="pl-en">brs</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">branch</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">string</span> <span class="pl-c1">=</span>
+  <span class="pl-en">print_list</span> <span class="pl-en">branch_to_ast_string</span> <span class="pl-en">brs</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">and</span> <span class="pl-en">branch_to_ast_string</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">branch</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">string</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">p</span><span class="pl-c1">,</span> <span class="pl-en">e</span> <span class="pl-c1">=</span> <span class="pl-en">b</span> <span class="pl-k">in</span>
+  <span class="pl-en">paren</span> <span class="pl-c1">(</span><span class="pl-s"><span class="pl-pds">"</span>_pat, <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_ast_string</span> <span class="pl-en">e</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">and</span> <span class="pl-en">comp_to_ast_string</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span><span class="pl-en">comp</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">string</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">inspect_comp</span> <span class="pl-en">c</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">C_Total</span> <span class="pl-en">t</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Tot <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_ast_string</span> <span class="pl-en">t</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">C_GTotal</span> <span class="pl-en">t</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>GTot <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_ast_string</span> <span class="pl-en">t</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">C_Lemma</span> <span class="pl-en">pre</span> <span class="pl-en">post</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Lemma <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_ast_string</span> <span class="pl-en">pre</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span> <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_ast_string</span> <span class="pl-en">post</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">C_Eff</span> <span class="pl-c1">_</span> <span class="pl-en">eff</span> <span class="pl-en">res</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>Effect <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">paren</span> <span class="pl-c1">(</span><span class="pl-en">implode_qn</span> <span class="pl-en">eff</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>, <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_ast_string</span> <span class="pl-en">res</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">and</span> <span class="pl-en">const_to_ast_string</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span><span class="pl-en">vconst</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">string</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">c</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">C_Unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>C_Unit<span class="pl-pds">"</span></span>
+  <span class="pl-c1">|</span> <span class="pl-c1">C_Int</span> <span class="pl-en">i</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>C_Int <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">string_of_int</span> <span class="pl-en">i</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">C_True</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>C_True<span class="pl-pds">"</span></span>
+  <span class="pl-c1">|</span> <span class="pl-c1">C_False</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>C_False<span class="pl-pds">"</span></span>
+  <span class="pl-c1">|</span> <span class="pl-c1">C_String</span> <span class="pl-en">s</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>C_String <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">s</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">C_Range</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>C_Range _<span class="pl-pds">"</span></span>
+  <span class="pl-c1">|</span> <span class="pl-c1">C_Reify</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>C_Reify<span class="pl-pds">"</span></span>
+  <span class="pl-c1">|</span> <span class="pl-c1">C_Reflect</span> <span class="pl-en">name</span> <span class="pl-c1">-&gt;</span> <span class="pl-s"><span class="pl-pds">"</span>C_Reflect <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">implode_qn</span> <span class="pl-en">name</span></pre></div>
+
+</body>
+</html>
diff --git a/docs/FStar.Tactics.Result.html b/docs/FStar.Tactics.Result.html
index 64a614e..9053cdb 100644
--- a/docs/FStar.Tactics.Result.html
+++ b/docs/FStar.Tactics.Result.html
@@ -1,16 +1,31 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Tactics.Result</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.tactics.result">module FStar.Tactics.Result</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstartacticsresult" class="anchor" href="#fstartacticsresult" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Tactics.Result</h1>
+<p>This file is never extracted. It's a copy of the one with the same name in
+the compiler.  It lives here so that one doesn't need to adjust their load
+path to use tactics from ulib.</p>
+<ul>
+<li>Opens module <a href="FStar.Tactics.Types.html">FStar.Tactics.Types</a>
+This refers to FStar.Tactics.Types.fsti in ulib, which just has an abstract
+definition of proofstate.</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">noeq</span> <span class="pl-k">type</span> <span class="pl-en">__result</span> <span class="pl-en">a</span> <span class="pl-c1">=</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Success</span> <span class="pl-c1">:</span> <span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">ps</span><span class="pl-c1">:</span><span class="pl-en">proofstate</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">__result</span> <span class="pl-en">a</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Failed</span>  <span class="pl-c1">:</span> <span class="pl-en">exn</span><span class="pl-c1">:</span><span class="pl-en">exn</span>         <span class="pl-c"><span class="pl-c">(*</span> Error <span class="pl-c">*)</span></span>
+              <span class="pl-c1">-&gt;</span> <span class="pl-en">ps</span><span class="pl-c1">:</span><span class="pl-en">proofstate</span>  <span class="pl-c"><span class="pl-c">(*</span> The proofstate at time of failure <span class="pl-c">*)</span></span>
+              <span class="pl-c1">-&gt;</span> <span class="pl-en">__result</span> <span class="pl-en">a</span></pre></div>
+<p>A bit of help for the SMT, unsure if still needed</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">result_split</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">__result</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-c1">Success</span><span class="pl-c1">?</span> <span class="pl-en">r</span> <span class="pl-c1">\/</span> <span class="pl-c1">Failed</span><span class="pl-c1">?</span> <span class="pl-en">r</span><span class="pl-c1">)</span>
+          <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-c1">Success</span><span class="pl-c1">?</span> <span class="pl-en">r</span><span class="pl-c1">);</span> <span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-c1">Failed</span><span class="pl-c1">?</span> <span class="pl-en">r</span><span class="pl-c1">)]</span>
+  <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Tactics.Simplifier.html b/docs/FStar.Tactics.Simplifier.html
index 655f50f..cc00322 100644
--- a/docs/FStar.Tactics.Simplifier.html
+++ b/docs/FStar.Tactics.Simplifier.html
@@ -1,16 +1,240 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Tactics.Simplifier</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.tactics.simplifier">module FStar.Tactics.Simplifier</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstartacticssimplifier" class="anchor" href="#fstartacticssimplifier" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Tactics.Simplifier</h1>
+<ul>
+<li>Opens module <a href="FStar.Tactics.html">FStar.Tactics</a>
+</li>
+<li>Opens module <a href="FStar.Reflection.Formula.html">FStar.Reflection.Formula</a>
+</li>
+<li>Opens module <a href="FStar.Reflection.Const.html">FStar.Reflection.Const</a>
+</li>
+</ul>
+<p>A correct-by-construction logical simplifier
+*</p>
+<ul>
+<li>No calling <code>norm </code>simpl``, that's cheating!</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lem_iff_refl</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lem_iff_refl</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lem_iff_trans</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">c</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">b</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+                                                            <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lem_iff_trans</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">#</span><span class="pl-en">c</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">tiff</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">lem_iff_refl</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">step</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">lem_iff_trans</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lem_true_and_p</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">p</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-c1">True</span> <span class="pl-c1">/\</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">p</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lem_true_and_p</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lem_p_and_true</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">p</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">p</span> <span class="pl-c1">/\</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">p</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lem_p_and_true</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lem_false_and_p</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">p</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-c1">False</span> <span class="pl-c1">/\</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">False</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lem_false_and_p</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lem_p_and_false</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">p</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">p</span> <span class="pl-c1">/\</span> <span class="pl-c1">False</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">False</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lem_p_and_false</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lem_true_or_p</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">p</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-c1">True</span> <span class="pl-c1">\/</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lem_true_or_p</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lem_p_or_true</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">p</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">p</span> <span class="pl-c1">\/</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lem_p_or_true</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lem_false_or_p</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">p</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-c1">False</span> <span class="pl-c1">\/</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">p</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lem_false_or_p</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lem_p_or_false</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">p</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">p</span> <span class="pl-c1">\/</span> <span class="pl-c1">False</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">p</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lem_p_or_false</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lem_true_imp_p</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">p</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-c1">True</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">p</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lem_true_imp_p</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lem_p_imp_true</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">p</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">p</span> <span class="pl-c1">==&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lem_p_imp_true</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lem_false_imp_p</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">p</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-c1">False</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lem_false_imp_p</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lem_fa_true</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lem_fa_true</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lem_fa_false</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-c1">False</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">False</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lem_fa_false</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lem_ex_false</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-k">exists</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-c1">False</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">False</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lem_ex_false</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lem_ex_true</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-k">exists</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lem_ex_true</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lem_neg_false</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(~</span><span class="pl-c1">False</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lem_neg_false</span> <span class="pl-c1">()</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lem_neg_true</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(~</span><span class="pl-c1">True</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">False</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lem_neg_true</span> <span class="pl-c1">()</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lem_true_iff_p</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">p</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-c1">True</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">p</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lem_true_iff_p</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lem_false_iff_p</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">p</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-c1">False</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">~</span><span class="pl-en">p</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lem_false_iff_p</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lem_p_iff_true</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">p</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">p</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">p</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lem_p_iff_true</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lem_p_iff_false</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">p</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">p</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">False</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">~</span><span class="pl-en">p</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lem_p_iff_false</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">and_cong</span> <span class="pl-c1">(#</span><span class="pl-en">p</span> <span class="pl-c1">#</span><span class="pl-en">q</span> <span class="pl-c1">#</span><span class="pl-en">p'</span> <span class="pl-c1">#</span><span class="pl-en">q'</span> <span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">:</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">p'</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+                                      <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">q</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">q'</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+                                      <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">p</span> <span class="pl-c1">/\</span> <span class="pl-en">q</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">(</span><span class="pl-en">p'</span> <span class="pl-c1">/\</span> <span class="pl-en">q'</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">and_cong</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">#</span><span class="pl-en">q</span> <span class="pl-c1">#</span><span class="pl-en">p'</span> <span class="pl-c1">#</span><span class="pl-en">q'</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">or_cong</span> <span class="pl-c1">(#</span><span class="pl-en">p</span> <span class="pl-c1">#</span><span class="pl-en">q</span> <span class="pl-c1">#</span><span class="pl-en">p'</span> <span class="pl-c1">#</span><span class="pl-en">q'</span> <span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">:</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">p'</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+                                     <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">q</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">q'</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+                                     <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">p</span> <span class="pl-c1">\/</span> <span class="pl-en">q</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">(</span><span class="pl-en">p'</span> <span class="pl-c1">\/</span> <span class="pl-en">q'</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">or_cong</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">#</span><span class="pl-en">q</span> <span class="pl-c1">#</span><span class="pl-en">p'</span> <span class="pl-c1">#</span><span class="pl-en">q'</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">imp_cong</span> <span class="pl-c1">(#</span><span class="pl-en">p</span> <span class="pl-c1">#</span><span class="pl-en">q</span> <span class="pl-c1">#</span><span class="pl-en">p'</span> <span class="pl-c1">#</span><span class="pl-en">q'</span> <span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">:</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">p'</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+                                      <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">q</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">q'</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span>
+                                      <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">p</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">q</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">(</span><span class="pl-en">p'</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">q'</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">imp_cong</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">#</span><span class="pl-en">q</span> <span class="pl-c1">#</span><span class="pl-en">p'</span> <span class="pl-c1">#</span><span class="pl-en">q'</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">fa_cong</span> <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">p</span> <span class="pl-c1">#</span><span class="pl-en">q</span> <span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span> <span class="pl-c1">:</span>
+    <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">q</span> <span class="pl-en">x</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">(</span><span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-en">q</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">fa_cong</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">#</span><span class="pl-en">q</span> <span class="pl-en">f</span> <span class="pl-c1">=</span> <span class="pl-k">admit</span><span class="pl-c1">()</span> <span class="pl-c">//fix, this should certainly be provable</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">ex_cong</span> <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(#</span><span class="pl-en">p</span> <span class="pl-c1">#</span><span class="pl-en">q</span> <span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span> <span class="pl-c1">:</span>
+    <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">q</span> <span class="pl-en">x</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-k">exists</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">(</span><span class="pl-k">exists</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-en">q</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">ex_cong</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">#</span><span class="pl-en">q</span> <span class="pl-en">f</span> <span class="pl-c1">=</span> <span class="pl-k">admit</span><span class="pl-c1">()</span> <span class="pl-c">//fix, this should certainly be provable</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">neg_cong</span> <span class="pl-c1">(#</span><span class="pl-en">p</span> <span class="pl-c1">#</span><span class="pl-en">q</span><span class="pl-c1">:Type)</span> <span class="pl-c1">:</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">q</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(~</span><span class="pl-en">p</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">~</span><span class="pl-en">q</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">neg_cong</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">#</span><span class="pl-en">q</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">iff_cong</span> <span class="pl-c1">(#</span><span class="pl-en">p</span> <span class="pl-c1">#</span><span class="pl-en">p'</span> <span class="pl-c1">#</span><span class="pl-en">q</span> <span class="pl-c1">#</span><span class="pl-en">q'</span> <span class="pl-c1">:</span> <span class="pl-c1">Type)</span> <span class="pl-c1">:</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">p'</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">q</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">q'</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">p</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">q</span><span class="pl-c1">)</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-c1">(</span><span class="pl-en">p'</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">q'</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">iff_cong</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">#</span><span class="pl-en">p'</span> <span class="pl-c1">#</span><span class="pl-en">q</span> <span class="pl-c1">#</span><span class="pl-en">q'</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<p>Absolutely hideous, do something about normalization</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">is_true</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">bool</span>
+<span class="pl-k">let</span> <span class="pl-en">is_true</span> <span class="pl-en">t</span> <span class="pl-c1">=</span>
+    <span class="pl-k">begin</span> <span class="pl-k">match</span> <span class="pl-en">term_as_formula'</span> <span class="pl-en">t</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">True_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">true</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">begin</span> <span class="pl-k">match</span> <span class="pl-en">inspect_ln</span> <span class="pl-en">t</span> <span class="pl-k">with</span>
+           <span class="pl-c1">|</span> <span class="pl-c1">Tv_App</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span>
+            <span class="pl-k">begin</span> <span class="pl-k">match</span> <span class="pl-en">inspect_ln</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+            <span class="pl-c1">|</span> <span class="pl-c1">Tv_Abs</span> <span class="pl-en">b</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span>
+                <span class="pl-k">begin</span> <span class="pl-k">match</span> <span class="pl-en">term_as_formula'</span> <span class="pl-en">t</span> <span class="pl-k">with</span>
+                <span class="pl-c1">|</span> <span class="pl-c1">True_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">true</span>
+                <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">false</span>
+                <span class="pl-k">end</span>
+            <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">false</span>
+            <span class="pl-k">end</span>
+           <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">false</span>
+           <span class="pl-k">end</span>
+    <span class="pl-k">end</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">is_false</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">bool</span>
+<span class="pl-k">let</span> <span class="pl-en">is_false</span> <span class="pl-en">t</span> <span class="pl-c1">=</span>
+    <span class="pl-k">begin</span> <span class="pl-k">match</span> <span class="pl-en">term_as_formula'</span> <span class="pl-en">t</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">False_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">true</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">begin</span> <span class="pl-k">match</span> <span class="pl-en">inspect_ln</span> <span class="pl-en">t</span> <span class="pl-k">with</span>
+           <span class="pl-c1">|</span> <span class="pl-c1">Tv_App</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span>
+            <span class="pl-k">begin</span> <span class="pl-k">match</span> <span class="pl-en">inspect_ln</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+            <span class="pl-c1">|</span> <span class="pl-c1">Tv_Abs</span> <span class="pl-en">b</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span>
+                <span class="pl-k">begin</span> <span class="pl-k">match</span> <span class="pl-en">term_as_formula'</span> <span class="pl-en">t</span> <span class="pl-k">with</span>
+                <span class="pl-c1">|</span> <span class="pl-c1">False_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">true</span>
+                <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">false</span>
+                <span class="pl-k">end</span>
+            <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">false</span>
+            <span class="pl-k">end</span>
+           <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">false</span>
+           <span class="pl-k">end</span>
+    <span class="pl-k">end</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">inhabit</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span>
+<span class="pl-k">let</span> <span class="pl-en">inhabit</span> <span class="pl-c1">()</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">t</span> <span class="pl-c1">=</span> <span class="pl-en">cur_goal</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+    <span class="pl-k">match</span> <span class="pl-en">inspect_ln</span> <span class="pl-en">t</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_FVar</span> <span class="pl-en">fv</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">let</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">inspect_fv</span> <span class="pl-en">fv</span> <span class="pl-k">in</span>
+             <span class="pl-k">if</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">int_lid</span>  <span class="pl-k">then</span> <span class="pl-en">exact</span> <span class="pl-c1">(`</span><span class="pl-c1">42</span><span class="pl-c1">)</span>
+        <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">bool_lid</span> <span class="pl-k">then</span> <span class="pl-en">exact</span> <span class="pl-c1">(`</span><span class="pl-c1">true</span><span class="pl-c1">)</span>
+        <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">qn</span> <span class="pl-c1">=</span> <span class="pl-en">unit_lid</span> <span class="pl-k">then</span> <span class="pl-en">exact</span> <span class="pl-c1">(`())</span>
+        <span class="pl-k">else</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span><span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span><span class="pl-pds">"</span></span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">simplify_point</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span>
+<span class="pl-k">val</span> <span class="pl-en">recurse</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">simplify_point</span> <span class="pl-c1">()</span> <span class="pl-c1">=</span></pre></div>
+<p>dump "1 ALIVE";</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">recurse</span> <span class="pl-c1">();</span>
+<span class="pl-en">norm</span> <span class="pl-c1">[];</span>
+<span class="pl-k">let</span> <span class="pl-en">g</span> <span class="pl-c1">=</span> <span class="pl-en">cur_goal</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+<span class="pl-k">let</span> <span class="pl-en">f</span> <span class="pl-c1">=</span> <span class="pl-en">term_as_formula</span> <span class="pl-en">g</span> <span class="pl-k">in</span></pre></div>
+<p>print ("1 g = " ^ term_to_string g);</p>
+<p>print ("1 f = " ^ formula_to_string f);</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">match</span> <span class="pl-en">f</span> <span class="pl-k">with</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Iff</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">begin</span> <span class="pl-k">match</span> <span class="pl-en">term_as_formula'</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">And</span> <span class="pl-en">p</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span>
+             <span class="pl-k">if</span> <span class="pl-en">is_true</span> <span class="pl-en">p</span>  <span class="pl-k">then</span> <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">lem_true_and_p</span><span class="pl-c1">)</span>
+        <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">is_true</span> <span class="pl-en">q</span>  <span class="pl-k">then</span> <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">lem_p_and_true</span><span class="pl-c1">)</span>
+        <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">is_false</span> <span class="pl-en">p</span> <span class="pl-k">then</span> <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">lem_false_and_p</span><span class="pl-c1">)</span>
+        <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">is_false</span> <span class="pl-en">q</span> <span class="pl-k">then</span> <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">lem_p_and_false</span><span class="pl-c1">)</span>
+        <span class="pl-k">else</span> <span class="pl-en">tiff</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Or</span> <span class="pl-en">p</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span>
+         <span class="pl-k">if</span> <span class="pl-en">is_true</span> <span class="pl-en">p</span>  <span class="pl-k">then</span> <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">lem_true_or_p</span><span class="pl-c1">)</span>
+    <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">is_true</span> <span class="pl-en">q</span>  <span class="pl-k">then</span> <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">lem_p_or_true</span><span class="pl-c1">)</span>
+    <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">is_false</span> <span class="pl-en">p</span> <span class="pl-k">then</span> <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">lem_false_or_p</span><span class="pl-c1">)</span>
+    <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">is_false</span> <span class="pl-en">q</span> <span class="pl-k">then</span> <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">lem_p_or_false</span><span class="pl-c1">)</span>
+    <span class="pl-k">else</span> <span class="pl-en">tiff</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Implies</span> <span class="pl-en">p</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span>
+         <span class="pl-k">if</span> <span class="pl-en">is_true</span> <span class="pl-en">p</span>  <span class="pl-k">then</span> <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">lem_true_imp_p</span><span class="pl-c1">)</span>
+    <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">is_true</span> <span class="pl-en">q</span>  <span class="pl-k">then</span> <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">lem_p_imp_true</span><span class="pl-c1">)</span>
+    <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">is_false</span> <span class="pl-en">p</span> <span class="pl-k">then</span> <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">lem_false_imp_p</span><span class="pl-c1">)</span>
+    <span class="pl-k">else</span> <span class="pl-en">tiff</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Forall</span> <span class="pl-en">b</span> <span class="pl-en">p</span> <span class="pl-c1">-&gt;</span>
+         <span class="pl-k">if</span> <span class="pl-en">is_true</span> <span class="pl-en">p</span>  <span class="pl-k">then</span> <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">lem_fa_true</span><span class="pl-c1">)</span>
+    <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">is_false</span> <span class="pl-en">p</span> <span class="pl-k">then</span> <span class="pl-en">or_else</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">lem_fa_false</span><span class="pl-c1">);</span> <span class="pl-en">inhabit</span> <span class="pl-c1">())</span> <span class="pl-en">tiff</span>
+    <span class="pl-k">else</span> <span class="pl-en">tiff</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Exists</span> <span class="pl-en">b</span> <span class="pl-en">p</span> <span class="pl-c1">-&gt;</span>
+         <span class="pl-k">if</span> <span class="pl-en">is_false</span> <span class="pl-en">p</span> <span class="pl-k">then</span> <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">lem_ex_false</span><span class="pl-c1">)</span>
+    <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">is_true</span>  <span class="pl-en">p</span> <span class="pl-k">then</span> <span class="pl-en">or_else</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">lem_ex_true</span><span class="pl-c1">);</span> <span class="pl-en">inhabit</span> <span class="pl-c1">())</span> <span class="pl-en">tiff</span>
+    <span class="pl-k">else</span> <span class="pl-en">tiff</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Not</span> <span class="pl-en">p</span> <span class="pl-c1">-&gt;</span>
+         <span class="pl-k">if</span> <span class="pl-en">is_true</span> <span class="pl-en">p</span>  <span class="pl-k">then</span> <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">lem_neg_true</span><span class="pl-c1">)</span>
+    <span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">is_false</span> <span class="pl-en">p</span> <span class="pl-k">then</span> <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">lem_neg_false</span><span class="pl-c1">)</span>
+    <span class="pl-k">else</span> <span class="pl-en">tiff</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Iff</span> <span class="pl-en">p</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span></pre></div>
+<p>After applying the lemma, we might still have more simpl to do,
+so add an intermediate step.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">step</span> <span class="pl-c1">();</span>
+     <span class="pl-k">if</span> <span class="pl-en">is_true</span> <span class="pl-en">p</span>  <span class="pl-k">then</span> <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">lem_true_iff_p</span><span class="pl-c1">)</span>
+<span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">is_true</span> <span class="pl-en">q</span>  <span class="pl-k">then</span> <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">lem_p_iff_true</span><span class="pl-c1">)</span>
+<span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">is_false</span> <span class="pl-en">p</span> <span class="pl-k">then</span> <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">lem_false_iff_p</span><span class="pl-c1">)</span>
+<span class="pl-k">else</span> <span class="pl-k">if</span> <span class="pl-en">is_false</span> <span class="pl-en">q</span> <span class="pl-k">then</span> <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">lem_p_iff_false</span><span class="pl-c1">)</span>
+<span class="pl-k">else</span> <span class="pl-en">tiff</span> <span class="pl-c1">();</span>
+<span class="pl-en">simplify_point</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre>    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">tiff</span> <span class="pl-c1">()</span>
+    <span class="pl-en">end</span>
+<span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>simplify_point: failed precondition: goal should be `g &lt;==&gt; ?u`<span class="pl-pds">"</span></span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">and</span> <span class="pl-en">recurse</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span></pre></div>
+<p>dump "2 ALIVE";</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">step</span> <span class="pl-c1">();</span>
+<span class="pl-en">norm</span> <span class="pl-c1">[];</span>
+<span class="pl-k">let</span> <span class="pl-en">g</span> <span class="pl-c1">=</span> <span class="pl-en">cur_goal</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+<span class="pl-k">let</span> <span class="pl-en">f</span> <span class="pl-c1">=</span> <span class="pl-en">term_as_formula</span> <span class="pl-en">g</span> <span class="pl-k">in</span></pre></div>
+<p>print ("2 g = " ^ term_to_string g);</p>
+<p>print ("2 f = " ^ formula_to_string f);</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">match</span> <span class="pl-en">f</span> <span class="pl-k">with</span>
+<span class="pl-c1">|</span> <span class="pl-c1">Iff</span> <span class="pl-en">l</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">begin</span> <span class="pl-k">match</span> <span class="pl-en">term_as_formula'</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">And</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-en">seq</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">and_cong</span><span class="pl-c1">))</span> <span class="pl-en">simplify_point</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Or</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">seq</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">or_cong</span><span class="pl-c1">))</span> <span class="pl-en">simplify_point</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Implies</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">seq</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">imp_cong</span><span class="pl-c1">))</span> <span class="pl-en">simplify_point</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Forall</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">fa_cong</span><span class="pl-c1">);</span>
+    <span class="pl-k">let</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-en">intro</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+    <span class="pl-en">simplify_point</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Exists</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">ex_cong</span><span class="pl-c1">);</span>
+    <span class="pl-k">let</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-en">intro</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+    <span class="pl-en">simplify_point</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Not</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">neg_cong</span><span class="pl-c1">);</span>
+    <span class="pl-en">simplify_point</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">|</span> <span class="pl-c1">Iff</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">seq</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">iff_cong</span><span class="pl-c1">))</span> <span class="pl-en">simplify_point</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre>    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">tiff</span> <span class="pl-c1">()</span>
+    <span class="pl-en">end</span>
+<span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>recurse: failed precondition: goal should be `g &lt;==&gt; ?u`<span class="pl-pds">"</span></span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">equiv</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">p</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">q</span><span class="pl-c1">:Type</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">q</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-en">q</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-en">p</span>
+<span class="pl-k">let</span> <span class="pl-en">equiv</span> <span class="pl-c1">#</span><span class="pl-en">p</span> <span class="pl-c1">#</span><span class="pl-en">q</span> <span class="pl-c1">_</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">simplify</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">apply_lemma</span> <span class="pl-c1">(`</span><span class="pl-en">equiv</span><span class="pl-c1">);</span>
+    <span class="pl-en">simplify_point</span> <span class="pl-c1">()</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Tactics.SyntaxHelpers.html b/docs/FStar.Tactics.SyntaxHelpers.html
index c57107e..b116e31 100644
--- a/docs/FStar.Tactics.SyntaxHelpers.html
+++ b/docs/FStar.Tactics.SyntaxHelpers.html
@@ -1,16 +1,77 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Tactics.SyntaxHelpers</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.tactics.syntaxhelpers">module FStar.Tactics.SyntaxHelpers</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstartacticssyntaxhelpers" class="anchor" href="#fstartacticssyntaxhelpers" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Tactics.SyntaxHelpers</h1>
+<ul>
+<li>Opens module <a href="FStar.Reflection.html">FStar.Reflection</a>
+</li>
+<li>Opens module <a href="FStar.Tactics.Effect.html">FStar.Tactics.Effect</a>
+</li>
+<li>Opens module <a href="FStar.Tactics.Builtins.html">FStar.Tactics.Builtins</a>
+</li>
+<li>Opens module <a href="FStar.Tactics.Types.html">FStar.Tactics.Types</a>
+</li>
+</ul>
+<p>These are fully-named variants of functions found in FStar.Reflection</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">collect_arr'</span> <span class="pl-c1">(</span><span class="pl-en">bs</span> <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">binder</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">c</span> <span class="pl-c1">:</span> <span class="pl-en">comp</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-en">binder</span> * <span class="pl-en">comp</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-k">begin</span> <span class="pl-k">match</span> <span class="pl-en">inspect_comp</span> <span class="pl-en">c</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">C_Total</span> <span class="pl-en">t</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-k">begin</span> <span class="pl-k">match</span> <span class="pl-en">inspect</span> <span class="pl-en">t</span> <span class="pl-k">with</span>
+        <span class="pl-c1">|</span> <span class="pl-c1">Tv_Arrow</span> <span class="pl-en">b</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span>
+            <span class="pl-en">collect_arr'</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">::</span><span class="pl-en">bs</span><span class="pl-c1">)</span> <span class="pl-en">c</span>
+        <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span>
+            <span class="pl-c1">(</span><span class="pl-en">bs</span><span class="pl-c1">,</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+        <span class="pl-k">end</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">bs</span><span class="pl-c1">,</span> <span class="pl-en">c</span><span class="pl-c1">)</span>
+    <span class="pl-k">end</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">collect_arr_bs</span> <span class="pl-c1">:</span> <span class="pl-en">typ</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-en">binder</span> * <span class="pl-en">comp</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">collect_arr_bs</span> <span class="pl-en">t</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-c1">(</span><span class="pl-en">bs</span><span class="pl-c1">,</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">collect_arr'</span> <span class="pl-c1">[]</span> <span class="pl-c1">(</span><span class="pl-en">pack_comp</span> <span class="pl-c1">(</span><span class="pl-c1">C_Total</span> <span class="pl-en">t</span> <span class="pl-c1">[]))</span> <span class="pl-k">in</span>
+    <span class="pl-c1">(</span><span class="pl-smi">List.Tot.Base.</span><span class="pl-en">rev</span> <span class="pl-en">bs</span><span class="pl-c1">,</span> <span class="pl-en">c</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">collect_arr</span> <span class="pl-c1">:</span> <span class="pl-en">typ</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-en">typ</span> * <span class="pl-en">comp</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">collect_arr</span> <span class="pl-en">t</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-c1">(</span><span class="pl-en">bs</span><span class="pl-c1">,</span> <span class="pl-en">c</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">collect_arr'</span> <span class="pl-c1">[]</span> <span class="pl-c1">(</span><span class="pl-en">pack_comp</span> <span class="pl-c1">(</span><span class="pl-c1">C_Total</span> <span class="pl-en">t</span> <span class="pl-c1">[]))</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">ts</span> <span class="pl-c1">=</span> <span class="pl-smi">List.Tot.Base.</span><span class="pl-en">map</span> <span class="pl-en">type_of_binder</span> <span class="pl-en">bs</span> <span class="pl-k">in</span>
+    <span class="pl-c1">(</span><span class="pl-smi">List.Tot.Base.</span><span class="pl-en">rev</span> <span class="pl-en">ts</span><span class="pl-c1">,</span> <span class="pl-en">c</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">collect_abs'</span> <span class="pl-c1">(</span><span class="pl-en">bs</span> <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">binder</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-en">binder</span> * <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">inspect</span> <span class="pl-en">t</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Tv_Abs</span> <span class="pl-en">b</span> <span class="pl-en">t'</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-en">collect_abs'</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">::</span><span class="pl-en">bs</span><span class="pl-c1">)</span> <span class="pl-en">t'</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">bs</span><span class="pl-c1">,</span> <span class="pl-en">t</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">collect_abs</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-en">binder</span> * <span class="pl-en">term</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">collect_abs</span> <span class="pl-en">t</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-c1">(</span><span class="pl-en">bs</span><span class="pl-c1">,</span> <span class="pl-en">t'</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">collect_abs'</span> <span class="pl-c1">[]</span> <span class="pl-en">t</span> <span class="pl-k">in</span>
+    <span class="pl-c1">(</span><span class="pl-smi">List.Tot.Base.</span><span class="pl-en">rev</span> <span class="pl-en">bs</span><span class="pl-c1">,</span> <span class="pl-en">t'</span><span class="pl-c1">)</span></pre></div>
+<p>Copied from FStar.Tactics.Derived</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-en">fail</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:string)</span> <span class="pl-c1">=</span> <span class="pl-en">raise</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-c1">TacticFailure</span> <span class="pl-en">m</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">mk_arr</span> <span class="pl-c1">(</span><span class="pl-en">bs</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">binder</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">cod</span> <span class="pl-c1">:</span> <span class="pl-en">comp</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">bs</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>mk_arr, empty binders<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[</span><span class="pl-en">b</span><span class="pl-c1">]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">pack</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_Arrow</span> <span class="pl-en">b</span> <span class="pl-en">cod</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">::</span><span class="pl-en">bs</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">pack</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_Arrow</span> <span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">pack_comp</span> <span class="pl-c1">(</span><span class="pl-c1">C_Total</span> <span class="pl-c1">(</span><span class="pl-en">mk_arr</span> <span class="pl-en">bs</span> <span class="pl-en">cod</span><span class="pl-c1">)</span> <span class="pl-c1">[])))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">mk_tot_arr</span> <span class="pl-c1">(</span><span class="pl-en">bs</span><span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">binder</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">cod</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">bs</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">cod</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">::</span><span class="pl-en">bs</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">pack</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_Arrow</span> <span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">pack_comp</span> <span class="pl-c1">(</span><span class="pl-c1">C_Total</span> <span class="pl-c1">(</span><span class="pl-en">mk_tot_arr</span> <span class="pl-en">bs</span> <span class="pl-en">cod</span><span class="pl-c1">)</span> <span class="pl-c1">[])))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lookup_lb_view</span> <span class="pl-c1">(</span><span class="pl-en">lbs</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">letbinding</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">nm</span><span class="pl-c1">:</span><span class="pl-en">name</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">lb_view</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">o</span> <span class="pl-c1">=</span> <span class="pl-smi">FStar.List.Tot.Base.</span><span class="pl-en">find</span>
+             <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">lb</span> <span class="pl-c1">-&gt;</span>
+              <span class="pl-k">let</span> <span class="pl-en">lbv</span> <span class="pl-c1">=</span> <span class="pl-en">inspect_lb</span> <span class="pl-en">lb</span> <span class="pl-k">in</span>
+              <span class="pl-c1">(</span><span class="pl-en">inspect_fv</span> <span class="pl-en">lbv</span><span class="pl-c1">.</span><span class="pl-en">lb_fv</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">nm</span><span class="pl-c1">)</span>
+             <span class="pl-en">lbs</span>
+  <span class="pl-k">in</span>
+  <span class="pl-k">match</span> <span class="pl-en">o</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">lb</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">inspect_lb</span> <span class="pl-en">lb</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>lookup_lb_view: Name not in let group<span class="pl-pds">"</span></span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Tactics.Typeclasses.html b/docs/FStar.Tactics.Typeclasses.html
index 6627b67..f9fc60c 100644
--- a/docs/FStar.Tactics.Typeclasses.html
+++ b/docs/FStar.Tactics.Typeclasses.html
@@ -1,54 +1,145 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Tactics.Typeclasses</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.tactics.typeclasses">module FStar.Tactics.Typeclasses</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">** Generating methods from a <span class="kw">class</span> ***</code></pre></div>
+<h1>
+<a id="user-content-fstartacticstypeclasses" class="anchor" href="#fstartacticstypeclasses" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Tactics.Typeclasses</h1>
+<ul>
+<li>Opens module <a href="FStar.List.Tot.html">FStar.List.Tot</a>
+</li>
+<li>Opens module <a href="FStar.Tactics.html">FStar.Tactics</a>
+</li>
+<li>Aliases module <a href="FStar.Tactics.html"> FStar.Tactics</a> as <code>T </code>
+TODO: This must be in the FStar.Tactics.* namespace or we fail to build</li>
+<li>fstarlib. That seems silly, but I forget the details of the library split.</li>
+</ul>
+<p>The attribute that marks instances</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">irreducible</span>
+<span class="pl-k">let</span> <span class="pl-en">tcinstance</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">first</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-c1">:</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">l</span> <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'b</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>no cands<span class="pl-pds">"</span></span>
+    <span class="pl-c1">|</span> <span class="pl-en">x</span><span class="pl-c1">::</span><span class="pl-en">xs</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">`</span><span class="pl-en">or_else</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">first</span> <span class="pl-en">f</span> <span class="pl-en">xs</span><span class="pl-c1">)</span></pre></div>
+<p>TODO: memoization?. And better errors.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">tcresolve'</span> <span class="pl-c1">(</span><span class="pl-en">seen</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">fuel</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-k">if</span> <span class="pl-en">fuel</span> &lt;<span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span>
+        <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>out of fuel<span class="pl-pds">"</span></span><span class="pl-c1">;</span>
+    <span class="pl-en">debug</span> <span class="pl-c1">(</span><span class="pl-s"><span class="pl-pds">"</span>fuel = <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">string_of_int</span> <span class="pl-en">fuel</span><span class="pl-c1">);</span>
+    <span class="pl-k">let</span> <span class="pl-en">g</span> <span class="pl-c1">=</span> <span class="pl-en">cur_goal</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+    <span class="pl-k">if</span> <span class="pl-smi">FStar.List.Tot.Base.</span><span class="pl-en">existsb</span> <span class="pl-c1">(</span><span class="pl-en">term_eq</span> <span class="pl-en">g</span><span class="pl-c1">)</span> <span class="pl-en">seen</span> <span class="pl-k">then</span>
+      <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>loop<span class="pl-pds">"</span></span><span class="pl-c1">;</span>
+    <span class="pl-k">let</span> <span class="pl-en">seen</span> <span class="pl-c1">=</span> <span class="pl-en">g</span> <span class="pl-c1">::</span> <span class="pl-en">seen</span> <span class="pl-k">in</span>
+    <span class="pl-en">local</span> <span class="pl-en">seen</span> <span class="pl-en">fuel</span> <span class="pl-c1">`</span><span class="pl-en">or_else</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">global</span> <span class="pl-en">seen</span> <span class="pl-en">fuel</span> <span class="pl-c1">`</span><span class="pl-en">or_else</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-c1">(</span><span class="pl-s"><span class="pl-pds">"</span>could not solve constraint: <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">g</span><span class="pl-c1">)))</span>
+<span class="pl-k">and</span> <span class="pl-en">local</span> <span class="pl-c1">(</span><span class="pl-en">seen</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">fuel</span><span class="pl-c1">:int)</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">bs</span> <span class="pl-c1">=</span> <span class="pl-en">binders_of_env</span> <span class="pl-c1">(</span><span class="pl-en">cur_env</span> <span class="pl-c1">())</span> <span class="pl-k">in</span>
+    <span class="pl-en">first</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">trywith</span> <span class="pl-en">seen</span> <span class="pl-en">fuel</span> <span class="pl-c1">(</span><span class="pl-en">pack</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_Var</span> <span class="pl-c1">(</span><span class="pl-en">bv_of_binder</span> <span class="pl-en">b</span><span class="pl-c1">))))</span> <span class="pl-en">bs</span>
+<span class="pl-k">and</span> <span class="pl-en">global</span> <span class="pl-c1">(</span><span class="pl-en">seen</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">fuel</span><span class="pl-c1">:int)</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">cands</span> <span class="pl-c1">=</span> <span class="pl-en">lookup_attr</span> <span class="pl-c1">(`</span><span class="pl-en">tcinstance</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">cur_env</span> <span class="pl-c1">())</span> <span class="pl-k">in</span>
+    <span class="pl-en">first</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">fv</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">trywith</span> <span class="pl-en">seen</span> <span class="pl-en">fuel</span> <span class="pl-c1">(</span><span class="pl-en">pack</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_FVar</span> <span class="pl-en">fv</span><span class="pl-c1">)))</span> <span class="pl-en">cands</span>
+<span class="pl-k">and</span> <span class="pl-en">trywith</span> <span class="pl-c1">(</span><span class="pl-en">seen</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">fuel</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">t</span><span class="pl-c1">:</span><span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-en">debug</span> <span class="pl-c1">(</span><span class="pl-s"><span class="pl-pds">"</span>Trying to apply hypothesis/instance: <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">term_to_string</span> <span class="pl-en">t</span><span class="pl-c1">);</span>
+    <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">apply_noinst</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">`</span><span class="pl-en">seq</span><span class="pl-c1">`</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">()</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">tcresolve'</span> <span class="pl-en">seen</span> <span class="pl-c1">(</span><span class="pl-en">fuel</span><span class="pl-c1">-</span><span class="pl-c1">1</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">plugin</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">tcresolve</span> <span class="pl-c1">()</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span> <span class="pl-c1">=</span>
+    <span class="pl-k">try</span> <span class="pl-en">tcresolve'</span> <span class="pl-c1">[]</span> <span class="pl-c1">16</span>
+    <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">TacticFailure</span> <span class="pl-en">s</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-c1">(</span><span class="pl-s"><span class="pl-pds">"</span>Typeclass resolution failed: <span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">s</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-en">e</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">raise</span> <span class="pl-en">e</span></pre></div>
+<p>Solve an explicit argument by typeclass resolution</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">solve</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#[</span><span class="pl-en">tcresolve</span> <span class="pl-c1">()]</span> <span class="pl-en">ev</span> <span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">ev</span></pre></div>
+<h2>
+<a id="user-content-generating-methods-from-a-class-" class="anchor" href="#generating-methods-from-a-class-" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Generating methods from a class ***</h2>
+<p>In TAC, not Tot</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">mk_abs</span> <span class="pl-c1">(</span><span class="pl-en">bs</span> <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-en">binder</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">body</span> <span class="pl-c1">:</span> <span class="pl-en">term</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">term</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">bs</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-k">match</span> <span class="pl-en">bs</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">body</span>
+    <span class="pl-c1">|</span> <span class="pl-en">b</span><span class="pl-c1">::</span><span class="pl-en">bs</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">pack</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_Abs</span> <span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">mk_abs</span> <span class="pl-en">bs</span> <span class="pl-en">body</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">last</span> <span class="pl-c1">(</span><span class="pl-en">l</span> <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'a</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>last: empty list<span class="pl-pds">"</span></span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[</span><span class="pl-en">x</span><span class="pl-c1">]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">_</span><span class="pl-c1">::</span><span class="pl-en">xs</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">last</span> <span class="pl-en">xs</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-en">plugin</span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">mk_class</span> <span class="pl-c1">(</span><span class="pl-en">nm</span><span class="pl-c1">:string)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-en">decls</span> <span class="pl-c1">=</span>
+    <span class="pl-k">let</span> <span class="pl-en">ns</span> <span class="pl-c1">=</span> <span class="pl-en">explode_qn</span> <span class="pl-en">nm</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">r</span> <span class="pl-c1">=</span> <span class="pl-en">lookup_typ</span> <span class="pl-c1">(</span><span class="pl-en">top_env</span> <span class="pl-c1">())</span> <span class="pl-en">ns</span> <span class="pl-k">in</span>
+    <span class="pl-en">guard</span> <span class="pl-c1">(</span><span class="pl-c1">Some</span><span class="pl-c1">?</span> <span class="pl-en">r</span><span class="pl-c1">);</span>
+    <span class="pl-k">let</span> <span class="pl-c1">Some</span> <span class="pl-en">se</span> <span class="pl-c1">=</span> <span class="pl-en">r</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">to_propagate</span> <span class="pl-c1">=</span> <span class="pl-smi">List.Tot.</span><span class="pl-en">filter</span> <span class="pl-c1">(</span><span class="pl-k">function</span> <span class="pl-c1">Inline_for_extraction</span> <span class="pl-c1">|</span> <span class="pl-c1">NoExtract</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">true</span> <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">false</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">sigelt_quals</span> <span class="pl-en">se</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">sv</span> <span class="pl-c1">=</span> <span class="pl-en">inspect_sigelt</span> <span class="pl-en">se</span> <span class="pl-k">in</span>
+    <span class="pl-en">guard</span> <span class="pl-c1">(</span><span class="pl-c1">Sg_Inductive</span><span class="pl-c1">?</span> <span class="pl-en">sv</span><span class="pl-c1">);</span>
+    <span class="pl-k">let</span> <span class="pl-c1">Sg_Inductive</span> <span class="pl-en">name</span> <span class="pl-en">us</span> <span class="pl-en">params</span> <span class="pl-en">ty</span> <span class="pl-en">ctors</span> <span class="pl-c1">=</span> <span class="pl-en">sv</span> <span class="pl-k">in</span></pre></div>
+<p>dump ("got it, name = " ^ implode_qn name);</p>
+<p>dump ("got it, ty = " ^ term_to_string ty);</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">ctor_name</span> <span class="pl-c1">=</span> <span class="pl-en">last</span> <span class="pl-en">name</span> <span class="pl-k">in</span></pre></div>
+<p>Must have a single constructor
+dump ("got ctor " ^ implode_qn c_name ^ " of type " ^ term_to_string ty);</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-en">guard</span> <span class="pl-c1">(</span><span class="pl-smi">List.Tot.Base.</span><span class="pl-en">length</span> <span class="pl-en">ctors</span> <span class="pl-c1">=</span> <span class="pl-c1">1</span><span class="pl-c1">);</span>
+<span class="pl-k">let</span> <span class="pl-c1">[(</span><span class="pl-en">c_name</span><span class="pl-c1">,</span> <span class="pl-en">ty</span><span class="pl-c1">)]</span> <span class="pl-c1">=</span> <span class="pl-en">ctors</span> <span class="pl-k">in</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">bs</span><span class="pl-c1">,</span> <span class="pl-en">cod</span> <span class="pl-c1">=</span> <span class="pl-en">collect_arr_bs</span> <span class="pl-en">ty</span> <span class="pl-k">in</span>
+<span class="pl-k">let</span> <span class="pl-en">r</span> <span class="pl-c1">=</span> <span class="pl-en">inspect_comp</span> <span class="pl-en">cod</span> <span class="pl-k">in</span>
+<span class="pl-en">guard</span> <span class="pl-c1">(</span><span class="pl-c1">C_Total</span><span class="pl-c1">?</span> <span class="pl-en">r</span><span class="pl-c1">);</span>
+<span class="pl-k">let</span> <span class="pl-c1">C_Total</span> <span class="pl-en">cod</span> <span class="pl-c1">_</span> <span class="pl-c1">=</span> <span class="pl-en">r</span> <span class="pl-k">in</span> <span class="pl-c"><span class="pl-c">(*</span> must be total <span class="pl-c">*)</span></span></pre></div>
+<p>print ("n_univs = " ^ string_of_int (List.Tot.Base.length us));</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">base</span> <span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">=</span> <span class="pl-s"><span class="pl-pds">"</span>__proj__Mk<span class="pl-pds">"</span></span> <span class="pl-c1">^</span> <span class="pl-en">ctor_name</span> <span class="pl-c1">^</span> <span class="pl-s"><span class="pl-pds">"</span>__item__<span class="pl-pds">"</span></span> <span class="pl-k">in</span></pre></div>
+<p>Make a sigelt for each method</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-smi">T.</span><span class="pl-en">map</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span></pre></div>
+<p>dump ("b = " ^ term_to_string (type_of_binder b));</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-en">name_of_binder</span> <span class="pl-en">b</span> <span class="pl-k">in</span></pre></div>
+<p>dump ("b = " ^ s);</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">ns</span> <span class="pl-c1">=</span> <span class="pl-en">cur_module</span> <span class="pl-c1">()</span> <span class="pl-k">in</span>
+<span class="pl-k">let</span> <span class="pl-en">sfv</span> <span class="pl-c1">=</span> <span class="pl-en">pack_fv</span> <span class="pl-c1">(</span><span class="pl-en">ns</span> @ <span class="pl-c1">[</span><span class="pl-en">s</span><span class="pl-c1">])</span> <span class="pl-k">in</span>
+<span class="pl-k">let</span> <span class="pl-en">dbv</span> <span class="pl-c1">=</span> <span class="pl-en">fresh_bv_named</span> <span class="pl-s"><span class="pl-pds">"</span>d<span class="pl-pds">"</span></span> <span class="pl-en">cod</span> <span class="pl-k">in</span>
+<span class="pl-k">let</span> <span class="pl-en">tcr</span> <span class="pl-c1">=</span> <span class="pl-c1">(`</span><span class="pl-en">tcresolve</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+<span class="pl-k">let</span> <span class="pl-en">tcdict</span> <span class="pl-c1">=</span> <span class="pl-en">pack_binder</span> <span class="pl-en">dbv</span> <span class="pl-c1">(</span><span class="pl-c1">Q_Meta</span> <span class="pl-en">tcr</span><span class="pl-c1">)</span> <span class="pl-c1">[]</span> <span class="pl-k">in</span>
+<span class="pl-k">let</span> <span class="pl-en">proj_name</span> <span class="pl-c1">=</span> <span class="pl-en">cur_module</span> <span class="pl-c1">()</span> @ <span class="pl-c1">[</span><span class="pl-en">base</span> <span class="pl-c1">^</span> <span class="pl-en">s</span><span class="pl-c1">]</span> <span class="pl-k">in</span>
+<span class="pl-k">let</span> <span class="pl-en">proj</span> <span class="pl-c1">=</span> <span class="pl-en">pack</span> <span class="pl-c1">(</span><span class="pl-c1">Tv_FVar</span> <span class="pl-c1">(</span><span class="pl-en">pack_fv</span> <span class="pl-en">proj_name</span><span class="pl-c1">))</span> <span class="pl-k">in</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">proj_ty</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">lookup_typ</span> <span class="pl-c1">(</span><span class="pl-en">top_env</span> <span class="pl-c1">())</span> <span class="pl-en">proj_name</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>mk_class: proj not found?<span class="pl-pds">"</span></span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">se</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-k">match</span> <span class="pl-en">inspect_sigelt</span> <span class="pl-en">se</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Sg_Let</span> <span class="pl-c1">_</span> <span class="pl-en">lbs</span> <span class="pl-c1">-&gt;</span>  <span class="pl-k">begin</span>
+      <span class="pl-k">let</span> <span class="pl-c1">({</span><span class="pl-en">lb_fv</span><span class="pl-c1">=</span><span class="pl-c1">_</span><span class="pl-c1">;</span><span class="pl-en">lb_us</span><span class="pl-c1">=</span><span class="pl-c1">_</span><span class="pl-c1">;</span><span class="pl-en">lb_typ</span><span class="pl-c1">=</span><span class="pl-en">typ</span><span class="pl-c1">;</span><span class="pl-en">lb_def</span><span class="pl-c1">=</span><span class="pl-c1">_</span><span class="pl-c1">})</span> <span class="pl-c1">=</span>
+        <span class="pl-en">lookup_lb_view</span> <span class="pl-en">lbs</span> <span class="pl-en">proj_name</span> <span class="pl-k">in</span> <span class="pl-en">typ</span>
+      <span class="pl-k">end</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>mk_class: proj not Sg_Let?<span class="pl-pds">"</span></span>
+<span class="pl-k">in</span></pre></div>
+<p>dump ("proj_ty = " ^ term_to_string proj_ty);</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">ty</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">bs</span><span class="pl-c1">,</span> <span class="pl-en">cod</span> <span class="pl-c1">=</span> <span class="pl-en">collect_arr_bs</span> <span class="pl-en">proj_ty</span> <span class="pl-k">in</span>
+  <span class="pl-k">let</span> <span class="pl-en">ps</span><span class="pl-c1">,</span> <span class="pl-en">bs</span> <span class="pl-c1">=</span> <span class="pl-smi">List.Tot.Base.</span><span class="pl-en">splitAt</span> <span class="pl-c1">(</span><span class="pl-smi">List.Tot.Base.</span><span class="pl-en">length</span> <span class="pl-en">params</span><span class="pl-c1">)</span> <span class="pl-en">bs</span> <span class="pl-k">in</span>
+  <span class="pl-k">match</span> <span class="pl-en">bs</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fail</span> <span class="pl-s"><span class="pl-pds">"</span>mk_class: impossible, no binders<span class="pl-pds">"</span></span>
+  <span class="pl-c1">|</span> <span class="pl-en">b1</span><span class="pl-c1">::</span><span class="pl-en">bs'</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-k">let</span> <span class="pl-c1">(</span><span class="pl-en">bv</span><span class="pl-c1">,</span> <span class="pl-en">aq</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">inspect_binder</span> <span class="pl-en">b1</span> <span class="pl-k">in</span>
+      <span class="pl-k">let</span> <span class="pl-en">b1</span> <span class="pl-c1">=</span> <span class="pl-en">pack_binder</span> <span class="pl-en">bv</span> <span class="pl-c1">(</span><span class="pl-c1">Q_Meta</span> <span class="pl-en">tcr</span><span class="pl-c1">)</span> <span class="pl-c1">[]</span> <span class="pl-k">in</span>
+      <span class="pl-en">mk_arr</span> <span class="pl-c1">(</span><span class="pl-en">ps</span>@<span class="pl-c1">(</span><span class="pl-en">b1</span><span class="pl-c1">::</span><span class="pl-en">bs'</span><span class="pl-c1">))</span> <span class="pl-en">cod</span>
+<span class="pl-k">in</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">def</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">=</span>
+  <span class="pl-k">let</span> <span class="pl-en">bs</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">map</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">binder_set_qual</span> <span class="pl-c1">Q_Implicit</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">params</span><span class="pl-c1">)</span>
+                  @ <span class="pl-c1">[</span><span class="pl-en">tcdict</span><span class="pl-c1">]</span> <span class="pl-k">in</span>
+  <span class="pl-en">mk_abs</span> <span class="pl-en">bs</span> <span class="pl-c1">(</span><span class="pl-en">mk_e_app</span> <span class="pl-en">proj</span> <span class="pl-c1">[</span><span class="pl-en">binder_to_term</span> <span class="pl-en">tcdict</span><span class="pl-c1">])</span>
+<span class="pl-k">in</span></pre></div>
+<p>dump ("def = " ^ term_to_string def);
+dump ("ty  = " ^ term_to_string ty);</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">ty</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">=</span> <span class="pl-en">ty</span> <span class="pl-k">in</span>
+<span class="pl-k">let</span> <span class="pl-en">def</span> <span class="pl-c1">:</span> <span class="pl-en">term</span> <span class="pl-c1">=</span> <span class="pl-en">def</span> <span class="pl-k">in</span>
+<span class="pl-k">let</span> <span class="pl-en">sfv</span> <span class="pl-c1">:</span> <span class="pl-en">fv</span> <span class="pl-c1">=</span> <span class="pl-en">sfv</span> <span class="pl-k">in</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lbv</span> <span class="pl-c1">=</span> <span class="pl-c1">{</span><span class="pl-en">lb_fv</span><span class="pl-c1">=</span><span class="pl-en">sfv</span><span class="pl-c1">;</span><span class="pl-en">lb_us</span><span class="pl-c1">=</span><span class="pl-en">us</span><span class="pl-c1">;</span><span class="pl-en">lb_typ</span><span class="pl-c1">=</span><span class="pl-en">ty</span><span class="pl-c1">;</span><span class="pl-en">lb_def</span><span class="pl-c1">=</span><span class="pl-en">def</span><span class="pl-c1">}</span> <span class="pl-k">in</span>
+<span class="pl-k">let</span> <span class="pl-en">lb</span> <span class="pl-c1">=</span> <span class="pl-en">pack_lb</span> <span class="pl-en">lbv</span> <span class="pl-k">in</span>
+<span class="pl-k">let</span> <span class="pl-en">se</span> <span class="pl-c1">=</span> <span class="pl-en">pack_sigelt</span> <span class="pl-c1">(</span><span class="pl-c1">Sg_Let</span> <span class="pl-c1">false</span> <span class="pl-c1">[</span><span class="pl-en">lb</span><span class="pl-c1">])</span> <span class="pl-k">in</span>
+<span class="pl-k">let</span> <span class="pl-en">se</span> <span class="pl-c1">=</span> <span class="pl-en">set_sigelt_quals</span> <span class="pl-en">to_propagate</span> <span class="pl-en">se</span> <span class="pl-k">in</span>
+<span class="pl-k">let</span> <span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-c1">(</span><span class="pl-c1">_</span><span class="pl-c1">,</span> <span class="pl-en">attrs</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">inspect_binder</span> <span class="pl-en">b</span> <span class="pl-k">in</span>
+<span class="pl-k">let</span> <span class="pl-en">se</span> <span class="pl-c1">=</span> <span class="pl-en">set_sigelt_attrs</span> <span class="pl-en">attrs</span> <span class="pl-en">se</span> <span class="pl-k">in</span></pre></div>
+<p>dump ("trying to return : " ^ term_to_string (quote se));</p>
+<div class="highlight highlight-source-fstar"><pre>              <span class="pl-en">se</span>
+<span class="pl-c1">)</span> <span class="pl-en">bs</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Tactics.Types.html b/docs/FStar.Tactics.Types.html
index fb0eb0c..1dd0789 100644
--- a/docs/FStar.Tactics.Types.html
+++ b/docs/FStar.Tactics.Types.html
@@ -1,16 +1,51 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Tactics.Types</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.tactics.types">module FStar.Tactics.Types</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstartacticstypes" class="anchor" href="#fstartacticstypes" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Tactics.Types</h1>
+<ul>
+<li>Opens module <a href="FStar.Reflection.Types.html">FStar.Reflection.Types</a>
+</li>
+<li>Includes module <a href="FStar.Tactics.Common.html">FStar.Tactics.Common</a>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">assume</span> <span class="pl-k">new</span> <span class="pl-k">type</span> <span class="pl-en">proofstate</span>
+<span class="pl-k">assume</span> <span class="pl-k">new</span> <span class="pl-k">type</span> <span class="pl-en">goal</span></pre></div>
+<p>Returns the active goals</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">goals_of</span>     <span class="pl-c1">:</span> <span class="pl-en">proofstate</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-en">goal</span></pre></div>
+<p>Returns the goals marked for SMT</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">smt_goals_of</span> <span class="pl-c1">:</span> <span class="pl-en">proofstate</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-en">goal</span></pre></div>
+<p>Inspecting a goal</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">goal_env</span>     <span class="pl-c1">:</span> <span class="pl-en">goal</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">env</span>
+<span class="pl-k">val</span> <span class="pl-en">goal_type</span>    <span class="pl-c1">:</span> <span class="pl-en">goal</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">typ</span>
+<span class="pl-k">val</span> <span class="pl-en">goal_witness</span> <span class="pl-c1">:</span> <span class="pl-en">goal</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">term</span>
+<span class="pl-k">val</span> <span class="pl-en">is_guard</span>     <span class="pl-c1">:</span> <span class="pl-en">goal</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">bool</span> <span class="pl-c"><span class="pl-c">(*</span> A bit of helper info: did this goal come from a VC guard? <span class="pl-c">*)</span></span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">get_label</span>    <span class="pl-c1">:</span> <span class="pl-en">goal</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">string</span>
+<span class="pl-k">val</span> <span class="pl-en">set_label</span>    <span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">goal</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">goal</span></pre></div>
+<p>Tracing</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">incr_depth</span> <span class="pl-c1">:</span> <span class="pl-en">proofstate</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">proofstate</span>
+<span class="pl-k">val</span> <span class="pl-en">decr_depth</span> <span class="pl-c1">:</span> <span class="pl-en">proofstate</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">proofstate</span></pre></div>
+<p><code>tracepoint</code> always returns true. We do not use unit to prevent
+erasure.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">tracepoint</span> <span class="pl-c1">:</span> <span class="pl-en">proofstate</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:bool{</span><span class="pl-en">b</span> <span class="pl-c1">==</span> <span class="pl-c1">true</span><span class="pl-c1">}</span>
+<span class="pl-k">val</span> <span class="pl-en">set_proofstate_range</span> <span class="pl-c1">:</span> <span class="pl-en">proofstate</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.Range.</span><span class="pl-en">range</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">proofstate</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">direction</span> <span class="pl-c1">=</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">TopDown</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">BottomUp</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">ctrl_flag</span> <span class="pl-c1">=</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Continue</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Skip</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Abort</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">guard_policy</span> <span class="pl-c1">=</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">SMT</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Goal</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Force</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">Drop</span> <span class="pl-c">// unsound! careful!</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Tactics.Util.html b/docs/FStar.Tactics.Util.html
index d06c650..317d6d7 100644
--- a/docs/FStar.Tactics.Util.html
+++ b/docs/FStar.Tactics.Util.html
@@ -1,16 +1,102 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Tactics.Util</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.tactics.util">module FStar.Tactics.Util</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstartacticsutil" class="anchor" href="#fstartacticsutil" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Tactics.Util</h1>
+<ul>
+<li>Opens module <a href="FStar.Tactics.Effect.html">FStar.Tactics.Effect</a>
+</li>
+<li>Opens module <a href="FStar.List.Tot.html">FStar.List.Tot</a>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#set-options</span> "<span class="pl-s">--z3rlimit 25 --fuel 0 --ifuel 0</span>"</pre></div>
+<p>Tac list functions, since there's no effect polymorphism</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">map</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span>
+<span class="pl-c1">#</span><span class="pl-en">push</span><span class="pl-c1">-</span><span class="pl-en">options</span> <span class="pl-s"><span class="pl-pds">"</span>--ifuel 1<span class="pl-pds">"</span></span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">x</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+  <span class="pl-c1">|</span> <span class="pl-en">a</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span> <span class="pl-en">a</span><span class="pl-c1">::</span><span class="pl-en">map</span> <span class="pl-en">f</span> <span class="pl-en">tl</span>
+<span class="pl-c1">#</span><span class="pl-en">pop</span><span class="pl-c1">-</span><span class="pl-en">options</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">__mapi</span><span class="pl-c1">:</span> <span class="pl-c1">nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span>
+<span class="pl-c1">#</span><span class="pl-en">push</span><span class="pl-c1">-</span><span class="pl-en">options</span> <span class="pl-s"><span class="pl-pds">"</span>--ifuel 1<span class="pl-pds">"</span></span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">__mapi</span> <span class="pl-en">i</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">x</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+  <span class="pl-c1">|</span> <span class="pl-en">a</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span> <span class="pl-en">i</span> <span class="pl-en">a</span><span class="pl-c1">::</span><span class="pl-en">__mapi</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">+</span><span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">f</span> <span class="pl-en">tl</span>
+<span class="pl-c1">#</span><span class="pl-en">pop</span><span class="pl-c1">-</span><span class="pl-en">options</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mapi</span><span class="pl-c1">:</span> <span class="pl-c1">(nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">mapi</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-en">__mapi</span> <span class="pl-c1">0</span> <span class="pl-en">f</span> <span class="pl-en">l</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">iter</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span>
+<span class="pl-c1">#</span><span class="pl-en">push</span><span class="pl-c1">-</span><span class="pl-en">options</span> <span class="pl-s"><span class="pl-pds">"</span>--ifuel 1<span class="pl-pds">"</span></span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">iter</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">x</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">a</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span> <span class="pl-en">a</span><span class="pl-c1">;</span> <span class="pl-en">iter</span> <span class="pl-en">f</span> <span class="pl-en">tl</span>
+<span class="pl-c1">#</span><span class="pl-en">pop</span><span class="pl-c1">-</span><span class="pl-en">options</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">iteri_aux</span><span class="pl-c1">:</span> <span class="pl-c1">int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(int</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span>
+<span class="pl-c1">#</span><span class="pl-en">push</span><span class="pl-c1">-</span><span class="pl-en">options</span> <span class="pl-s"><span class="pl-pds">"</span>--ifuel 1<span class="pl-pds">"</span></span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">iteri_aux</span> <span class="pl-en">i</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">x</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">()</span>
+  <span class="pl-c1">|</span> <span class="pl-en">a</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span> <span class="pl-en">i</span> <span class="pl-en">a</span><span class="pl-c1">;</span> <span class="pl-en">iteri_aux</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">+</span><span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">f</span> <span class="pl-en">tl</span>
+<span class="pl-c1">#</span><span class="pl-en">pop</span><span class="pl-c1">-</span><span class="pl-en">options</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">iteri</span><span class="pl-c1">:</span> <span class="pl-c1">(int</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">unit</span>
+<span class="pl-k">let</span> <span class="pl-en">iteri</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">iteri_aux</span> <span class="pl-c1">0</span> <span class="pl-en">f</span> <span class="pl-en">x</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">fold_left</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'a</span>
+<span class="pl-c1">#</span><span class="pl-en">push</span><span class="pl-c1">-</span><span class="pl-en">options</span> <span class="pl-s"><span class="pl-pds">"</span>--ifuel 1<span class="pl-pds">"</span></span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">fold_left</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fold_left</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-en">hd</span><span class="pl-c1">)</span> <span class="pl-en">tl</span>
+<span class="pl-c1">#</span><span class="pl-en">pop</span><span class="pl-c1">-</span><span class="pl-en">options</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">fold_right</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">'b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'b</span>
+<span class="pl-c1">#</span><span class="pl-en">push</span><span class="pl-c1">-</span><span class="pl-en">options</span> <span class="pl-s"><span class="pl-pds">"</span>--ifuel 1<span class="pl-pds">"</span></span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">fold_right</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span> <span class="pl-en">hd</span> <span class="pl-c1">(</span><span class="pl-en">fold_right</span> <span class="pl-en">f</span> <span class="pl-en">tl</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+<span class="pl-c1">#</span><span class="pl-en">pop</span><span class="pl-c1">-</span><span class="pl-en">options</span></pre></div>
+<p>There's no unconditionally total zip like this in Tot.Base, why? Anyway use this</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">zip</span> <span class="pl-c1">:</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">))</span>
+<span class="pl-c1">#</span><span class="pl-en">push</span><span class="pl-c1">-</span><span class="pl-en">options</span> <span class="pl-s"><span class="pl-pds">"</span>--ifuel 1<span class="pl-pds">"</span></span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">zip</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l1</span><span class="pl-c1">,</span> <span class="pl-en">l2</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-en">x</span><span class="pl-c1">::</span><span class="pl-en">xs</span><span class="pl-c1">,</span> <span class="pl-en">y</span><span class="pl-c1">::</span><span class="pl-en">ys</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">,</span><span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">::</span> <span class="pl-c1">(</span><span class="pl-en">zip</span> <span class="pl-en">xs</span> <span class="pl-en">ys</span><span class="pl-c1">)</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+<span class="pl-c1">#</span><span class="pl-en">pop</span><span class="pl-c1">-</span><span class="pl-en">options</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">filter</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">bool)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span>
+<span class="pl-c1">#</span><span class="pl-en">push</span><span class="pl-c1">-</span><span class="pl-en">options</span> <span class="pl-s"><span class="pl-pds">"</span>--ifuel 1<span class="pl-pds">"</span></span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">filter</span> <span class="pl-en">f</span> <span class="pl-c1">=</span> <span class="pl-k">function</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">[]</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">if</span> <span class="pl-en">f</span> <span class="pl-en">hd</span> <span class="pl-k">then</span> <span class="pl-en">hd</span><span class="pl-c1">::(</span><span class="pl-en">filter</span> <span class="pl-en">f</span> <span class="pl-en">tl</span><span class="pl-c1">)</span> <span class="pl-k">else</span> <span class="pl-en">filter</span> <span class="pl-en">f</span> <span class="pl-en">tl</span>
+<span class="pl-c1">#</span><span class="pl-en">pop</span><span class="pl-c1">-</span><span class="pl-en">options</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">#</span><span class="pl-en">push</span><span class="pl-c1">-</span><span class="pl-en">options</span> <span class="pl-s"><span class="pl-pds">"</span>--ifuel 1<span class="pl-pds">"</span></span>
+<span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">filter_map_acc</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">option</span> <span class="pl-smi">'b</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">acc</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-en">rev</span> <span class="pl-en">acc</span>
+  <span class="pl-c1">|</span> <span class="pl-en">hd</span> <span class="pl-c1">::</span> <span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span>
+      <span class="pl-k">match</span> <span class="pl-en">f</span> <span class="pl-en">hd</span> <span class="pl-k">with</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">hd</span> <span class="pl-c1">-&gt;</span>
+          <span class="pl-en">filter_map_acc</span> <span class="pl-en">f</span> <span class="pl-c1">(</span><span class="pl-en">hd</span> <span class="pl-c1">::</span> <span class="pl-en">acc</span><span class="pl-c1">)</span> <span class="pl-en">tl</span>
+      <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span>
+          <span class="pl-en">filter_map_acc</span> <span class="pl-en">f</span> <span class="pl-en">acc</span> <span class="pl-en">tl</span>
+<span class="pl-c1">#</span><span class="pl-en">pop</span><span class="pl-c1">-</span><span class="pl-en">options</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">filter_map</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">option</span> <span class="pl-smi">'b</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">list</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">list</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">filter_map_acc</span> <span class="pl-en">f</span> <span class="pl-c1">[]</span> <span class="pl-en">l</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">tryPick</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">option</span> <span class="pl-smi">'b</span><span class="pl-c1">))</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">list</span> <span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">option</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span>
+<span class="pl-c1">#</span><span class="pl-en">push</span><span class="pl-c1">-</span><span class="pl-en">options</span> <span class="pl-s"><span class="pl-pds">"</span>--ifuel 1<span class="pl-pds">"</span></span>
+<span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">tryPick</span> <span class="pl-en">f</span> <span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">l</span> <span class="pl-k">with</span>
+    <span class="pl-c1">|</span> <span class="pl-c1">[]</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">None</span>
+    <span class="pl-c1">|</span> <span class="pl-en">hd</span><span class="pl-c1">::</span><span class="pl-en">tl</span> <span class="pl-c1">-&gt;</span>
+       <span class="pl-k">match</span> <span class="pl-en">f</span> <span class="pl-en">hd</span> <span class="pl-k">with</span>
+         <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Some</span> <span class="pl-en">x</span>
+         <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">tryPick</span> <span class="pl-en">f</span> <span class="pl-en">tl</span>
+<span class="pl-c1">#</span><span class="pl-en">pop</span><span class="pl-c1">-</span><span class="pl-en">options</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">map_opt</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-smi">'a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tac</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">option</span> <span class="pl-smi">'a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tac</span> <span class="pl-c1">(</span><span class="pl-en">option</span> <span class="pl-smi">'b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">match</span> <span class="pl-en">x</span> <span class="pl-k">with</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">None</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">None</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Some</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Some</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Tactics.html b/docs/FStar.Tactics.html
index 07ae95b..e62b163 100644
--- a/docs/FStar.Tactics.html
+++ b/docs/FStar.Tactics.html
@@ -1,16 +1,58 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Tactics</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.tactics">module FStar.Tactics</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstartactics" class="anchor" href="#fstartactics" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Tactics</h1>
+<p>I don't expect many uses of tactics without syntax handling</p>
+<ul>
+<li>
+<p>Includes module <a href="FStar.Reflection.Types.html">FStar.Reflection.Types</a></p>
+</li>
+<li>
+<p>Includes module <a href="FStar.Reflection.Data.html">FStar.Reflection.Data</a></p>
+</li>
+<li>
+<p>Includes module <a href="FStar.Reflection.Builtins.html">FStar.Reflection.Builtins</a></p>
+</li>
+<li>
+<p>Includes module <a href="FStar.Reflection.Derived.html">FStar.Reflection.Derived</a></p>
+</li>
+<li>
+<p>Includes module <a href="FStar.Reflection.Formula.html">FStar.Reflection.Formula</a></p>
+</li>
+<li>
+<p>Includes module <a href="FStar.Reflection.Const.html">FStar.Reflection.Const</a></p>
+</li>
+<li>
+<p>Includes module <a href="FStar.Tactics.Types.html">FStar.Tactics.Types</a></p>
+</li>
+<li>
+<p>Includes module <a href="FStar.Tactics.Effect.html">FStar.Tactics.Effect</a></p>
+</li>
+<li>
+<p>Includes module <a href="FStar.Tactics.Builtins.html">FStar.Tactics.Builtins</a></p>
+</li>
+<li>
+<p>Includes module <a href="FStar.Tactics.Derived.html">FStar.Tactics.Derived</a></p>
+</li>
+<li>
+<p>Includes module <a href="FStar.Tactics.Logic.html">FStar.Tactics.Logic</a></p>
+</li>
+<li>
+<p>Includes module <a href="FStar.Tactics.Util.html">FStar.Tactics.Util</a></p>
+</li>
+<li>
+<p>Includes module <a href="FStar.Tactics.SyntaxHelpers.html">FStar.Tactics.SyntaxHelpers</a></p>
+</li>
+<li>
+<p>Includes module <a href="FStar.Tactics.Print.html">FStar.Tactics.Print</a></p>
+</li>
+</ul>
+
 </body>
 </html>
diff --git a/docs/FStar.Tcp.html b/docs/FStar.Tcp.html
index 16466a2..f8e55af 100644
--- a/docs/FStar.Tcp.html
+++ b/docs/FStar.Tcp.html
@@ -1,16 +1,45 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Tcp</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.tcp">module FStar.Tcp</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstartcp" class="anchor" href="#fstartcp" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Tcp</h1>
+<ul>
+<li>Opens module <a href="FStar.Bytes.html">FStar.Bytes</a>
+</li>
+<li>Opens module <a href="FStar.Error.html">FStar.Error</a>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">new</span> <span class="pl-k">val</span> <span class="pl-en">networkStream</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype</span>
+<span class="pl-k">new</span> <span class="pl-k">val</span> <span class="pl-en">tcpListener</span><span class="pl-c1">:</span> <span class="pl-c1">Type0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">set_nonblock</span><span class="pl-c1">:</span> <span class="pl-en">networkStream</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">unit</span>
+<span class="pl-k">val</span> <span class="pl-en">clear_nonblock</span><span class="pl-c1">:</span> <span class="pl-en">networkStream</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">unit</span></pre></div>
+<p>Server side</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">listen</span><span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">EXT</span> <span class="pl-en">tcpListener</span>
+<span class="pl-k">val</span> <span class="pl-en">acceptTimeout</span><span class="pl-c1">:</span> <span class="pl-c1">nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">tcpListener</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">EXT</span> <span class="pl-en">networkStream</span>
+<span class="pl-k">val</span> <span class="pl-en">accept</span><span class="pl-c1">:</span> <span class="pl-en">tcpListener</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">EXT</span> <span class="pl-en">networkStream</span>
+<span class="pl-k">val</span> <span class="pl-en">stop</span><span class="pl-c1">:</span> <span class="pl-en">tcpListener</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">EXT</span> <span class="pl-c1">unit</span></pre></div>
+<p>Client side</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">connectTimeout</span><span class="pl-c1">:</span> <span class="pl-c1">nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">EXT</span> <span class="pl-en">networkStream</span>
+<span class="pl-k">val</span> <span class="pl-en">connect</span><span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">EXT</span> <span class="pl-en">networkStream</span></pre></div>
+<p>Input/Output</p>
+<p>adding support for (potentially) non-blocking I/O
+NB for now, send <em>fails</em> on partial writes, and <em>loops</em> on EAGAIN/EWOULDBLOCK.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">recv_result</span> <span class="pl-c1">(</span><span class="pl-en">max</span><span class="pl-c1">:nat)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">RecvWouldBlock</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">RecvError</span> <span class="pl-en">of</span> <span class="pl-c1">string</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">Received</span> <span class="pl-en">of</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span> <span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">b</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">max</span><span class="pl-c1">}</span>
+<span class="pl-k">val</span> <span class="pl-en">recv_async</span><span class="pl-c1">:</span> <span class="pl-en">networkStream</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">max</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">EXT</span> <span class="pl-c1">(</span><span class="pl-en">recv_result</span> <span class="pl-en">max</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">recv</span><span class="pl-c1">:</span> <span class="pl-en">networkStream</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">max</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">EXT</span> <span class="pl-c1">(</span><span class="pl-en">optResult</span> <span class="pl-c1">string</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bytes</span> <span class="pl-c1">{</span><span class="pl-en">length</span> <span class="pl-en">b</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">max</span><span class="pl-c1">}))</span>
+<span class="pl-k">val</span> <span class="pl-en">send</span><span class="pl-c1">:</span> <span class="pl-en">networkStream</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">bytes</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">EXT</span> <span class="pl-c1">(</span><span class="pl-en">optResult</span> <span class="pl-c1">string</span> <span class="pl-c1">unit)</span>
+<span class="pl-k">val</span> <span class="pl-en">close</span><span class="pl-c1">:</span> <span class="pl-en">networkStream</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">EXT</span> <span class="pl-c1">unit</span></pre></div>
+<p>Create a network stream from a given stream.
+Only used by the application interface TLSharp.
+assume val create: System.IO.Stream -&gt; NetworkStream</p>
+
 </body>
 </html>
diff --git a/docs/FStar.UInt.html b/docs/FStar.UInt.html
index 1f20390..c0f0014 100644
--- a/docs/FStar.UInt.html
+++ b/docs/FStar.UInt.html
@@ -1,59 +1,471 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.UInt</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.uint">module FStar.UInt</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> to_vec_mod_pow2:Unidentified product: [#n:nat] Unidentified product: [a:uint_t n] Unidentified product: [m:pos] Unidentified product: [i:i:nat:{/\(&lt;=(-(n, m), i), &lt;(i, n))}] (Lemma ((requires (==(%(a, pow2 m), <span class="dv">0</span>)))) ((ensures (==(index (to_vec a) i, <span class="kw">false</span>)))) (Prims<span class="kw">.</span>Cons (SMTPat (index (to_vec #n a) i)) (Prims<span class="kw">.</span>Cons (SMTPat (==(%(a, pow2 m), <span class="dv">0</span>))) (Prims<span class="kw">.</span>Nil ))))</code></pre></div>
-<p>Used in the next two lemmas</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> to_vec_lt_pow2:Unidentified product: [#n:nat] Unidentified product: [a:uint_t n] Unidentified product: [m:nat] Unidentified product: [i:i:nat:{&lt;(i, -(n, m))}] (Lemma ((requires (&lt;(a, pow2 m)))) ((ensures (==(index (to_vec a) i, <span class="kw">false</span>)))) (Prims<span class="kw">.</span>Cons (SMTPat (index (to_vec #n a) i)) (Prims<span class="kw">.</span>Cons (SMTPat (&lt;(a, pow2 m))) (Prims<span class="kw">.</span>Nil ))))</code></pre></div>
-<p>Used in the next two lemmas</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">pragma</code></pre></div>
+<h1>
+<a id="user-content-fstaruint" class="anchor" href="#fstaruint" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.UInt</h1>
+<p>NOTE: anything that you fix/update here should be reflected in <code>FStar.Int.fsti</code>, which is mostly</p>
+<ul>
+<li>
+<p>a copy-paste of this module.</p>
+</li>
+<li>
+<p>Opens module <a href="FStar.Mul.html">FStar.Mul</a></p>
+</li>
+<li>
+<p>Opens module <a href="FStar.BitVector.html">FStar.BitVector</a></p>
+</li>
+<li>
+<p>Opens module <a href="FStar.Math.Lemmas.html">FStar.Math.Lemmas</a></p>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">pow2_values</span><span class="pl-c1">:</span> <span class="pl-en">x</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-en">pow2</span> <span class="pl-en">x</span> <span class="pl-k">in</span>
+   <span class="pl-k">match</span> <span class="pl-en">x</span> <span class="pl-k">with</span>
+   <span class="pl-c1">|</span> <span class="pl-c1">0</span>  <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">=</span><span class="pl-c1">1</span>
+   <span class="pl-c1">|</span> <span class="pl-c1">1</span>  <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">=</span><span class="pl-c1">2</span>
+   <span class="pl-c1">|</span> <span class="pl-c1">8</span>  <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">=</span><span class="pl-c1">256</span>
+   <span class="pl-c1">|</span> <span class="pl-c1">16</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">=</span><span class="pl-c1">65536</span>
+   <span class="pl-c1">|</span> <span class="pl-c1">31</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">=</span><span class="pl-c1">2147483648</span>
+   <span class="pl-c1">|</span> <span class="pl-c1">32</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">=</span><span class="pl-c1">4294967296</span>
+   <span class="pl-c1">|</span> <span class="pl-c1">63</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">=</span><span class="pl-c1">9223372036854775808</span>
+   <span class="pl-c1">|</span> <span class="pl-c1">64</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">=</span><span class="pl-c1">18446744073709551616</span>
+   <span class="pl-c1">|</span> <span class="pl-c1">128</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">=</span><span class="pl-c1">0x100000000000000000000000000000000</span>
+   <span class="pl-c1">|</span> <span class="pl-c1">_</span>  <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">x</span><span class="pl-c1">)]</span></pre></div>
+<blockquote>
+<p>Specs</p>
+<p>Note: lacking any type of functors for F*, this is a copy/paste of <code>FStar.Int.fst</code>, where the relevant bits that changed are:</p>
+<ul>
+<li>definition of max and min</li>
+<li>use of regular integer modulus instead of wrap-around modulus</li>
+</ul>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">max_int</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">int</span> <span class="pl-c1">=</span> <span class="pl-en">pow2</span> <span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span>
+<span class="pl-k">let</span> <span class="pl-en">min_int</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">int</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">fits</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">min_int</span> <span class="pl-en">n</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">x</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">x</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">max_int</span> <span class="pl-en">n</span>
+<span class="pl-k">let</span> <span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:int)</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">Type0</span> <span class="pl-c1">=</span> <span class="pl-en">b2t</span><span class="pl-c1">(</span><span class="pl-en">fits</span> <span class="pl-en">x</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<p>Machine integer type</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">uint_t</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">=</span> <span class="pl-en">x</span><span class="pl-c1">:int{</span><span class="pl-en">size</span> <span class="pl-en">x</span> <span class="pl-en">n</span><span class="pl-c1">}</span></pre></div>
+<blockquote>
+<p>Constants</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">zero</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">pow2_n</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:nat{</span><span class="pl-en">p</span> &lt; <span class="pl-en">n</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">pow2_le_compat</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-en">p</span><span class="pl-c1">;</span> <span class="pl-en">pow2</span> <span class="pl-en">p</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">one</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">1</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">ones</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">max_int</span> <span class="pl-en">n</span></pre></div>
+<p>Increment and decrement</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">incr</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">b2t</span> <span class="pl-c1">(</span><span class="pl-en">a</span> &lt; <span class="pl-en">max_int</span> <span class="pl-en">n</span><span class="pl-c1">)))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">decr</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">b2t</span> <span class="pl-c1">(</span><span class="pl-en">a</span> &gt; <span class="pl-en">min_int</span> <span class="pl-en">n</span><span class="pl-c1">)))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">incr_underspec</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">b2t</span> <span class="pl-c1">(</span><span class="pl-en">a</span> &lt; <span class="pl-en">max_int</span> <span class="pl-en">n</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span> <span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">decr_underspec</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">b2t</span> <span class="pl-c1">(</span><span class="pl-en">a</span> &gt; <span class="pl-en">min_int</span> <span class="pl-en">n</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">b</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span> <span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">incr_mod</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> % <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">decr_mod</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> % <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<p>Addition primitives</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">add</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span>  <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">add_underspec</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">add_mod</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<p>Subtraction primitives</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">sub</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sub_underspec</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">sub_mod</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<p>Multiplication primitives</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mul</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-c1">_</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">True</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-en">a</span> * <span class="pl-en">b</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mul_underspec</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">a</span> * <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mul_mod</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">val</span> <span class="pl-en">lt_square_div_lt</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:pos)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">a</span> &lt; <span class="pl-en">b</span> * <span class="pl-en">b</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">b</span> &lt; <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">#</span><span class="pl-en">push</span><span class="pl-c1">-</span><span class="pl-en">options</span> <span class="pl-s"><span class="pl-pds">"</span>--fuel 0 --ifuel 0<span class="pl-pds">"</span></span>
+<span class="pl-k">let</span> <span class="pl-en">mul_div</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-smi">FStar.Math.Lemmas.</span><span class="pl-en">lemma_mult_lt_sqr</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">n</span><span class="pl-c1">);</span>
+  <span class="pl-en">lt_square_div_lt</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">n</span><span class="pl-c1">);</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">b</span><span class="pl-c1">)</span> / <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+<span class="pl-c1">#</span><span class="pl-en">pop</span><span class="pl-c1">-</span><span class="pl-en">options</span></pre></div>
+<p>Division primitives</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">div</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">{</span><span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">a</span> / <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">c</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-en">a</span> / <span class="pl-en">b</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">div_underspec</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">{</span><span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-c1">(</span><span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span> <span class="pl-c1">/\</span> <span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">a</span> / <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">div_size</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">{</span><span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-en">a</span> <span class="pl-en">n</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">a</span> / <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">udiv</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">{</span><span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">{</span><span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">a</span> / <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">c</span><span class="pl-c1">})</span> <span class="pl-c1">=</span>
+  <span class="pl-en">div_size</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">;</span>
+  <span class="pl-en">a</span> / <span class="pl-en">b</span></pre></div>
+<p>Modulo primitives</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">mod</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">{</span><span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-c1">((</span><span class="pl-en">a</span>/<span class="pl-en">b</span><span class="pl-c1">)</span> * <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<p>Comparison operators</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">eq</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">gt</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">a</span> &gt; <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">gte</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">a</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lt</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">a</span> &lt; <span class="pl-en">b</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">lte</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">a</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<p>Casts</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">to_uint_t</span> <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-en">m</span></pre></div>
+<ul>
+<li>Opens module <a href="FStar.Seq.html">FStar.Seq</a>
+</li>
+</ul>
+<p>WARNING: Mind the big endian vs little endian definition</p>
+<p>Casts</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">to_vec</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">num</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-smi">Seq.</span><span class="pl-en">empty</span> <span class="pl-c1">#bool</span>
+  <span class="pl-k">else</span> <span class="pl-smi">Seq.</span><span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">#(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">num</span> / <span class="pl-c1">2</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">create</span> <span class="pl-c1">1</span> <span class="pl-c1">(</span><span class="pl-en">num</span> % <span class="pl-c1">2</span> <span class="pl-c1">=</span> <span class="pl-c1">1</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">from_vec</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:nat)</span> <span class="pl-c1">(</span><span class="pl-en">vec</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">if</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-k">then</span> <span class="pl-c1">0</span>
+  <span class="pl-k">else</span> <span class="pl-c1">2</span> * <span class="pl-en">from_vec</span> <span class="pl-c1">#(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">vec</span> <span class="pl-c1">0</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">))</span> <span class="pl-c1">+</span> <span class="pl-c1">(</span><span class="pl-k">if</span> <span class="pl-en">index</span> <span class="pl-en">vec</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-k">then</span> <span class="pl-c1">1</span> <span class="pl-k">else</span> <span class="pl-c1">0</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">to_vec_lemma_1</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">to_vec_lemma_2</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">inverse_aux</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">vec</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">index</span> <span class="pl-en">vec</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">(</span><span class="pl-en">from_vec</span> <span class="pl-en">vec</span><span class="pl-c1">))</span> <span class="pl-en">i</span><span class="pl-c1">)</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">(</span><span class="pl-en">from_vec</span> <span class="pl-en">vec</span><span class="pl-c1">))</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">inverse_vec_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">vec</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">equal</span> <span class="pl-en">vec</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">(</span><span class="pl-en">from_vec</span> <span class="pl-en">vec</span><span class="pl-c1">)))</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">(</span><span class="pl-en">from_vec</span> <span class="pl-en">vec</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">inverse_num_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">num</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">num</span> <span class="pl-c1">=</span> <span class="pl-en">from_vec</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-en">num</span><span class="pl-c1">))</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">from_vec</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-en">num</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">from_vec_lemma_1</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">equal</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">from_vec</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">from_vec</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">from_vec_lemma_2</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">from_vec</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">from_vec</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">equal</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<ul>
+<li>Opens module <a href="FStar.Math.Lemmas.html">FStar.Math.Lemmas</a>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">from_vec_aux</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:nat{</span><span class="pl-en">s1</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:nat{</span><span class="pl-en">s2</span> &lt; <span class="pl-en">s1</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">from_vec</span> <span class="pl-c1">#</span><span class="pl-en">s2</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">a</span> <span class="pl-c1">0</span> <span class="pl-en">s2</span><span class="pl-c1">))</span> * <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-c1">(</span><span class="pl-en">from_vec</span> <span class="pl-c1">#(</span><span class="pl-en">s1</span> <span class="pl-c1">-</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">a</span> <span class="pl-en">s2</span> <span class="pl-en">s1</span><span class="pl-c1">))</span> * <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-c1">(</span><span class="pl-en">from_vec</span> <span class="pl-c1">#(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">a</span> <span class="pl-en">s1</span> <span class="pl-en">n</span><span class="pl-c1">))</span> <span class="pl-c1">=</span> <span class="pl-c1">((</span><span class="pl-en">from_vec</span> <span class="pl-c1">#</span><span class="pl-en">s2</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">a</span> <span class="pl-c1">0</span> <span class="pl-en">s2</span><span class="pl-c1">))</span> * <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-c1">-</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-c1">(</span><span class="pl-en">from_vec</span> <span class="pl-c1">#(</span><span class="pl-en">s1</span> <span class="pl-c1">-</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">a</span> <span class="pl-en">s2</span> <span class="pl-en">s1</span><span class="pl-c1">)))</span> * <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-c1">(</span><span class="pl-en">from_vec</span> <span class="pl-c1">#(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">s1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">a</span> <span class="pl-en">s1</span> <span class="pl-en">n</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">seq_slice_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s1</span><span class="pl-c1">:nat{</span><span class="pl-en">s1</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t1</span><span class="pl-c1">:nat{</span><span class="pl-en">t1</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">s1</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">t1</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s2</span><span class="pl-c1">:nat{</span><span class="pl-en">s2</span> &lt; <span class="pl-en">t1</span> <span class="pl-c1">-</span> <span class="pl-en">s1</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">t2</span><span class="pl-c1">:nat{</span><span class="pl-en">t2</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">s2</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">t2</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">t1</span> <span class="pl-c1">-</span> <span class="pl-en">s1</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">a</span> <span class="pl-en">s1</span> <span class="pl-en">t1</span><span class="pl-c1">)</span> <span class="pl-en">s2</span> <span class="pl-en">t2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-c1">+</span> <span class="pl-en">s2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s1</span> <span class="pl-c1">+</span> <span class="pl-en">t2</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">from_vec_propriety</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:nat{</span><span class="pl-en">s</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">from_vec</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">from_vec</span> <span class="pl-c1">#</span><span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">a</span> <span class="pl-c1">0</span> <span class="pl-en">s</span><span class="pl-c1">))</span> * <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">+</span> <span class="pl-en">from_vec</span> <span class="pl-c1">#(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">a</span> <span class="pl-en">s</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+        <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">s</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">append_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">m</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">m</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">from_vec</span> <span class="pl-c1">#(</span><span class="pl-en">n</span> <span class="pl-c1">+</span> <span class="pl-en">m</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">append</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">from_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span><span class="pl-c1">)</span> * <span class="pl-en">pow2</span> <span class="pl-en">m</span> <span class="pl-c1">+</span> <span class="pl-c1">(</span><span class="pl-en">from_vec</span> <span class="pl-c1">#</span><span class="pl-en">m</span> <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">slice_left_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:pos{</span><span class="pl-en">s</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">from_vec</span> <span class="pl-c1">#</span><span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">a</span> <span class="pl-c1">0</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">from_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span><span class="pl-c1">)</span> / <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">s</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">slice_right_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:pos{</span><span class="pl-en">s</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">from_vec</span> <span class="pl-c1">#</span><span class="pl-en">s</span> <span class="pl-c1">(</span><span class="pl-en">slice</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">from_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span><span class="pl-c1">)</span> % <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">s</span><span class="pl-c1">))</span></pre></div>
+<p>Relations between constants in BitVector and in UInt.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">zero_to_vec_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">(</span><span class="pl-en">zero</span> <span class="pl-en">n</span><span class="pl-c1">))</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">zero_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">(</span><span class="pl-en">zero</span> <span class="pl-en">n</span><span class="pl-c1">))</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">zero_from_vec_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">from_vec</span> <span class="pl-c1">(</span><span class="pl-en">zero_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">zero</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">from_vec</span> <span class="pl-c1">(</span><span class="pl-en">zero_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">one_to_vec_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">(</span><span class="pl-en">one</span> <span class="pl-en">n</span><span class="pl-c1">))</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">elem_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">))</span> <span class="pl-en">i</span><span class="pl-c1">)</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">(</span><span class="pl-en">one</span> <span class="pl-en">n</span><span class="pl-c1">))</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">pow2_to_vec_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:nat{</span><span class="pl-en">p</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">(</span><span class="pl-en">pow2_n</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">p</span><span class="pl-c1">))</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">elem_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">p</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">))</span> <span class="pl-en">i</span><span class="pl-c1">)</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">(</span><span class="pl-en">pow2_n</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">p</span><span class="pl-c1">))</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">pow2_from_vec_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:nat{</span><span class="pl-en">p</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">from_vec</span> <span class="pl-c1">(</span><span class="pl-en">elem_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">pow2_n</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">p</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">))</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">from_vec</span> <span class="pl-c1">(</span><span class="pl-en">elem_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">p</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">ones_to_vec_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">(</span><span class="pl-en">ones</span> <span class="pl-en">n</span><span class="pl-c1">))</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">ones_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">(</span><span class="pl-en">ones</span> <span class="pl-en">n</span><span class="pl-c1">))</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">ones_from_vec_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">from_vec</span> <span class="pl-c1">(</span><span class="pl-en">ones_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">ones</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">from_vec</span> <span class="pl-c1">(</span><span class="pl-en">ones_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">))]</span></pre></div>
+<p>(nth a i) returns a boolean indicating the i-th bit of a.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">nth</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span>
+  <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">i</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">nth_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}).</span> <span class="pl-en">nth</span> <span class="pl-en">a</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">nth</span> <span class="pl-en">b</span> <span class="pl-en">i</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<p>Lemmas for constants</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">zero_nth_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">zero</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">false</span><span class="pl-c1">)</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">zero</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">pow2_nth_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:nat{</span><span class="pl-en">p</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">p</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">pow2_n</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">true</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+                 <span class="pl-c1">(</span><span class="pl-en">i</span> &lt;&gt; <span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">p</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">pow2_n</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">false</span><span class="pl-c1">))</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">pow2_n</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">one_nth_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">one</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">true</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+                 <span class="pl-c1">(</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">one</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">false</span><span class="pl-c1">))</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">one</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">ones_nth_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">ones</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-c1">true</span><span class="pl-c1">)</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">ones</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<p>Bitwise operators</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">logand</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">from_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">logand_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">logxor</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">from_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">logxor_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">logor</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">from_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">logor_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lognot</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">from_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">lognot_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span><span class="pl-c1">))</span></pre></div>
+<p>Bitwise operators definitions</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logand_definition</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">logand</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-en">a</span> <span class="pl-en">i</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">nth</span> <span class="pl-en">b</span> <span class="pl-en">i</span><span class="pl-c1">)))</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">logand</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logxor_definition</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">logxor</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-en">a</span> <span class="pl-en">i</span> &lt;&gt; <span class="pl-en">nth</span> <span class="pl-en">b</span> <span class="pl-en">i</span><span class="pl-c1">)))</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">logxor</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logor_definition</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">logor</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-en">a</span> <span class="pl-en">i</span> <span class="pl-c1">||</span> <span class="pl-en">nth</span> <span class="pl-en">b</span> <span class="pl-en">i</span><span class="pl-c1">)))</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">logor</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lognot_definition</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">lognot</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">not</span><span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-en">a</span> <span class="pl-en">i</span><span class="pl-c1">)))</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">lognot</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<p>Two's complement unary minus</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">inline_for_extraction</span>
+<span class="pl-k">let</span> <span class="pl-en">minus</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">add_mod</span> <span class="pl-c1">(</span><span class="pl-en">lognot</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">1</span></pre></div>
+<p>Bitwise operators lemmas</p>
+<p>TODO: lemmas about the relations between different operators</p>
+<p>Bitwise AND operator</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logand_commutative</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">logand</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">logand</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">b</span> <span class="pl-en">a</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logand_associative</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">logand</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">logand</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">logand</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">logand</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">b</span> <span class="pl-en">c</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logand_self</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">logand</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logand_lemma_1</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">logand</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">zero</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">zero</span> <span class="pl-en">n</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logand_lemma_2</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">logand</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">ones</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">))</span></pre></div>
+<p>subset_vec_le_lemma proves that a subset of bits is numerically smaller or equal.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">subset_vec_le_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">is_subset_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">from_vec</span> <span class="pl-en">a</span><span class="pl-c1">)</span> &lt;<span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">from_vec</span> <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<p>logand_le proves the the result of AND is less than or equal to both arguments.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logand_le</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">logand</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">a</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-en">logand</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<p>Bitwise XOR operator</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logxor_commutative</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">logxor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">logxor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">b</span> <span class="pl-en">a</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logxor_associative</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">logxor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">logxor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">logxor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">logxor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">b</span> <span class="pl-en">c</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logxor_self</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">logxor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">zero</span> <span class="pl-en">n</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logxor_lemma_1</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">logxor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">zero</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logxor_lemma_2</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">logxor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">ones</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">lognot</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">let</span> <span class="pl-en">xor</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:bool)</span> <span class="pl-c1">(</span><span class="pl-en">b'</span><span class="pl-c1">:bool)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">b</span> &lt;&gt; <span class="pl-en">b'</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">xor_lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:bool)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:bool)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">True</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">xor</span> <span class="pl-c1">(</span><span class="pl-en">xor</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">xor</span> <span class="pl-c1">(</span><span class="pl-en">xor</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">b</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logxor_inv</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">logxor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">logxor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logxor_neq_nonzero</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+   <span class="pl-c1">(</span><span class="pl-en">a</span> &lt;&gt; <span class="pl-en">b</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">logxor</span> <span class="pl-en">a</span> <span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">)</span></pre></div>
+<p>Bitwise OR operators</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logor_commutative</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">logor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">logor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">b</span> <span class="pl-en">a</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logor_associative</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">c</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">logor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">logor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">logor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">logor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">b</span> <span class="pl-en">c</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logor_self</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">logor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logor_lemma_1</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">logor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">zero</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logor_lemma_2</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">logor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">ones</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">ones</span> <span class="pl-en">n</span><span class="pl-c1">))</span></pre></div>
+<p>superset_vec_le_lemma proves that a superset of bits is numerically greater than or equal.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">superset_vec_ge_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-en">is_superset_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">from_vec</span> <span class="pl-en">a</span><span class="pl-c1">)</span> &gt;<span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">from_vec</span> <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<p>logor_ge proves that the result of an OR is greater than or equal to both arguments.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logor_ge</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">logor</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">a</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-en">logor</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<p>Bitwise NOT operator</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lognot_self</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">lognot</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">lognot</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lognot_lemma_1</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">lognot</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">zero</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">ones</span> <span class="pl-en">n</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-index_to_vec_ones" class="anchor" href="#index_to_vec_ones" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>index_to_vec_ones</h4>
 <p>Used in the next two lemmas</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span> <span class="pl-k">val</span> <span class="pl-en">index_to_vec_ones</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span><span class="pl-c1">:nat{</span><span class="pl-en">m</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">m</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">pow2</span> <span class="pl-en">n</span> <span class="pl-c1">/\</span>
+          <span class="pl-c1">(</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">m</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">m</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">))</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-c1">false</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+          <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">m</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">i</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">m</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">))</span> <span class="pl-en">i</span> <span class="pl-c1">==</span> <span class="pl-c1">true</span><span class="pl-c1">)))</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">m</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">))</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logor_disjoint</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span><span class="pl-c1">:pos{</span><span class="pl-en">m</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-en">m</span> <span class="pl-c1">==</span> <span class="pl-c1">0</span> <span class="pl-c1">/\</span> <span class="pl-en">b</span> &lt; <span class="pl-en">pow2</span> <span class="pl-en">m</span><span class="pl-c1">))</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-en">logor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-c1">==</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logand_mask</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">m</span><span class="pl-c1">:pos{</span><span class="pl-en">m</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">m</span> &lt; <span class="pl-en">pow2</span> <span class="pl-en">n</span> <span class="pl-c1">/\</span> <span class="pl-en">logand</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">m</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-en">m</span><span class="pl-c1">)</span></pre></div>
+<p>Shift operators</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">shift_left</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:nat)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">from_vec</span> <span class="pl-c1">(</span><span class="pl-en">shift_left_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">s</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">shift_right</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:nat)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-en">from_vec</span> <span class="pl-c1">(</span><span class="pl-en">shift_right_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-en">s</span><span class="pl-c1">)</span></pre></div>
+<p>Shift operators lemmas</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_left_lemma_1</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">i</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">shift_left</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">false</span><span class="pl-c1">))</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">shift_left</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_left_lemma_2</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">i</span> &lt; <span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">shift_left</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">nth</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">+</span> <span class="pl-en">s</span><span class="pl-c1">)))</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">shift_left</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_right_lemma_1</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">i</span> &lt; <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">shift_right</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-c1">false</span><span class="pl-c1">))</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">shift_right</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_right_lemma_2</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:nat{</span><span class="pl-en">i</span> &lt; <span class="pl-en">n</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">i</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">s</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">shift_right</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-c1">=</span> <span class="pl-en">nth</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">i</span> <span class="pl-c1">-</span> <span class="pl-en">s</span><span class="pl-c1">)))</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">nth</span> <span class="pl-c1">(</span><span class="pl-en">shift_right</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-en">i</span><span class="pl-c1">)]</span></pre></div>
+<p>Lemmas with shift operators and bitwise operators</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_left_logand_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">shift_left</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">logand</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-en">logand</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">shift_left</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">shift_left</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">b</span> <span class="pl-en">s</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_right_logand_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">shift_right</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">logand</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-en">logand</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">shift_right</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">shift_right</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">b</span> <span class="pl-en">s</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_left_logxor_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">shift_left</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">logxor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-en">logxor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">shift_left</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">shift_left</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">b</span> <span class="pl-en">s</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_right_logxor_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">shift_right</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">logxor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-en">logxor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">shift_right</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">shift_right</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">b</span> <span class="pl-en">s</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_left_logor_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">shift_left</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">logor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-en">logor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">shift_left</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">shift_left</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">b</span> <span class="pl-en">s</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_right_logor_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">shift_right</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">logor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-en">logor</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">shift_right</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">shift_right</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">b</span> <span class="pl-en">s</span><span class="pl-c1">)))</span></pre></div>
+<p>Lemmas about value after shift operations</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_left_value_aux_1</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:nat{</span><span class="pl-en">s</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">shift_left</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">pow2</span> <span class="pl-en">s</span><span class="pl-c1">)</span> % <span class="pl-en">pow2</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_left_value_aux_2</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">shift_left</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-c1">0</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">pow2</span> <span class="pl-c1">0</span><span class="pl-c1">)</span> % <span class="pl-en">pow2</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_left_value_aux_3</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:pos{</span><span class="pl-en">s</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">shift_left</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">pow2</span> <span class="pl-en">s</span><span class="pl-c1">)</span> % <span class="pl-en">pow2</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_left_value_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">shift_left</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">a</span> * <span class="pl-en">pow2</span> <span class="pl-en">s</span><span class="pl-c1">)</span> % <span class="pl-en">pow2</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">shift_left</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_right_value_aux_1</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:nat{</span><span class="pl-en">s</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">shift_right</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> / <span class="pl-en">pow2</span> <span class="pl-en">s</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_right_value_aux_2</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">shift_right</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-c1">0</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> / <span class="pl-en">pow2</span> <span class="pl-c1">0</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_right_value_aux_3</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:pos{</span><span class="pl-en">s</span> &lt; <span class="pl-en">n</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">shift_right</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> / <span class="pl-en">pow2</span> <span class="pl-en">s</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_right_value_lemma</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:nat</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-en">shift_right</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> / <span class="pl-en">pow2</span> <span class="pl-en">s</span><span class="pl-c1">)</span>
+        <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">shift_right</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-en">s</span><span class="pl-c1">)]</span></pre></div>
+<p>Lemmas about the most significant bit in various situations</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">msb</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">nth</span> <span class="pl-en">a</span> <span class="pl-c1">0</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_msb_pow2</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">msb</span> <span class="pl-en">a</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">a</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">-</span><span class="pl-c1">1</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_minus_zero</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">minus</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_msb_gte</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos{</span><span class="pl-en">n</span> &gt; <span class="pl-c1">1</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">a</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">b</span> <span class="pl-c1">&amp;&amp;</span> <span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-en">msb</span> <span class="pl-en">a</span><span class="pl-c1">))</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">not</span> <span class="pl-c1">(</span><span class="pl-en">msb</span> <span class="pl-en">b</span><span class="pl-c1">))</span></pre></div>
+<p>Lemmas toward showing ~n + 1 = -a</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_uint_mod</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_add_sub_cancel</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">add_mod</span> <span class="pl-c1">(</span><span class="pl-en">sub_mod</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_mod_sub_distr_l</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-en">p</span> <span class="pl-c1">=</span> <span class="pl-c1">((</span><span class="pl-en">a</span> % <span class="pl-en">p</span><span class="pl-c1">)</span> <span class="pl-c1">-</span> <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-en">p</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_sub_add_cancel</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">sub_mod</span> <span class="pl-c1">(</span><span class="pl-en">add_mod</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">zero_extend_vec</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">BitVector.</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">):</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-smi">BitVector.</span><span class="pl-en">bv_t</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">+</span><span class="pl-c1">1</span><span class="pl-c1">))</span> <span class="pl-c1">=</span> <span class="pl-smi">Seq.</span><span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">create</span> <span class="pl-c1">1</span> <span class="pl-c1">false</span><span class="pl-c1">)</span> <span class="pl-en">a</span>
+<span class="pl-k">let</span> <span class="pl-en">one_extend_vec</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">BitVector.</span><span class="pl-en">bv_t</span> <span class="pl-en">n</span><span class="pl-c1">):</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-smi">BitVector.</span><span class="pl-en">bv_t</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">+</span><span class="pl-c1">1</span><span class="pl-c1">))</span> <span class="pl-c1">=</span> <span class="pl-smi">Seq.</span><span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-smi">Seq.</span><span class="pl-en">create</span> <span class="pl-c1">1</span> <span class="pl-c1">true</span><span class="pl-c1">)</span> <span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">zero_extend</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">):</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">+</span><span class="pl-c1">1</span><span class="pl-c1">))</span> <span class="pl-c1">=</span> <span class="pl-en">from_vec</span> <span class="pl-c1">(</span><span class="pl-en">zero_extend_vec</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">one_extend</span> <span class="pl-c1">(#</span><span class="pl-en">n</span><span class="pl-c1">:pos)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">):</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-c1">(</span><span class="pl-en">n</span><span class="pl-c1">+</span><span class="pl-c1">1</span><span class="pl-c1">))</span> <span class="pl-c1">=</span> <span class="pl-en">from_vec</span> <span class="pl-c1">(</span><span class="pl-en">one_extend_vec</span> <span class="pl-c1">(</span><span class="pl-en">to_vec</span> <span class="pl-en">a</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_zero_extend</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">zero_extend</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">zero_extend</span> <span class="pl-en">a</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_one_extend</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">one_extend</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">pow2</span> <span class="pl-en">n</span> <span class="pl-c1">+</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">one_extend</span> <span class="pl-en">a</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_lognot_zero_ext</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">lognot</span> <span class="pl-c1">#(</span><span class="pl-en">n</span><span class="pl-c1">+</span><span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">zero_extend</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">pow2</span> <span class="pl-en">n</span> <span class="pl-c1">+</span> <span class="pl-c1">(</span><span class="pl-en">lognot</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_lognot_one_ext</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">lognot</span> <span class="pl-c1">#(</span><span class="pl-en">n</span><span class="pl-c1">+</span><span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">one_extend</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">lognot</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_lognot_value_mod</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">lognot</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">pow2</span> <span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_lognot_value_zero</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">{</span><span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">lognot</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">sub_mod</span> <span class="pl-c1">(</span><span class="pl-en">sub_mod</span> <span class="pl-c1">0</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">1</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_one_mod_pow2</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-c1">1</span> <span class="pl-c1">=</span> <span class="pl-c1">1</span> % <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-en">n</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_lognot_value_nonzero</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">{</span><span class="pl-en">a</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">lognot</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">sub_mod</span> <span class="pl-c1">(</span><span class="pl-en">sub_mod</span> <span class="pl-c1">0</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">1</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_lognot_value</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">lognot</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">sub_mod</span> <span class="pl-c1">(</span><span class="pl-en">sub_mod</span> <span class="pl-c1">0</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">1</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lemma_minus_eq_zero_sub</span><span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">:pos</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span>
+  <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">minus</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">sub_mod</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">0</span> <span class="pl-en">a</span><span class="pl-c1">)</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.UInt128.html b/docs/FStar.UInt128.html
index 505e5e4..e4e7a2f 100644
--- a/docs/FStar.UInt128.html
+++ b/docs/FStar.UInt128.html
@@ -1,16 +1,141 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.UInt128</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.uint128">module FStar.UInt128</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstaruint128" class="anchor" href="#fstaruint128" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.UInt128</h1>
+<ul>
+<li>
+<p>Opens module <a href="FStar.UInt.html">FStar.UInt</a></p>
+</li>
+<li>
+<p>Opens module <a href="FStar.Mul.html">FStar.Mul</a></p>
+</li>
+<li>
+<p>Aliases module <a href="FStar.UInt32.html"> FStar.UInt32</a> as <code>U32 </code></p>
+</li>
+<li>
+<p>Aliases module <a href="FStar.UInt64.html"> FStar.UInt64</a> as <code>U64 </code></p>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">noextract</span>
+<span class="pl-k">let</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">128</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">t</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:Type0{</span><span class="pl-k">hasEq</span> <span class="pl-en">x</span><span class="pl-c1">})</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@ <span class="pl-en">noextract_to</span> <span class="pl-s"><span class="pl-pds">"</span>Kremlin<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">val</span> <span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@ <span class="pl-en">noextract_to</span> <span class="pl-s"><span class="pl-pds">"</span>Kremlin<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">val</span> <span class="pl-en">uint_to_t</span><span class="pl-c1">:</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">v_inj</span> <span class="pl-c1">(</span><span class="pl-en">x1</span> <span class="pl-en">x2</span><span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">):</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x1</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">x2</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">x1</span> <span class="pl-c1">==</span> <span class="pl-en">x2</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">add</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">add_underspec</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">add_mod</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-en">pow2</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Subtraction primitives</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sub</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sub_underspec</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sub_mod</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> % <span class="pl-en">pow2</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Bitwise operators</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logand</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-en">logand</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logxor</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-en">logxor</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logor</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-en">logor</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lognot</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-en">lognot</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)))</span></pre></div>
+<p>This private primitive is used internally by the
+compiler to translate bounded integer constants
+with a desugaring-time check of the size of the number,
+rather than an expensive verifiation check.
+Since it is marked private, client programs cannot call it directly
+Since it is marked unfold, it eagerly reduces,
+eliminating the verification overhead of the wrapper</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">__uint_to_t</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">t</span> <span class="pl-c1">=</span>
+      <span class="pl-k">assume</span> <span class="pl-c1">(</span><span class="pl-en">fits</span> <span class="pl-en">x</span> <span class="pl-c1">128</span><span class="pl-c1">);</span>
+      <span class="pl-en">uint_to_t</span> <span class="pl-en">x</span></pre></div>
+<p>Shift operators</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_left</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">UInt32.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">s</span> &lt; <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-c1">((</span><span class="pl-en">v</span> <span class="pl-en">a</span> * <span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span><span class="pl-c1">))</span> % <span class="pl-en">pow2</span> <span class="pl-en">n</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_right</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">UInt32.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">s</span> &lt; <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> / <span class="pl-c1">(</span><span class="pl-en">pow2</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span><span class="pl-c1">)))))</span></pre></div>
+<p>Comparison operators</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">eq</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">bool</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-en">eq</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">gt</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">bool</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-en">gt</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lt</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">bool</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-en">lt</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">gte</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">bool</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-en">gte</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lte</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-c1">bool</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-en">lte</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">eq_mask</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">v</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">pow2</span> <span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> &lt;&gt; <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">v</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">)})</span>
+<span class="pl-k">val</span> <span class="pl-en">gte_mask</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">c</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{(</span><span class="pl-en">v</span> <span class="pl-en">a</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">v</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">pow2</span> <span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> &lt; <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">v</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">)})</span></pre></div>
+<p>Casts</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">uint64_to_uint128</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-smi">U64.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">==</span> <span class="pl-smi">U64.</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">}</span>
+<span class="pl-k">val</span> <span class="pl-en">uint128_to_uint64</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-smi">U64.</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-smi">U64.</span><span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">a</span> % <span class="pl-en">pow2</span> <span class="pl-c1">64</span><span class="pl-c1">}</span></pre></div>
+<p>To input / output constants</p>
+<p>TODO: assume these without implementations</p>
+<p>val to_string: t -&gt; Tot string
+val of_string: string -&gt; Tot t</p>
+<p>Infix notations</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">inline_for_extraction</span> <span class="pl-k">noextract</span> <span class="pl-k">let</span> <span class="pl-en">op_Plus_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">add</span>
+<span class="pl-k">inline_for_extraction</span> <span class="pl-k">noextract</span> <span class="pl-k">let</span> <span class="pl-en">op_Plus_Question_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">add_underspec</span>
+<span class="pl-k">inline_for_extraction</span> <span class="pl-k">noextract</span> <span class="pl-k">let</span> <span class="pl-en">op_Plus_Percent_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">add_mod</span>
+<span class="pl-k">inline_for_extraction</span> <span class="pl-k">noextract</span> <span class="pl-k">let</span> <span class="pl-en">op_Subtraction_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">sub</span>
+<span class="pl-k">inline_for_extraction</span> <span class="pl-k">noextract</span> <span class="pl-k">let</span> <span class="pl-en">op_Subtraction_Question_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">sub_underspec</span>
+<span class="pl-k">inline_for_extraction</span> <span class="pl-k">noextract</span> <span class="pl-k">let</span> <span class="pl-en">op_Subtraction_Percent_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">sub_mod</span>
+<span class="pl-k">inline_for_extraction</span> <span class="pl-k">noextract</span> <span class="pl-k">let</span> <span class="pl-en">op_Amp_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">logand</span>
+<span class="pl-k">inline_for_extraction</span> <span class="pl-k">noextract</span> <span class="pl-k">let</span> <span class="pl-en">op_Hat_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">logxor</span>
+<span class="pl-k">inline_for_extraction</span> <span class="pl-k">noextract</span> <span class="pl-k">let</span> <span class="pl-en">op_Bar_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">logor</span>
+<span class="pl-k">inline_for_extraction</span> <span class="pl-k">noextract</span> <span class="pl-k">let</span> <span class="pl-en">op_Less_Less_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">shift_left</span>
+<span class="pl-k">inline_for_extraction</span> <span class="pl-k">noextract</span> <span class="pl-k">let</span> <span class="pl-en">op_Greater_Greater_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">shift_right</span>
+<span class="pl-k">inline_for_extraction</span> <span class="pl-k">noextract</span> <span class="pl-k">let</span> <span class="pl-en">op_Equals_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">eq</span>
+<span class="pl-k">inline_for_extraction</span> <span class="pl-k">noextract</span> <span class="pl-k">let</span> <span class="pl-en">op_Greater_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">gt</span>
+<span class="pl-k">inline_for_extraction</span> <span class="pl-k">noextract</span> <span class="pl-k">let</span> <span class="pl-en">op_Less_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">lt</span>
+<span class="pl-k">inline_for_extraction</span> <span class="pl-k">noextract</span> <span class="pl-k">let</span> <span class="pl-en">op_Greater_Equals_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">gte</span>
+<span class="pl-k">inline_for_extraction</span> <span class="pl-k">noextract</span> <span class="pl-k">let</span> <span class="pl-en">op_Less_Equals_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">lte</span></pre></div>
+<p>Multiplication primitives</p>
+<p>Note that unlike UIntN, we do not provide uint128 * uint128 primitives (mul,
+mul_underspec, mul_mod, and mul_div)</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mul32</span><span class="pl-c1">:</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-smi">U64.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-smi">U32.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-smi">U64.</span><span class="pl-en">v</span> <span class="pl-en">x</span> * <span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">y</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mul_wide</span><span class="pl-c1">:</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-smi">U64.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-smi">U64.</span><span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">r</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">r</span> <span class="pl-c1">==</span> <span class="pl-smi">U64.</span><span class="pl-en">v</span> <span class="pl-en">x</span> * <span class="pl-smi">U64.</span><span class="pl-en">v</span> <span class="pl-en">y</span><span class="pl-c1">))</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.UInt16.html b/docs/FStar.UInt16.html
index 40b5673..69e9dad 100644
--- a/docs/FStar.UInt16.html
+++ b/docs/FStar.UInt16.html
@@ -1,16 +1,376 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.UInt16</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.uint16">module FStar.UInt16</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstaruint16" class="anchor" href="#fstaruint16" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.UInt16</h1>
+<h2>
+<a id="user-content-this-module-is-genetated-automatically-using-mk_intsh-do-not-edit-directly-" class="anchor" href="#this-module-is-genetated-automatically-using-mk_intsh-do-not-edit-directly-" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>THIS MODULE IS GENETATED AUTOMATICALLY USING <code>mk_int.sh</code>, DO NOT EDIT DIRECTLY ***</h2>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">16</span></pre></div>
+<blockquote>
+<p>For FStar.UIntN.fstp: anything that you fix/update here should be
+reflected in <code>FStar.IntN.fstp</code>, which is mostly a copy-paste of
+this module.</p>
+<p>Except, as compared to <code>FStar.IntN.fstp</code>, here:</p>
+<ul>
+<li>every occurrence of <code>int_t</code> has been replaced with <code>uint_t</code>
+</li>
+<li>every occurrence of <code>@%</code> has been replaced with <code>%</code>.</li>
+<li>some functions (e.g., add_underspec, etc.) are only defined here, not on signed integers</li>
+</ul>
+</blockquote>
+<blockquote>
+<p>This module provides an abstract type for machine integers of a
+given signedness and width. The interface is designed to be safe
+with respect to arithmetic underflow and overflow.</p>
+</blockquote>
+<blockquote>
+<p>Note, we have attempted several times to re-design this module to
+make it more amenable to normalization and to impose less overhead
+on the SMT solver when reasoning about machine integer
+arithmetic. The following github issue reports on the current
+status of that work.</p>
+<p><a href="https://github.com/FStarLang/FStar/issues/1757">https://github.com/FStarLang/FStar/issues/1757</a></p>
+</blockquote>
+<ul>
+<li>Opens module <a href="FStar.UInt.html">FStar.UInt</a>
+</li>
+<li>Opens module <a href="FStar.Mul.html">FStar.Mul</a>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#set-options</span> "<span class="pl-s">--max_fuel 0 --max_ifuel 0</span>"</pre></div>
+<h4>
+<a id="user-content-t" class="anchor" href="#t" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>t</h4>
+<p>Abstract type of machine integers, with an underlying
+representation using a bounded mathematical integer</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">new</span> <span class="pl-k">val</span> <span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-c1">eqtype</span></pre></div>
+<h4>
+<a id="user-content-v" class="anchor" href="#v" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>v</h4>
+<p>A coercion that projects a bounded mathematical integer from a
+machine integer</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-uint_to_t" class="anchor" href="#uint_to_t" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>uint_to_t</h4>
+<p>A coercion that injects a bounded mathematical integers into a
+machine integer</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-uv_inv" class="anchor" href="#uv_inv" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>uv_inv</h4>
+<p>Injection/projection inverse</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">uv_inv</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)]</span></pre></div>
+<h4>
+<a id="user-content-vu_inv" class="anchor" href="#vu_inv" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>vu_inv</h4>
+<p>Projection/injection inverse</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">vu_inv</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">uint_to_t</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">uint_to_t</span> <span class="pl-en">x</span><span class="pl-c1">)]</span></pre></div>
+<h4>
+<a id="user-content-v_inj" class="anchor" href="#v_inj" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>v_inj</h4>
+<p>An alternate form of the injectivity of the <a href="#v"><code>v</code></a> projection</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">v_inj</span> <span class="pl-c1">(</span><span class="pl-en">x1</span> <span class="pl-en">x2</span><span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">):</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x1</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">x2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">x1</span> <span class="pl-c1">==</span> <span class="pl-en">x2</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-zero" class="anchor" href="#zero" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>zero</h4>
+<p>Constants 0 and 1</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">zero</span> <span class="pl-c1">:</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">one</span> <span class="pl-c1">:</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">1</span><span class="pl-c1">}</span></pre></div>
+<h2>
+<a id="user-content-addition-primitives" class="anchor" href="#addition-primitives" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Addition primitives</h2>
+<h4>
+<a id="user-content-add" class="anchor" href="#add" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>add</h4>
+<p>Bounds-respecting addition</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">add</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>The precondition enforces that the sum does not overflow,
+expressing the bound as an addition on mathematical integers</p>
+<h4>
+<a id="user-content-add_underspec" class="anchor" href="#add_underspec" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>add_underspec</h4>
+<p>Underspecified, possibly overflowing addition:</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">add_underspec</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>The postcondition only enures that the result is the sum of the
+arguments in case there is no overflow</p>
+<h4>
+<a id="user-content-add_mod" class="anchor" href="#add_mod" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>add_mod</h4>
+<p>Addition modulo <code>2^n</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">add_mod</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt.</span><span class="pl-en">add_mod</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Machine integers can always be added, but the postcondition is now
+in terms of addition modulo <code>2^n</code> on mathematical integers</p>
+<h2>
+<a id="user-content-subtraction-primitives" class="anchor" href="#subtraction-primitives" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Subtraction primitives</h2>
+<h4>
+<a id="user-content-sub" class="anchor" href="#sub" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>sub</h4>
+<p>Bounds-respecting subtraction</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sub</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>The precondition enforces that the difference does not underflow,
+expressing the bound as a difference on mathematical integers</p>
+<h4>
+<a id="user-content-sub_underspec" class="anchor" href="#sub_underspec" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>sub_underspec</h4>
+<p>Underspecified, possibly overflowing subtraction:</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sub_underspec</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>The postcondition only enures that the result is the difference of
+the arguments in case there is no underflow</p>
+<h4>
+<a id="user-content-sub_mod" class="anchor" href="#sub_mod" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>sub_mod</h4>
+<p>Subtraction modulo <code>2^n</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sub_mod</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt.</span><span class="pl-en">sub_mod</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Machine integers can always be subtractd, but the postcondition is
+now in terms of subtraction modulo <code>2^n</code> on mathematical integers</p>
+<h2>
+<a id="user-content-multiplication-primitives" class="anchor" href="#multiplication-primitives" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Multiplication primitives</h2>
+<h4>
+<a id="user-content-mul" class="anchor" href="#mul" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>mul</h4>
+<p>Bounds-respecting multiplication</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mul</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> * <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> * <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>The precondition enforces that the product does not overflow,
+expressing the bound as a product on mathematical integers</p>
+<h4>
+<a id="user-content-mul_underspec" class="anchor" href="#mul_underspec" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>mul_underspec</h4>
+<p>Underspecified, possibly overflowing product</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mul_underspec</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> * <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> * <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>The postcondition only enures that the result is the product of
+the arguments in case there is no overflow</p>
+<h4>
+<a id="user-content-mul_mod" class="anchor" href="#mul_mod" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>mul_mod</h4>
+<p>Multiplication modulo <code>2^n</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mul_mod</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt.</span><span class="pl-en">mul_mod</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Machine integers can always be multiplied, but the postcondition
+is now in terms of product modulo <code>2^n</code> on mathematical integers</p>
+<h2>
+<a id="user-content-division-primitives" class="anchor" href="#division-primitives" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Division primitives</h2>
+<h4>
+<a id="user-content-div" class="anchor" href="#div" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>div</h4>
+<p>Euclidean division of <code>a</code> and <code>b</code>, with <code>b</code> non-zero</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">div</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">True</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> / <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<h2>
+<a id="user-content-modulo-primitives" class="anchor" href="#modulo-primitives" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Modulo primitives</h2>
+<h4>
+<a id="user-content-rem" class="anchor" href="#rem" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>rem</h4>
+<p>Euclidean remainder</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">rem</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt.</span><span class="pl-en">mod</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>The result is the modulus of <code>a</code> with respect to a non-zero <code>b</code></p>
+<h2>
+<a id="user-content-bitwise-operators" class="anchor" href="#bitwise-operators" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Bitwise operators</h2>
+<blockquote>
+<p>Also see FStar.BV</p>
+</blockquote>
+<h4>
+<a id="user-content-logand" class="anchor" href="#logand" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>logand</h4>
+<p>Bitwise logical conjunction</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logand</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">logand</span><span class="pl-c1">`</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-logxor" class="anchor" href="#logxor" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>logxor</h4>
+<p>Bitwise logical exclusive-or</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logxor</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">logxor</span><span class="pl-c1">`</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-logor" class="anchor" href="#logor" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>logor</h4>
+<p>Bitwise logical disjunction</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logor</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">logor</span><span class="pl-c1">`</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-lognot" class="anchor" href="#lognot" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lognot</h4>
+<p>Bitwise logical negation</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lognot</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">lognot</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<h2>
+<a id="user-content-shift-operators" class="anchor" href="#shift-operators" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Shift operators</h2>
+<h4>
+<a id="user-content-shift_right" class="anchor" href="#shift_right" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>shift_right</h4>
+<p>Shift right with zero fill, shifting at most the integer width</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_right</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span> &lt; <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt.</span><span class="pl-en">shift_right</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-shift_left" class="anchor" href="#shift_left" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>shift_left</h4>
+<p>Shift left with zero fill, shifting at most the integer width</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_left</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span> &lt; <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt.</span><span class="pl-en">shift_left</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<h2>
+<a id="user-content-comparison-operators" class="anchor" href="#comparison-operators" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Comparison operators</h2>
+<h4>
+<a id="user-content-eq" class="anchor" href="#eq" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>eq</h4>
+<p>Equality</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">eq</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">eq</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<p>Note, it is safe to also use the polymorphic decidable equality
+operator <code>=</code></p>
+<h4>
+<a id="user-content-gt" class="anchor" href="#gt" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>gt</h4>
+<p>Greater than</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">gt</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">gt</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-gte" class="anchor" href="#gte" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>gte</h4>
+<p>Greater than or equal</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">gte</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">gte</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-lt" class="anchor" href="#lt" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lt</h4>
+<p>Less than</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lt</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">lt</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-lte" class="anchor" href="#lte" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lte</h4>
+<p>Less than or equal</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lte</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">lte</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-minus" class="anchor" href="#minus" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>minus</h4>
+<p>Unary negation</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">inline_for_extraction</span>
+<span class="pl-k">let</span> <span class="pl-en">minus</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">add_mod</span> <span class="pl-c1">(</span><span class="pl-en">lognot</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">1</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-n_minus_one" class="anchor" href="#n_minus_one" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>n_minus_one</h4>
+<p>The maximum value for this type</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">inline_for_extraction</span>
+<span class="pl-k">let</span> <span class="pl-en">n_minus_one</span> <span class="pl-c1">=</span> <span class="pl-smi">UInt32.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#set-options</span> "<span class="pl-s">--z3rlimit 80 --initial_fuel 1 --max_fuel 1</span>"</pre></div>
+<h4>
+<a id="user-content-eq_mask" class="anchor" href="#eq_mask" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>eq_mask</h4>
+<p>A constant-time way to compute the equality of
+two machine integers.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">eq_mask</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">v</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">pow2</span> <span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+                       <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> &lt;&gt; <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">v</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">logxor</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">minus_x</span> <span class="pl-c1">=</span> <span class="pl-en">minus</span> <span class="pl-en">x</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">x_or_minus_x</span> <span class="pl-c1">=</span> <span class="pl-en">logor</span> <span class="pl-en">x</span> <span class="pl-en">minus_x</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">xnx</span> <span class="pl-c1">=</span> <span class="pl-en">shift_right</span> <span class="pl-en">x_or_minus_x</span> <span class="pl-en">n_minus_one</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">sub_mod</span> <span class="pl-en">xnx</span> <span class="pl-c1">(</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+    <span class="pl-k">if</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">b</span> <span class="pl-k">then</span>
+    <span class="pl-k">begin</span>
+      <span class="pl-en">logxor_self</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">);</span>
+      <span class="pl-en">lognot_lemma_1</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">;</span>
+      <span class="pl-en">logor_lemma_1</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">);</span>
+      <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-c1">/\</span> <span class="pl-en">v</span> <span class="pl-en">minus_x</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-c1">/\</span>
+              <span class="pl-en">v</span> <span class="pl-en">x_or_minus_x</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-c1">/\</span> <span class="pl-en">v</span> <span class="pl-en">xnx</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">);</span>
+      <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">ones</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+    <span class="pl-k">end</span>
+    <span class="pl-k">else</span>
+    <span class="pl-k">begin</span>
+      <span class="pl-en">logxor_neq_nonzero</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">);</span>
+      <span class="pl-en">lemma_msb_pow2</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">lognot</span> <span class="pl-en">x</span><span class="pl-c1">));</span>
+      <span class="pl-en">lemma_msb_pow2</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">minus_x</span><span class="pl-c1">);</span>
+      <span class="pl-en">lemma_minus_zero</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">);</span>
+      <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-smi">FStar.UInt.</span><span class="pl-en">zero</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+    <span class="pl-k">end</span><span class="pl-c1">;</span>
+    <span class="pl-en">c</span></pre></div>
+<p>With inspiration from <a href="https://git.zx2c4.com/WireGuard/commit/src/crypto/curve25519-hacl64.h?id=2e60bb395c1f589a398ec606d611132ef9ef764b" rel="nofollow">https://git.zx2c4.com/WireGuard/commit/src/crypto/curve25519-hacl64.h?id=2e60bb395c1f589a398ec606d611132ef9ef764b</a></p>
+<p>Note, the branching on <code>a=b</code> is just for proof-purposes.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">val</span> <span class="pl-en">lemma_sub_msbs</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">msb</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">msb</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">==&gt;</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> &lt; <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">msb</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">sub_mod</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">))))</span></pre></div>
+<h4>
+<a id="user-content-gte_mask" class="anchor" href="#gte_mask" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>gte_mask</h4>
+<p>A constant-time way to compute the <code>&gt;=</code> inequality of
+two machine integers.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">gte_mask</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">v</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">pow2</span> <span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+                       <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> &lt; <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">v</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">b</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">x_xor_y</span> <span class="pl-c1">=</span> <span class="pl-en">logxor</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">x_sub_y</span> <span class="pl-c1">=</span> <span class="pl-en">sub_mod</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">x_sub_y_xor_y</span> <span class="pl-c1">=</span> <span class="pl-en">logxor</span> <span class="pl-en">x_sub_y</span> <span class="pl-en">y</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">q</span> <span class="pl-c1">=</span> <span class="pl-en">logor</span> <span class="pl-en">x_xor_y</span> <span class="pl-en">x_sub_y_xor_y</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">x_xor_q</span> <span class="pl-c1">=</span> <span class="pl-en">logxor</span> <span class="pl-en">x</span> <span class="pl-en">q</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">x_xor_q_</span> <span class="pl-c1">=</span> <span class="pl-en">shift_right</span> <span class="pl-en">x_xor_q</span> <span class="pl-en">n_minus_one</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">sub_mod</span> <span class="pl-en">x_xor_q_</span> <span class="pl-c1">(</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+    <span class="pl-en">lemma_sub_msbs</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">;</span>
+    <span class="pl-en">lemma_msb_gte</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">y</span><span class="pl-c1">);</span>
+    <span class="pl-en">lemma_msb_gte</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">);</span>
+    <span class="pl-en">c</span>
+<span class="pl-c1">#</span><span class="pl-en">reset</span><span class="pl-c1">-</span><span class="pl-en">options</span></pre></div>
+<p>With inspiration from <a href="https://git.zx2c4.com/WireGuard/commit/src/crypto/curve25519-hacl64.h?id=0a483a9b431d87eca1b275463c632f8d5551978a" rel="nofollow">https://git.zx2c4.com/WireGuard/commit/src/crypto/curve25519-hacl64.h?id=0a483a9b431d87eca1b275463c632f8d5551978a</a></p>
+<h3>
+<a id="user-content-infix-notations" class="anchor" href="#infix-notations" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Infix notations</h3>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Plus_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">add</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Plus_Question_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">add_underspec</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Plus_Percent_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">add_mod</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Subtraction_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">sub</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Subtraction_Question_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">sub_underspec</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Subtraction_Percent_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">sub_mod</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Star_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">mul</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Star_Question_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">mul_underspec</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Star_Percent_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">mul_mod</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Slash_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">div</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Percent_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">rem</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Hat_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">logxor</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Amp_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">logand</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Bar_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">logor</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Less_Less_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">shift_left</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Greater_Greater_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">shift_right</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Equals_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">eq</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Greater_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">gt</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Greater_Equals_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">gte</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Less_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">lt</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Less_Equals_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">lte</span></pre></div>
+<h2>
+<a id="user-content-to-input--output-constants" class="anchor" href="#to-input--output-constants" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>To input / output constants</h2>
+<h4>
+<a id="user-content-to_string" class="anchor" href="#to_string" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>to_string</h4>
+<p>In decimal representation</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">to_string</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">string</span></pre></div>
+<h4>
+<a id="user-content-to_string_hex" class="anchor" href="#to_string_hex" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>to_string_hex</h4>
+<p>In hex representation (with leading 0x)</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">to_string_hex</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">string</span></pre></div>
+<h4>
+<a id="user-content-to_string_hex_pad" class="anchor" href="#to_string_hex_pad" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>to_string_hex_pad</h4>
+<p>In fixed-width hex representation (left-padded with zeroes, no leading 0x)</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">to_string_hex_pad</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">string</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">of_string</span><span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">t</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#set-options</span> "<span class="pl-s">--lax</span>"</pre></div>
+<p>This private primitive is used internally by the
+compiler to translate bounded integer constants
+with a desugaring-time check of the size of the number,
+rather than an expensive verification check.
+Since it is marked private, client programs cannot call it directly
+Since it is marked unfold, it eagerly reduces,
+eliminating the verification overhead of the wrapper</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">__uint_to_t</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">t</span>
+    <span class="pl-c1">=</span> <span class="pl-en">uint_to_t</span> <span class="pl-en">x</span>
+<span class="pl-c1">#</span><span class="pl-en">reset</span><span class="pl-c1">-</span><span class="pl-en">options</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.UInt32.html b/docs/FStar.UInt32.html
index 0f5e1eb..7adf2fb 100644
--- a/docs/FStar.UInt32.html
+++ b/docs/FStar.UInt32.html
@@ -1,16 +1,376 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.UInt32</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.uint32">module FStar.UInt32</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstaruint32" class="anchor" href="#fstaruint32" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.UInt32</h1>
+<h2>
+<a id="user-content-this-module-is-genetated-automatically-using-mk_intsh-do-not-edit-directly-" class="anchor" href="#this-module-is-genetated-automatically-using-mk_intsh-do-not-edit-directly-" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>THIS MODULE IS GENETATED AUTOMATICALLY USING <code>mk_int.sh</code>, DO NOT EDIT DIRECTLY ***</h2>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">32</span></pre></div>
+<blockquote>
+<p>For FStar.UIntN.fstp: anything that you fix/update here should be
+reflected in <code>FStar.IntN.fstp</code>, which is mostly a copy-paste of
+this module.</p>
+<p>Except, as compared to <code>FStar.IntN.fstp</code>, here:</p>
+<ul>
+<li>every occurrence of <code>int_t</code> has been replaced with <code>uint_t</code>
+</li>
+<li>every occurrence of <code>@%</code> has been replaced with <code>%</code>.</li>
+<li>some functions (e.g., add_underspec, etc.) are only defined here, not on signed integers</li>
+</ul>
+</blockquote>
+<blockquote>
+<p>This module provides an abstract type for machine integers of a
+given signedness and width. The interface is designed to be safe
+with respect to arithmetic underflow and overflow.</p>
+</blockquote>
+<blockquote>
+<p>Note, we have attempted several times to re-design this module to
+make it more amenable to normalization and to impose less overhead
+on the SMT solver when reasoning about machine integer
+arithmetic. The following github issue reports on the current
+status of that work.</p>
+<p><a href="https://github.com/FStarLang/FStar/issues/1757">https://github.com/FStarLang/FStar/issues/1757</a></p>
+</blockquote>
+<ul>
+<li>Opens module <a href="FStar.UInt.html">FStar.UInt</a>
+</li>
+<li>Opens module <a href="FStar.Mul.html">FStar.Mul</a>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#set-options</span> "<span class="pl-s">--max_fuel 0 --max_ifuel 0</span>"</pre></div>
+<h4>
+<a id="user-content-t" class="anchor" href="#t" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>t</h4>
+<p>Abstract type of machine integers, with an underlying
+representation using a bounded mathematical integer</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">new</span> <span class="pl-k">val</span> <span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-c1">eqtype</span></pre></div>
+<h4>
+<a id="user-content-v" class="anchor" href="#v" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>v</h4>
+<p>A coercion that projects a bounded mathematical integer from a
+machine integer</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-uint_to_t" class="anchor" href="#uint_to_t" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>uint_to_t</h4>
+<p>A coercion that injects a bounded mathematical integers into a
+machine integer</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-uv_inv" class="anchor" href="#uv_inv" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>uv_inv</h4>
+<p>Injection/projection inverse</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">uv_inv</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)]</span></pre></div>
+<h4>
+<a id="user-content-vu_inv" class="anchor" href="#vu_inv" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>vu_inv</h4>
+<p>Projection/injection inverse</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">vu_inv</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">uint_to_t</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">uint_to_t</span> <span class="pl-en">x</span><span class="pl-c1">)]</span></pre></div>
+<h4>
+<a id="user-content-v_inj" class="anchor" href="#v_inj" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>v_inj</h4>
+<p>An alternate form of the injectivity of the <a href="#v"><code>v</code></a> projection</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">v_inj</span> <span class="pl-c1">(</span><span class="pl-en">x1</span> <span class="pl-en">x2</span><span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">):</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x1</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">x2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">x1</span> <span class="pl-c1">==</span> <span class="pl-en">x2</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-zero" class="anchor" href="#zero" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>zero</h4>
+<p>Constants 0 and 1</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">zero</span> <span class="pl-c1">:</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">one</span> <span class="pl-c1">:</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">1</span><span class="pl-c1">}</span></pre></div>
+<h2>
+<a id="user-content-addition-primitives" class="anchor" href="#addition-primitives" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Addition primitives</h2>
+<h4>
+<a id="user-content-add" class="anchor" href="#add" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>add</h4>
+<p>Bounds-respecting addition</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">add</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>The precondition enforces that the sum does not overflow,
+expressing the bound as an addition on mathematical integers</p>
+<h4>
+<a id="user-content-add_underspec" class="anchor" href="#add_underspec" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>add_underspec</h4>
+<p>Underspecified, possibly overflowing addition:</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">add_underspec</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>The postcondition only enures that the result is the sum of the
+arguments in case there is no overflow</p>
+<h4>
+<a id="user-content-add_mod" class="anchor" href="#add_mod" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>add_mod</h4>
+<p>Addition modulo <code>2^n</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">add_mod</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt.</span><span class="pl-en">add_mod</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Machine integers can always be added, but the postcondition is now
+in terms of addition modulo <code>2^n</code> on mathematical integers</p>
+<h2>
+<a id="user-content-subtraction-primitives" class="anchor" href="#subtraction-primitives" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Subtraction primitives</h2>
+<h4>
+<a id="user-content-sub" class="anchor" href="#sub" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>sub</h4>
+<p>Bounds-respecting subtraction</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sub</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>The precondition enforces that the difference does not underflow,
+expressing the bound as a difference on mathematical integers</p>
+<h4>
+<a id="user-content-sub_underspec" class="anchor" href="#sub_underspec" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>sub_underspec</h4>
+<p>Underspecified, possibly overflowing subtraction:</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sub_underspec</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>The postcondition only enures that the result is the difference of
+the arguments in case there is no underflow</p>
+<h4>
+<a id="user-content-sub_mod" class="anchor" href="#sub_mod" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>sub_mod</h4>
+<p>Subtraction modulo <code>2^n</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sub_mod</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt.</span><span class="pl-en">sub_mod</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Machine integers can always be subtractd, but the postcondition is
+now in terms of subtraction modulo <code>2^n</code> on mathematical integers</p>
+<h2>
+<a id="user-content-multiplication-primitives" class="anchor" href="#multiplication-primitives" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Multiplication primitives</h2>
+<h4>
+<a id="user-content-mul" class="anchor" href="#mul" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>mul</h4>
+<p>Bounds-respecting multiplication</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mul</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> * <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> * <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>The precondition enforces that the product does not overflow,
+expressing the bound as a product on mathematical integers</p>
+<h4>
+<a id="user-content-mul_underspec" class="anchor" href="#mul_underspec" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>mul_underspec</h4>
+<p>Underspecified, possibly overflowing product</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mul_underspec</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> * <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> * <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>The postcondition only enures that the result is the product of
+the arguments in case there is no overflow</p>
+<h4>
+<a id="user-content-mul_mod" class="anchor" href="#mul_mod" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>mul_mod</h4>
+<p>Multiplication modulo <code>2^n</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mul_mod</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt.</span><span class="pl-en">mul_mod</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Machine integers can always be multiplied, but the postcondition
+is now in terms of product modulo <code>2^n</code> on mathematical integers</p>
+<h2>
+<a id="user-content-division-primitives" class="anchor" href="#division-primitives" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Division primitives</h2>
+<h4>
+<a id="user-content-div" class="anchor" href="#div" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>div</h4>
+<p>Euclidean division of <code>a</code> and <code>b</code>, with <code>b</code> non-zero</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">div</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">True</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> / <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<h2>
+<a id="user-content-modulo-primitives" class="anchor" href="#modulo-primitives" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Modulo primitives</h2>
+<h4>
+<a id="user-content-rem" class="anchor" href="#rem" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>rem</h4>
+<p>Euclidean remainder</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">rem</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt.</span><span class="pl-en">mod</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>The result is the modulus of <code>a</code> with respect to a non-zero <code>b</code></p>
+<h2>
+<a id="user-content-bitwise-operators" class="anchor" href="#bitwise-operators" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Bitwise operators</h2>
+<blockquote>
+<p>Also see FStar.BV</p>
+</blockquote>
+<h4>
+<a id="user-content-logand" class="anchor" href="#logand" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>logand</h4>
+<p>Bitwise logical conjunction</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logand</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">logand</span><span class="pl-c1">`</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-logxor" class="anchor" href="#logxor" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>logxor</h4>
+<p>Bitwise logical exclusive-or</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logxor</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">logxor</span><span class="pl-c1">`</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-logor" class="anchor" href="#logor" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>logor</h4>
+<p>Bitwise logical disjunction</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logor</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">logor</span><span class="pl-c1">`</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-lognot" class="anchor" href="#lognot" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lognot</h4>
+<p>Bitwise logical negation</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lognot</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">lognot</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<h2>
+<a id="user-content-shift-operators" class="anchor" href="#shift-operators" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Shift operators</h2>
+<h4>
+<a id="user-content-shift_right" class="anchor" href="#shift_right" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>shift_right</h4>
+<p>Shift right with zero fill, shifting at most the integer width</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_right</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">s</span> &lt; <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt.</span><span class="pl-en">shift_right</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-shift_left" class="anchor" href="#shift_left" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>shift_left</h4>
+<p>Shift left with zero fill, shifting at most the integer width</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_left</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">s</span> &lt; <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt.</span><span class="pl-en">shift_left</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<h2>
+<a id="user-content-comparison-operators" class="anchor" href="#comparison-operators" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Comparison operators</h2>
+<h4>
+<a id="user-content-eq" class="anchor" href="#eq" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>eq</h4>
+<p>Equality</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">eq</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">eq</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<p>Note, it is safe to also use the polymorphic decidable equality
+operator <code>=</code></p>
+<h4>
+<a id="user-content-gt" class="anchor" href="#gt" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>gt</h4>
+<p>Greater than</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">gt</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">gt</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-gte" class="anchor" href="#gte" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>gte</h4>
+<p>Greater than or equal</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">gte</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">gte</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-lt" class="anchor" href="#lt" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lt</h4>
+<p>Less than</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lt</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">lt</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-lte" class="anchor" href="#lte" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lte</h4>
+<p>Less than or equal</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lte</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">lte</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-minus" class="anchor" href="#minus" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>minus</h4>
+<p>Unary negation</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">inline_for_extraction</span>
+<span class="pl-k">let</span> <span class="pl-en">minus</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">add_mod</span> <span class="pl-c1">(</span><span class="pl-en">lognot</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">1</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-n_minus_one" class="anchor" href="#n_minus_one" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>n_minus_one</h4>
+<p>The maximum value for this type</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">inline_for_extraction</span>
+<span class="pl-k">let</span> <span class="pl-en">n_minus_one</span> <span class="pl-c1">=</span> <span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#set-options</span> "<span class="pl-s">--z3rlimit 80 --initial_fuel 1 --max_fuel 1</span>"</pre></div>
+<h4>
+<a id="user-content-eq_mask" class="anchor" href="#eq_mask" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>eq_mask</h4>
+<p>A constant-time way to compute the equality of
+two machine integers.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">eq_mask</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">v</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">pow2</span> <span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+                       <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> &lt;&gt; <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">v</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">logxor</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">minus_x</span> <span class="pl-c1">=</span> <span class="pl-en">minus</span> <span class="pl-en">x</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">x_or_minus_x</span> <span class="pl-c1">=</span> <span class="pl-en">logor</span> <span class="pl-en">x</span> <span class="pl-en">minus_x</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">xnx</span> <span class="pl-c1">=</span> <span class="pl-en">shift_right</span> <span class="pl-en">x_or_minus_x</span> <span class="pl-en">n_minus_one</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">sub_mod</span> <span class="pl-en">xnx</span> <span class="pl-c1">(</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+    <span class="pl-k">if</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">b</span> <span class="pl-k">then</span>
+    <span class="pl-k">begin</span>
+      <span class="pl-en">logxor_self</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">);</span>
+      <span class="pl-en">lognot_lemma_1</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">;</span>
+      <span class="pl-en">logor_lemma_1</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">);</span>
+      <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-c1">/\</span> <span class="pl-en">v</span> <span class="pl-en">minus_x</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-c1">/\</span>
+              <span class="pl-en">v</span> <span class="pl-en">x_or_minus_x</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-c1">/\</span> <span class="pl-en">v</span> <span class="pl-en">xnx</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">);</span>
+      <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">ones</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+    <span class="pl-k">end</span>
+    <span class="pl-k">else</span>
+    <span class="pl-k">begin</span>
+      <span class="pl-en">logxor_neq_nonzero</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">);</span>
+      <span class="pl-en">lemma_msb_pow2</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">lognot</span> <span class="pl-en">x</span><span class="pl-c1">));</span>
+      <span class="pl-en">lemma_msb_pow2</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">minus_x</span><span class="pl-c1">);</span>
+      <span class="pl-en">lemma_minus_zero</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">);</span>
+      <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-smi">FStar.UInt.</span><span class="pl-en">zero</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+    <span class="pl-k">end</span><span class="pl-c1">;</span>
+    <span class="pl-en">c</span></pre></div>
+<p>With inspiration from <a href="https://git.zx2c4.com/WireGuard/commit/src/crypto/curve25519-hacl64.h?id=2e60bb395c1f589a398ec606d611132ef9ef764b" rel="nofollow">https://git.zx2c4.com/WireGuard/commit/src/crypto/curve25519-hacl64.h?id=2e60bb395c1f589a398ec606d611132ef9ef764b</a></p>
+<p>Note, the branching on <code>a=b</code> is just for proof-purposes.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">val</span> <span class="pl-en">lemma_sub_msbs</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">msb</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">msb</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">==&gt;</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> &lt; <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">msb</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">sub_mod</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">))))</span></pre></div>
+<h4>
+<a id="user-content-gte_mask" class="anchor" href="#gte_mask" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>gte_mask</h4>
+<p>A constant-time way to compute the <code>&gt;=</code> inequality of
+two machine integers.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">gte_mask</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">v</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">pow2</span> <span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+                       <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> &lt; <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">v</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">b</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">x_xor_y</span> <span class="pl-c1">=</span> <span class="pl-en">logxor</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">x_sub_y</span> <span class="pl-c1">=</span> <span class="pl-en">sub_mod</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">x_sub_y_xor_y</span> <span class="pl-c1">=</span> <span class="pl-en">logxor</span> <span class="pl-en">x_sub_y</span> <span class="pl-en">y</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">q</span> <span class="pl-c1">=</span> <span class="pl-en">logor</span> <span class="pl-en">x_xor_y</span> <span class="pl-en">x_sub_y_xor_y</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">x_xor_q</span> <span class="pl-c1">=</span> <span class="pl-en">logxor</span> <span class="pl-en">x</span> <span class="pl-en">q</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">x_xor_q_</span> <span class="pl-c1">=</span> <span class="pl-en">shift_right</span> <span class="pl-en">x_xor_q</span> <span class="pl-en">n_minus_one</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">sub_mod</span> <span class="pl-en">x_xor_q_</span> <span class="pl-c1">(</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+    <span class="pl-en">lemma_sub_msbs</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">;</span>
+    <span class="pl-en">lemma_msb_gte</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">y</span><span class="pl-c1">);</span>
+    <span class="pl-en">lemma_msb_gte</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">);</span>
+    <span class="pl-en">c</span>
+<span class="pl-c1">#</span><span class="pl-en">reset</span><span class="pl-c1">-</span><span class="pl-en">options</span></pre></div>
+<p>With inspiration from <a href="https://git.zx2c4.com/WireGuard/commit/src/crypto/curve25519-hacl64.h?id=0a483a9b431d87eca1b275463c632f8d5551978a" rel="nofollow">https://git.zx2c4.com/WireGuard/commit/src/crypto/curve25519-hacl64.h?id=0a483a9b431d87eca1b275463c632f8d5551978a</a></p>
+<h3>
+<a id="user-content-infix-notations" class="anchor" href="#infix-notations" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Infix notations</h3>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Plus_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">add</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Plus_Question_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">add_underspec</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Plus_Percent_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">add_mod</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Subtraction_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">sub</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Subtraction_Question_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">sub_underspec</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Subtraction_Percent_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">sub_mod</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Star_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">mul</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Star_Question_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">mul_underspec</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Star_Percent_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">mul_mod</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Slash_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">div</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Percent_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">rem</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Hat_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">logxor</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Amp_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">logand</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Bar_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">logor</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Less_Less_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">shift_left</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Greater_Greater_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">shift_right</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Equals_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">eq</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Greater_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">gt</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Greater_Equals_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">gte</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Less_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">lt</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Less_Equals_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">lte</span></pre></div>
+<h2>
+<a id="user-content-to-input--output-constants" class="anchor" href="#to-input--output-constants" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>To input / output constants</h2>
+<h4>
+<a id="user-content-to_string" class="anchor" href="#to_string" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>to_string</h4>
+<p>In decimal representation</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">to_string</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">string</span></pre></div>
+<h4>
+<a id="user-content-to_string_hex" class="anchor" href="#to_string_hex" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>to_string_hex</h4>
+<p>In hex representation (with leading 0x)</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">to_string_hex</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">string</span></pre></div>
+<h4>
+<a id="user-content-to_string_hex_pad" class="anchor" href="#to_string_hex_pad" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>to_string_hex_pad</h4>
+<p>In fixed-width hex representation (left-padded with zeroes, no leading 0x)</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">to_string_hex_pad</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">string</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">of_string</span><span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">t</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#set-options</span> "<span class="pl-s">--lax</span>"</pre></div>
+<p>This private primitive is used internally by the
+compiler to translate bounded integer constants
+with a desugaring-time check of the size of the number,
+rather than an expensive verification check.
+Since it is marked private, client programs cannot call it directly
+Since it is marked unfold, it eagerly reduces,
+eliminating the verification overhead of the wrapper</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">__uint_to_t</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">t</span>
+    <span class="pl-c1">=</span> <span class="pl-en">uint_to_t</span> <span class="pl-en">x</span>
+<span class="pl-c1">#</span><span class="pl-en">reset</span><span class="pl-c1">-</span><span class="pl-en">options</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.UInt64.html b/docs/FStar.UInt64.html
index 125123a..2be0826 100644
--- a/docs/FStar.UInt64.html
+++ b/docs/FStar.UInt64.html
@@ -1,16 +1,376 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.UInt64</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.uint64">module FStar.UInt64</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstaruint64" class="anchor" href="#fstaruint64" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.UInt64</h1>
+<h2>
+<a id="user-content-this-module-is-genetated-automatically-using-mk_intsh-do-not-edit-directly-" class="anchor" href="#this-module-is-genetated-automatically-using-mk_intsh-do-not-edit-directly-" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>THIS MODULE IS GENETATED AUTOMATICALLY USING <code>mk_int.sh</code>, DO NOT EDIT DIRECTLY ***</h2>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">64</span></pre></div>
+<blockquote>
+<p>For FStar.UIntN.fstp: anything that you fix/update here should be
+reflected in <code>FStar.IntN.fstp</code>, which is mostly a copy-paste of
+this module.</p>
+<p>Except, as compared to <code>FStar.IntN.fstp</code>, here:</p>
+<ul>
+<li>every occurrence of <code>int_t</code> has been replaced with <code>uint_t</code>
+</li>
+<li>every occurrence of <code>@%</code> has been replaced with <code>%</code>.</li>
+<li>some functions (e.g., add_underspec, etc.) are only defined here, not on signed integers</li>
+</ul>
+</blockquote>
+<blockquote>
+<p>This module provides an abstract type for machine integers of a
+given signedness and width. The interface is designed to be safe
+with respect to arithmetic underflow and overflow.</p>
+</blockquote>
+<blockquote>
+<p>Note, we have attempted several times to re-design this module to
+make it more amenable to normalization and to impose less overhead
+on the SMT solver when reasoning about machine integer
+arithmetic. The following github issue reports on the current
+status of that work.</p>
+<p><a href="https://github.com/FStarLang/FStar/issues/1757">https://github.com/FStarLang/FStar/issues/1757</a></p>
+</blockquote>
+<ul>
+<li>Opens module <a href="FStar.UInt.html">FStar.UInt</a>
+</li>
+<li>Opens module <a href="FStar.Mul.html">FStar.Mul</a>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#set-options</span> "<span class="pl-s">--max_fuel 0 --max_ifuel 0</span>"</pre></div>
+<h4>
+<a id="user-content-t" class="anchor" href="#t" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>t</h4>
+<p>Abstract type of machine integers, with an underlying
+representation using a bounded mathematical integer</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">new</span> <span class="pl-k">val</span> <span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-c1">eqtype</span></pre></div>
+<h4>
+<a id="user-content-v" class="anchor" href="#v" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>v</h4>
+<p>A coercion that projects a bounded mathematical integer from a
+machine integer</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-uint_to_t" class="anchor" href="#uint_to_t" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>uint_to_t</h4>
+<p>A coercion that injects a bounded mathematical integers into a
+machine integer</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-uv_inv" class="anchor" href="#uv_inv" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>uv_inv</h4>
+<p>Injection/projection inverse</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">uv_inv</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)]</span></pre></div>
+<h4>
+<a id="user-content-vu_inv" class="anchor" href="#vu_inv" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>vu_inv</h4>
+<p>Projection/injection inverse</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">vu_inv</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">uint_to_t</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">uint_to_t</span> <span class="pl-en">x</span><span class="pl-c1">)]</span></pre></div>
+<h4>
+<a id="user-content-v_inj" class="anchor" href="#v_inj" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>v_inj</h4>
+<p>An alternate form of the injectivity of the <a href="#v"><code>v</code></a> projection</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">v_inj</span> <span class="pl-c1">(</span><span class="pl-en">x1</span> <span class="pl-en">x2</span><span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">):</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x1</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">x2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">x1</span> <span class="pl-c1">==</span> <span class="pl-en">x2</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-zero" class="anchor" href="#zero" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>zero</h4>
+<p>Constants 0 and 1</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">zero</span> <span class="pl-c1">:</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">one</span> <span class="pl-c1">:</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">1</span><span class="pl-c1">}</span></pre></div>
+<h2>
+<a id="user-content-addition-primitives" class="anchor" href="#addition-primitives" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Addition primitives</h2>
+<h4>
+<a id="user-content-add" class="anchor" href="#add" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>add</h4>
+<p>Bounds-respecting addition</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">add</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>The precondition enforces that the sum does not overflow,
+expressing the bound as an addition on mathematical integers</p>
+<h4>
+<a id="user-content-add_underspec" class="anchor" href="#add_underspec" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>add_underspec</h4>
+<p>Underspecified, possibly overflowing addition:</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">add_underspec</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>The postcondition only enures that the result is the sum of the
+arguments in case there is no overflow</p>
+<h4>
+<a id="user-content-add_mod" class="anchor" href="#add_mod" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>add_mod</h4>
+<p>Addition modulo <code>2^n</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">add_mod</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt.</span><span class="pl-en">add_mod</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Machine integers can always be added, but the postcondition is now
+in terms of addition modulo <code>2^n</code> on mathematical integers</p>
+<h2>
+<a id="user-content-subtraction-primitives" class="anchor" href="#subtraction-primitives" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Subtraction primitives</h2>
+<h4>
+<a id="user-content-sub" class="anchor" href="#sub" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>sub</h4>
+<p>Bounds-respecting subtraction</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sub</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>The precondition enforces that the difference does not underflow,
+expressing the bound as a difference on mathematical integers</p>
+<h4>
+<a id="user-content-sub_underspec" class="anchor" href="#sub_underspec" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>sub_underspec</h4>
+<p>Underspecified, possibly overflowing subtraction:</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sub_underspec</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>The postcondition only enures that the result is the difference of
+the arguments in case there is no underflow</p>
+<h4>
+<a id="user-content-sub_mod" class="anchor" href="#sub_mod" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>sub_mod</h4>
+<p>Subtraction modulo <code>2^n</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sub_mod</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt.</span><span class="pl-en">sub_mod</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Machine integers can always be subtractd, but the postcondition is
+now in terms of subtraction modulo <code>2^n</code> on mathematical integers</p>
+<h2>
+<a id="user-content-multiplication-primitives" class="anchor" href="#multiplication-primitives" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Multiplication primitives</h2>
+<h4>
+<a id="user-content-mul" class="anchor" href="#mul" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>mul</h4>
+<p>Bounds-respecting multiplication</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mul</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> * <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> * <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>The precondition enforces that the product does not overflow,
+expressing the bound as a product on mathematical integers</p>
+<h4>
+<a id="user-content-mul_underspec" class="anchor" href="#mul_underspec" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>mul_underspec</h4>
+<p>Underspecified, possibly overflowing product</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mul_underspec</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> * <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> * <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>The postcondition only enures that the result is the product of
+the arguments in case there is no overflow</p>
+<h4>
+<a id="user-content-mul_mod" class="anchor" href="#mul_mod" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>mul_mod</h4>
+<p>Multiplication modulo <code>2^n</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mul_mod</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt.</span><span class="pl-en">mul_mod</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Machine integers can always be multiplied, but the postcondition
+is now in terms of product modulo <code>2^n</code> on mathematical integers</p>
+<h2>
+<a id="user-content-division-primitives" class="anchor" href="#division-primitives" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Division primitives</h2>
+<h4>
+<a id="user-content-div" class="anchor" href="#div" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>div</h4>
+<p>Euclidean division of <code>a</code> and <code>b</code>, with <code>b</code> non-zero</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">div</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">True</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> / <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<h2>
+<a id="user-content-modulo-primitives" class="anchor" href="#modulo-primitives" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Modulo primitives</h2>
+<h4>
+<a id="user-content-rem" class="anchor" href="#rem" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>rem</h4>
+<p>Euclidean remainder</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">rem</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt.</span><span class="pl-en">mod</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>The result is the modulus of <code>a</code> with respect to a non-zero <code>b</code></p>
+<h2>
+<a id="user-content-bitwise-operators" class="anchor" href="#bitwise-operators" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Bitwise operators</h2>
+<blockquote>
+<p>Also see FStar.BV</p>
+</blockquote>
+<h4>
+<a id="user-content-logand" class="anchor" href="#logand" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>logand</h4>
+<p>Bitwise logical conjunction</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logand</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">logand</span><span class="pl-c1">`</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-logxor" class="anchor" href="#logxor" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>logxor</h4>
+<p>Bitwise logical exclusive-or</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logxor</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">logxor</span><span class="pl-c1">`</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-logor" class="anchor" href="#logor" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>logor</h4>
+<p>Bitwise logical disjunction</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logor</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">logor</span><span class="pl-c1">`</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-lognot" class="anchor" href="#lognot" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lognot</h4>
+<p>Bitwise logical negation</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lognot</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">lognot</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<h2>
+<a id="user-content-shift-operators" class="anchor" href="#shift-operators" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Shift operators</h2>
+<h4>
+<a id="user-content-shift_right" class="anchor" href="#shift_right" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>shift_right</h4>
+<p>Shift right with zero fill, shifting at most the integer width</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_right</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span> &lt; <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt.</span><span class="pl-en">shift_right</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-shift_left" class="anchor" href="#shift_left" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>shift_left</h4>
+<p>Shift left with zero fill, shifting at most the integer width</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_left</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span> &lt; <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt.</span><span class="pl-en">shift_left</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<h2>
+<a id="user-content-comparison-operators" class="anchor" href="#comparison-operators" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Comparison operators</h2>
+<h4>
+<a id="user-content-eq" class="anchor" href="#eq" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>eq</h4>
+<p>Equality</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">eq</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">eq</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<p>Note, it is safe to also use the polymorphic decidable equality
+operator <code>=</code></p>
+<h4>
+<a id="user-content-gt" class="anchor" href="#gt" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>gt</h4>
+<p>Greater than</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">gt</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">gt</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-gte" class="anchor" href="#gte" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>gte</h4>
+<p>Greater than or equal</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">gte</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">gte</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-lt" class="anchor" href="#lt" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lt</h4>
+<p>Less than</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lt</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">lt</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-lte" class="anchor" href="#lte" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lte</h4>
+<p>Less than or equal</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lte</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">lte</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-minus" class="anchor" href="#minus" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>minus</h4>
+<p>Unary negation</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">inline_for_extraction</span>
+<span class="pl-k">let</span> <span class="pl-en">minus</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">add_mod</span> <span class="pl-c1">(</span><span class="pl-en">lognot</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">1</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-n_minus_one" class="anchor" href="#n_minus_one" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>n_minus_one</h4>
+<p>The maximum value for this type</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">inline_for_extraction</span>
+<span class="pl-k">let</span> <span class="pl-en">n_minus_one</span> <span class="pl-c1">=</span> <span class="pl-smi">UInt32.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#set-options</span> "<span class="pl-s">--z3rlimit 80 --initial_fuel 1 --max_fuel 1</span>"</pre></div>
+<h4>
+<a id="user-content-eq_mask" class="anchor" href="#eq_mask" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>eq_mask</h4>
+<p>A constant-time way to compute the equality of
+two machine integers.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">eq_mask</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">v</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">pow2</span> <span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+                       <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> &lt;&gt; <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">v</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">logxor</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">minus_x</span> <span class="pl-c1">=</span> <span class="pl-en">minus</span> <span class="pl-en">x</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">x_or_minus_x</span> <span class="pl-c1">=</span> <span class="pl-en">logor</span> <span class="pl-en">x</span> <span class="pl-en">minus_x</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">xnx</span> <span class="pl-c1">=</span> <span class="pl-en">shift_right</span> <span class="pl-en">x_or_minus_x</span> <span class="pl-en">n_minus_one</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">sub_mod</span> <span class="pl-en">xnx</span> <span class="pl-c1">(</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+    <span class="pl-k">if</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">b</span> <span class="pl-k">then</span>
+    <span class="pl-k">begin</span>
+      <span class="pl-en">logxor_self</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">);</span>
+      <span class="pl-en">lognot_lemma_1</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">;</span>
+      <span class="pl-en">logor_lemma_1</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">);</span>
+      <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-c1">/\</span> <span class="pl-en">v</span> <span class="pl-en">minus_x</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-c1">/\</span>
+              <span class="pl-en">v</span> <span class="pl-en">x_or_minus_x</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-c1">/\</span> <span class="pl-en">v</span> <span class="pl-en">xnx</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">);</span>
+      <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">ones</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+    <span class="pl-k">end</span>
+    <span class="pl-k">else</span>
+    <span class="pl-k">begin</span>
+      <span class="pl-en">logxor_neq_nonzero</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">);</span>
+      <span class="pl-en">lemma_msb_pow2</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">lognot</span> <span class="pl-en">x</span><span class="pl-c1">));</span>
+      <span class="pl-en">lemma_msb_pow2</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">minus_x</span><span class="pl-c1">);</span>
+      <span class="pl-en">lemma_minus_zero</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">);</span>
+      <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-smi">FStar.UInt.</span><span class="pl-en">zero</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+    <span class="pl-k">end</span><span class="pl-c1">;</span>
+    <span class="pl-en">c</span></pre></div>
+<p>With inspiration from <a href="https://git.zx2c4.com/WireGuard/commit/src/crypto/curve25519-hacl64.h?id=2e60bb395c1f589a398ec606d611132ef9ef764b" rel="nofollow">https://git.zx2c4.com/WireGuard/commit/src/crypto/curve25519-hacl64.h?id=2e60bb395c1f589a398ec606d611132ef9ef764b</a></p>
+<p>Note, the branching on <code>a=b</code> is just for proof-purposes.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">val</span> <span class="pl-en">lemma_sub_msbs</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">msb</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">msb</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">==&gt;</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> &lt; <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">msb</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">sub_mod</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">))))</span></pre></div>
+<h4>
+<a id="user-content-gte_mask" class="anchor" href="#gte_mask" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>gte_mask</h4>
+<p>A constant-time way to compute the <code>&gt;=</code> inequality of
+two machine integers.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">gte_mask</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">v</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">pow2</span> <span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+                       <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> &lt; <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">v</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">b</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">x_xor_y</span> <span class="pl-c1">=</span> <span class="pl-en">logxor</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">x_sub_y</span> <span class="pl-c1">=</span> <span class="pl-en">sub_mod</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">x_sub_y_xor_y</span> <span class="pl-c1">=</span> <span class="pl-en">logxor</span> <span class="pl-en">x_sub_y</span> <span class="pl-en">y</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">q</span> <span class="pl-c1">=</span> <span class="pl-en">logor</span> <span class="pl-en">x_xor_y</span> <span class="pl-en">x_sub_y_xor_y</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">x_xor_q</span> <span class="pl-c1">=</span> <span class="pl-en">logxor</span> <span class="pl-en">x</span> <span class="pl-en">q</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">x_xor_q_</span> <span class="pl-c1">=</span> <span class="pl-en">shift_right</span> <span class="pl-en">x_xor_q</span> <span class="pl-en">n_minus_one</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">sub_mod</span> <span class="pl-en">x_xor_q_</span> <span class="pl-c1">(</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+    <span class="pl-en">lemma_sub_msbs</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">;</span>
+    <span class="pl-en">lemma_msb_gte</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">y</span><span class="pl-c1">);</span>
+    <span class="pl-en">lemma_msb_gte</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">);</span>
+    <span class="pl-en">c</span>
+<span class="pl-c1">#</span><span class="pl-en">reset</span><span class="pl-c1">-</span><span class="pl-en">options</span></pre></div>
+<p>With inspiration from <a href="https://git.zx2c4.com/WireGuard/commit/src/crypto/curve25519-hacl64.h?id=0a483a9b431d87eca1b275463c632f8d5551978a" rel="nofollow">https://git.zx2c4.com/WireGuard/commit/src/crypto/curve25519-hacl64.h?id=0a483a9b431d87eca1b275463c632f8d5551978a</a></p>
+<h3>
+<a id="user-content-infix-notations" class="anchor" href="#infix-notations" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Infix notations</h3>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Plus_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">add</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Plus_Question_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">add_underspec</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Plus_Percent_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">add_mod</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Subtraction_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">sub</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Subtraction_Question_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">sub_underspec</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Subtraction_Percent_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">sub_mod</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Star_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">mul</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Star_Question_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">mul_underspec</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Star_Percent_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">mul_mod</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Slash_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">div</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Percent_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">rem</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Hat_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">logxor</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Amp_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">logand</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Bar_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">logor</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Less_Less_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">shift_left</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Greater_Greater_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">shift_right</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Equals_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">eq</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Greater_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">gt</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Greater_Equals_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">gte</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Less_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">lt</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Less_Equals_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">lte</span></pre></div>
+<h2>
+<a id="user-content-to-input--output-constants" class="anchor" href="#to-input--output-constants" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>To input / output constants</h2>
+<h4>
+<a id="user-content-to_string" class="anchor" href="#to_string" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>to_string</h4>
+<p>In decimal representation</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">to_string</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">string</span></pre></div>
+<h4>
+<a id="user-content-to_string_hex" class="anchor" href="#to_string_hex" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>to_string_hex</h4>
+<p>In hex representation (with leading 0x)</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">to_string_hex</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">string</span></pre></div>
+<h4>
+<a id="user-content-to_string_hex_pad" class="anchor" href="#to_string_hex_pad" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>to_string_hex_pad</h4>
+<p>In fixed-width hex representation (left-padded with zeroes, no leading 0x)</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">to_string_hex_pad</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">string</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">of_string</span><span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">t</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#set-options</span> "<span class="pl-s">--lax</span>"</pre></div>
+<p>This private primitive is used internally by the
+compiler to translate bounded integer constants
+with a desugaring-time check of the size of the number,
+rather than an expensive verification check.
+Since it is marked private, client programs cannot call it directly
+Since it is marked unfold, it eagerly reduces,
+eliminating the verification overhead of the wrapper</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">__uint_to_t</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">t</span>
+    <span class="pl-c1">=</span> <span class="pl-en">uint_to_t</span> <span class="pl-en">x</span>
+<span class="pl-c1">#</span><span class="pl-en">reset</span><span class="pl-c1">-</span><span class="pl-en">options</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.UInt8.html b/docs/FStar.UInt8.html
index 5cb7bd6..b0fd6b0 100644
--- a/docs/FStar.UInt8.html
+++ b/docs/FStar.UInt8.html
@@ -1,16 +1,377 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.UInt8</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.uint8">module FStar.UInt8</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstaruint8" class="anchor" href="#fstaruint8" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.UInt8</h1>
+<h2>
+<a id="user-content-this-module-is-genetated-automatically-using-mk_intsh-do-not-edit-directly-" class="anchor" href="#this-module-is-genetated-automatically-using-mk_intsh-do-not-edit-directly-" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>THIS MODULE IS GENETATED AUTOMATICALLY USING <code>mk_int.sh</code>, DO NOT EDIT DIRECTLY ***</h2>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">n</span> <span class="pl-c1">=</span> <span class="pl-c1">8</span></pre></div>
+<blockquote>
+<p>For FStar.UIntN.fstp: anything that you fix/update here should be
+reflected in <code>FStar.IntN.fstp</code>, which is mostly a copy-paste of
+this module.</p>
+<p>Except, as compared to <code>FStar.IntN.fstp</code>, here:</p>
+<ul>
+<li>every occurrence of <code>int_t</code> has been replaced with <code>uint_t</code>
+</li>
+<li>every occurrence of <code>@%</code> has been replaced with <code>%</code>.</li>
+<li>some functions (e.g., add_underspec, etc.) are only defined here, not on signed integers</li>
+</ul>
+</blockquote>
+<blockquote>
+<p>This module provides an abstract type for machine integers of a
+given signedness and width. The interface is designed to be safe
+with respect to arithmetic underflow and overflow.</p>
+</blockquote>
+<blockquote>
+<p>Note, we have attempted several times to re-design this module to
+make it more amenable to normalization and to impose less overhead
+on the SMT solver when reasoning about machine integer
+arithmetic. The following github issue reports on the current
+status of that work.</p>
+<p><a href="https://github.com/FStarLang/FStar/issues/1757">https://github.com/FStarLang/FStar/issues/1757</a></p>
+</blockquote>
+<ul>
+<li>Opens module <a href="FStar.UInt.html">FStar.UInt</a>
+</li>
+<li>Opens module <a href="FStar.Mul.html">FStar.Mul</a>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#set-options</span> "<span class="pl-s">--max_fuel 0 --max_ifuel 0</span>"</pre></div>
+<h4>
+<a id="user-content-t" class="anchor" href="#t" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>t</h4>
+<p>Abstract type of machine integers, with an underlying
+representation using a bounded mathematical integer</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">new</span> <span class="pl-k">val</span> <span class="pl-en">t</span> <span class="pl-c1">:</span> <span class="pl-c1">eqtype</span></pre></div>
+<h4>
+<a id="user-content-v" class="anchor" href="#v" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>v</h4>
+<p>A coercion that projects a bounded mathematical integer from a
+machine integer</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-uint_to_t" class="anchor" href="#uint_to_t" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>uint_to_t</h4>
+<p>A coercion that injects a bounded mathematical integers into a
+machine integer</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-uv_inv" class="anchor" href="#uv_inv" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>uv_inv</h4>
+<p>Injection/projection inverse</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">uv_inv</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)]</span></pre></div>
+<h4>
+<a id="user-content-vu_inv" class="anchor" href="#vu_inv" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>vu_inv</h4>
+<p>Projection/injection inverse</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">vu_inv</span> <span class="pl-c1">(</span><span class="pl-en">x</span> <span class="pl-c1">:</span> <span class="pl-en">uint_t</span> <span class="pl-en">n</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">uint_to_t</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">uint_to_t</span> <span class="pl-en">x</span><span class="pl-c1">)]</span></pre></div>
+<h4>
+<a id="user-content-v_inj" class="anchor" href="#v_inj" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>v_inj</h4>
+<p>An alternate form of the injectivity of the <a href="#v"><code>v</code></a> projection</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">v_inj</span> <span class="pl-c1">(</span><span class="pl-en">x1</span> <span class="pl-en">x2</span><span class="pl-c1">:</span> <span class="pl-en">t</span><span class="pl-c1">):</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x1</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">x2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">x1</span> <span class="pl-c1">==</span> <span class="pl-en">x2</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-zero" class="anchor" href="#zero" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>zero</h4>
+<p>Constants 0 and 1</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">zero</span> <span class="pl-c1">:</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">one</span> <span class="pl-c1">:</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">1</span><span class="pl-c1">}</span></pre></div>
+<h2>
+<a id="user-content-addition-primitives" class="anchor" href="#addition-primitives" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Addition primitives</h2>
+<h4>
+<a id="user-content-add" class="anchor" href="#add" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>add</h4>
+<p>Bounds-respecting addition</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">add</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>The precondition enforces that the sum does not overflow,
+expressing the bound as an addition on mathematical integers</p>
+<h4>
+<a id="user-content-add_underspec" class="anchor" href="#add_underspec" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>add_underspec</h4>
+<p>Underspecified, possibly overflowing addition:</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">add_underspec</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">+</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>The postcondition only enures that the result is the sum of the
+arguments in case there is no overflow</p>
+<h4>
+<a id="user-content-add_mod" class="anchor" href="#add_mod" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>add_mod</h4>
+<p>Addition modulo <code>2^n</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">add_mod</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt.</span><span class="pl-en">add_mod</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Machine integers can always be added, but the postcondition is now
+in terms of addition modulo <code>2^n</code> on mathematical integers</p>
+<h2>
+<a id="user-content-subtraction-primitives" class="anchor" href="#subtraction-primitives" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Subtraction primitives</h2>
+<h4>
+<a id="user-content-sub" class="anchor" href="#sub" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>sub</h4>
+<p>Bounds-respecting subtraction</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sub</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>The precondition enforces that the difference does not underflow,
+expressing the bound as a difference on mathematical integers</p>
+<h4>
+<a id="user-content-sub_underspec" class="anchor" href="#sub_underspec" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>sub_underspec</h4>
+<p>Underspecified, possibly overflowing subtraction:</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sub_underspec</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">-</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>The postcondition only enures that the result is the difference of
+the arguments in case there is no underflow</p>
+<h4>
+<a id="user-content-sub_mod" class="anchor" href="#sub_mod" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>sub_mod</h4>
+<p>Subtraction modulo <code>2^n</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sub_mod</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt.</span><span class="pl-en">sub_mod</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Machine integers can always be subtractd, but the postcondition is
+now in terms of subtraction modulo <code>2^n</code> on mathematical integers</p>
+<h2>
+<a id="user-content-multiplication-primitives" class="anchor" href="#multiplication-primitives" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Multiplication primitives</h2>
+<h4>
+<a id="user-content-mul" class="anchor" href="#mul" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>mul</h4>
+<p>Bounds-respecting multiplication</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mul</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> * <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> * <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>The precondition enforces that the product does not overflow,
+expressing the bound as a product on mathematical integers</p>
+<h4>
+<a id="user-content-mul_underspec" class="anchor" href="#mul_underspec" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>mul_underspec</h4>
+<p>Underspecified, possibly overflowing product</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mul_underspec</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span>
+    <span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> * <span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-en">n</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> * <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>The postcondition only enures that the result is the product of
+the arguments in case there is no overflow</p>
+<h4>
+<a id="user-content-mul_mod" class="anchor" href="#mul_mod" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>mul_mod</h4>
+<p>Multiplication modulo <code>2^n</code></p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">mul_mod</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt.</span><span class="pl-en">mul_mod</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>Machine integers can always be multiplied, but the postcondition
+is now in terms of product modulo <code>2^n</code> on mathematical integers</p>
+<h2>
+<a id="user-content-division-primitives" class="anchor" href="#division-primitives" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Division primitives</h2>
+<h4>
+<a id="user-content-div" class="anchor" href="#div" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>div</h4>
+<p>Euclidean division of <code>a</code> and <code>b</code>, with <code>b</code> non-zero</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">div</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-c1">True</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">a</span> / <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<h2>
+<a id="user-content-modulo-primitives" class="anchor" href="#modulo-primitives" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Modulo primitives</h2>
+<h4>
+<a id="user-content-rem" class="anchor" href="#rem" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>rem</h4>
+<p>Euclidean remainder</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">rem</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">{</span><span class="pl-en">v</span> <span class="pl-en">b</span> &lt;&gt; <span class="pl-c1">0</span><span class="pl-c1">})</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt.</span><span class="pl-en">mod</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<p>The result is the modulus of <code>a</code> with respect to a non-zero <code>b</code></p>
+<h2>
+<a id="user-content-bitwise-operators" class="anchor" href="#bitwise-operators" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Bitwise operators</h2>
+<blockquote>
+<p>Also see FStar.BV</p>
+</blockquote>
+<h4>
+<a id="user-content-logand" class="anchor" href="#logand" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>logand</h4>
+<p>Bitwise logical conjunction</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logand</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">logand</span><span class="pl-c1">`</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-logxor" class="anchor" href="#logxor" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>logxor</h4>
+<p>Bitwise logical exclusive-or</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logxor</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">logxor</span><span class="pl-c1">`</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-logor" class="anchor" href="#logor" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>logor</h4>
+<p>Bitwise logical disjunction</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">logor</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">`</span><span class="pl-en">logor</span><span class="pl-c1">`</span> <span class="pl-en">v</span> <span class="pl-en">y</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-lognot" class="anchor" href="#lognot" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lognot</h4>
+<p>Bitwise logical negation</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">lognot</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">z</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">lognot</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">v</span> <span class="pl-en">z</span><span class="pl-c1">))</span></pre></div>
+<h2>
+<a id="user-content-shift-operators" class="anchor" href="#shift-operators" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Shift operators</h2>
+<h4>
+<a id="user-content-shift_right" class="anchor" href="#shift_right" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>shift_right</h4>
+<p>Shift right with zero fill, shifting at most the integer width</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_right</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span> &lt; <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt.</span><span class="pl-en">shift_right</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<h4>
+<a id="user-content-shift_left" class="anchor" href="#shift_left" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>shift_left</h4>
+<p>Shift left with zero fill, shifting at most the integer width</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">shift_left</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">UInt32.</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+  <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span> &lt; <span class="pl-en">n</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-smi">FStar.UInt.</span><span class="pl-en">shift_left</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">UInt32.</span><span class="pl-en">v</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">c</span><span class="pl-c1">))</span></pre></div>
+<h2>
+<a id="user-content-comparison-operators" class="anchor" href="#comparison-operators" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Comparison operators</h2>
+<h4>
+<a id="user-content-eq" class="anchor" href="#eq" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>eq</h4>
+<p>Equality</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">eq</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">eq</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<p>Note, it is safe to also use the polymorphic decidable equality
+operator <code>=</code></p>
+<h4>
+<a id="user-content-gt" class="anchor" href="#gt" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>gt</h4>
+<p>Greater than</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">gt</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">gt</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-gte" class="anchor" href="#gte" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>gte</h4>
+<p>Greater than or equal</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">gte</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">gte</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-lt" class="anchor" href="#lt" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lt</h4>
+<p>Less than</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lt</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">lt</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-lte" class="anchor" href="#lte" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>lte</h4>
+<p>Less than or equal</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lte</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">bool</span> <span class="pl-c1">=</span> <span class="pl-en">lte</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-minus" class="anchor" href="#minus" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>minus</h4>
+<p>Unary negation</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">inline_for_extraction</span>
+<span class="pl-k">let</span> <span class="pl-en">minus</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">add_mod</span> <span class="pl-c1">(</span><span class="pl-en">lognot</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">1</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-n_minus_one" class="anchor" href="#n_minus_one" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>n_minus_one</h4>
+<p>The maximum value for this type</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">inline_for_extraction</span>
+<span class="pl-k">let</span> <span class="pl-en">n_minus_one</span> <span class="pl-c1">=</span> <span class="pl-smi">UInt32.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#set-options</span> "<span class="pl-s">--z3rlimit 80 --initial_fuel 1 --max_fuel 1</span>"</pre></div>
+<h4>
+<a id="user-content-eq_mask" class="anchor" href="#eq_mask" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>eq_mask</h4>
+<p>A constant-time way to compute the equality of
+two machine integers.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">eq_mask</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">v</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">pow2</span> <span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+                       <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> &lt;&gt; <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">v</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">logxor</span> <span class="pl-en">a</span> <span class="pl-en">b</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">minus_x</span> <span class="pl-c1">=</span> <span class="pl-en">minus</span> <span class="pl-en">x</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">x_or_minus_x</span> <span class="pl-c1">=</span> <span class="pl-en">logor</span> <span class="pl-en">x</span> <span class="pl-en">minus_x</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">xnx</span> <span class="pl-c1">=</span> <span class="pl-en">shift_right</span> <span class="pl-en">x_or_minus_x</span> <span class="pl-en">n_minus_one</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">sub_mod</span> <span class="pl-en">xnx</span> <span class="pl-c1">(</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+    <span class="pl-k">if</span> <span class="pl-en">a</span> <span class="pl-c1">=</span> <span class="pl-en">b</span> <span class="pl-k">then</span>
+    <span class="pl-k">begin</span>
+      <span class="pl-en">logxor_self</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">);</span>
+      <span class="pl-en">lognot_lemma_1</span> <span class="pl-c1">#</span><span class="pl-en">n</span><span class="pl-c1">;</span>
+      <span class="pl-en">logor_lemma_1</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">);</span>
+      <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-c1">/\</span> <span class="pl-en">v</span> <span class="pl-en">minus_x</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-c1">/\</span>
+              <span class="pl-en">v</span> <span class="pl-en">x_or_minus_x</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span> <span class="pl-c1">/\</span> <span class="pl-en">v</span> <span class="pl-en">xnx</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">);</span>
+      <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">ones</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+    <span class="pl-k">end</span>
+    <span class="pl-k">else</span>
+    <span class="pl-k">begin</span>
+      <span class="pl-en">logxor_neq_nonzero</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">);</span>
+      <span class="pl-en">lemma_msb_pow2</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">lognot</span> <span class="pl-en">x</span><span class="pl-c1">));</span>
+      <span class="pl-en">lemma_msb_pow2</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">minus_x</span><span class="pl-c1">);</span>
+      <span class="pl-en">lemma_minus_zero</span> <span class="pl-c1">#</span><span class="pl-en">n</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">);</span>
+      <span class="pl-k">assert</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-smi">FStar.UInt.</span><span class="pl-en">zero</span> <span class="pl-en">n</span><span class="pl-c1">)</span>
+    <span class="pl-k">end</span><span class="pl-c1">;</span>
+    <span class="pl-en">c</span></pre></div>
+<p>With inspiration from <a href="https://git.zx2c4.com/WireGuard/commit/src/crypto/curve25519-hacl64.h?id=2e60bb395c1f589a398ec606d611132ef9ef764b" rel="nofollow">https://git.zx2c4.com/WireGuard/commit/src/crypto/curve25519-hacl64.h?id=2e60bb395c1f589a398ec606d611132ef9ef764b</a></p>
+<p>Note, the branching on <code>a=b</code> is just for proof-purposes.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">val</span> <span class="pl-en">lemma_sub_msbs</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span>
+    <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">((</span><span class="pl-en">msb</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">msb</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">b</span><span class="pl-c1">))</span> <span class="pl-c1">==&gt;</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> &lt; <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">&lt;==&gt;</span> <span class="pl-en">msb</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">sub_mod</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">))))</span></pre></div>
+<h4>
+<a id="user-content-gte_mask" class="anchor" href="#gte_mask" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>gte_mask</h4>
+<p>A constant-time way to compute the <code>&gt;=</code> inequality of
+two machine integers.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">gte_mask</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">b</span><span class="pl-c1">:</span><span class="pl-en">t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Pure</span> <span class="pl-en">t</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">True</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">c</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> &gt;<span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">v</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">pow2</span> <span class="pl-en">n</span> <span class="pl-c1">-</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-c1">/\</span>
+                       <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">a</span> &lt; <span class="pl-en">v</span> <span class="pl-en">b</span> <span class="pl-c1">==&gt;</span> <span class="pl-en">v</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-c1">0</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">a</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">b</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">x_xor_y</span> <span class="pl-c1">=</span> <span class="pl-en">logxor</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">x_sub_y</span> <span class="pl-c1">=</span> <span class="pl-en">sub_mod</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">x_sub_y_xor_y</span> <span class="pl-c1">=</span> <span class="pl-en">logxor</span> <span class="pl-en">x_sub_y</span> <span class="pl-en">y</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">q</span> <span class="pl-c1">=</span> <span class="pl-en">logor</span> <span class="pl-en">x_xor_y</span> <span class="pl-en">x_sub_y_xor_y</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">x_xor_q</span> <span class="pl-c1">=</span> <span class="pl-en">logxor</span> <span class="pl-en">x</span> <span class="pl-en">q</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">x_xor_q_</span> <span class="pl-c1">=</span> <span class="pl-en">shift_right</span> <span class="pl-en">x_xor_q</span> <span class="pl-en">n_minus_one</span> <span class="pl-k">in</span>
+    <span class="pl-k">let</span> <span class="pl-en">c</span> <span class="pl-c1">=</span> <span class="pl-en">sub_mod</span> <span class="pl-en">x_xor_q_</span> <span class="pl-c1">(</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">1</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+    <span class="pl-en">lemma_sub_msbs</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">;</span>
+    <span class="pl-en">lemma_msb_gte</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">y</span><span class="pl-c1">);</span>
+    <span class="pl-en">lemma_msb_gte</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">x</span><span class="pl-c1">);</span>
+    <span class="pl-en">c</span>
+<span class="pl-c1">#</span><span class="pl-en">reset</span><span class="pl-c1">-</span><span class="pl-en">options</span></pre></div>
+<p>With inspiration from <a href="https://git.zx2c4.com/WireGuard/commit/src/crypto/curve25519-hacl64.h?id=0a483a9b431d87eca1b275463c632f8d5551978a" rel="nofollow">https://git.zx2c4.com/WireGuard/commit/src/crypto/curve25519-hacl64.h?id=0a483a9b431d87eca1b275463c632f8d5551978a</a></p>
+<h3>
+<a id="user-content-infix-notations" class="anchor" href="#infix-notations" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Infix notations</h3>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Plus_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">add</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Plus_Question_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">add_underspec</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Plus_Percent_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">add_mod</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Subtraction_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">sub</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Subtraction_Question_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">sub_underspec</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Subtraction_Percent_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">sub_mod</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Star_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">mul</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Star_Question_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">mul_underspec</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Star_Percent_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">mul_mod</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Slash_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">div</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Percent_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">rem</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Hat_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">logxor</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Amp_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">logand</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Bar_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">logor</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Less_Less_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">shift_left</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Greater_Greater_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">shift_right</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Equals_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">eq</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Greater_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">gt</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Greater_Equals_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">gte</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Less_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">lt</span>
+<span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_Less_Equals_Hat</span> <span class="pl-c1">=</span> <span class="pl-en">lte</span></pre></div>
+<h2>
+<a id="user-content-to-input--output-constants" class="anchor" href="#to-input--output-constants" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>To input / output constants</h2>
+<h4>
+<a id="user-content-to_string" class="anchor" href="#to_string" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>to_string</h4>
+<p>In decimal representation</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">to_string</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">string</span></pre></div>
+<h4>
+<a id="user-content-to_string_hex" class="anchor" href="#to_string_hex" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>to_string_hex</h4>
+<p>In hex representation (with leading 0x)</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">to_string_hex</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">string</span></pre></div>
+<h4>
+<a id="user-content-to_string_hex_pad" class="anchor" href="#to_string_hex_pad" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>to_string_hex_pad</h4>
+<p>In fixed-width hex representation (left-padded with zeroes, no leading 0x)</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">to_string_hex_pad</span><span class="pl-c1">:</span> <span class="pl-en">t</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">string</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">of_string</span><span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">t</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">#set-options</span> "<span class="pl-s">--lax</span>"</pre></div>
+<p>This private primitive is used internally by the
+compiler to translate bounded integer constants
+with a desugaring-time check of the size of the number,
+rather than an expensive verification check.
+Since it is marked private, client programs cannot call it directly
+Since it is marked unfold, it eagerly reduces,
+eliminating the verification overhead of the wrapper</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">private</span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">__uint_to_t</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:int)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">t</span>
+    <span class="pl-c1">=</span> <span class="pl-en">uint_to_t</span> <span class="pl-en">x</span>
+<span class="pl-c1">#</span><span class="pl-en">reset</span><span class="pl-c1">-</span><span class="pl-en">options</span>
+<span class="pl-k">unfold</span> <span class="pl-k">inline_for_extraction</span> <span class="pl-k">type</span> <span class="pl-en">byte</span> <span class="pl-c1">=</span> <span class="pl-en">t</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Udp.html b/docs/FStar.Udp.html
index b1cc384..9748df5 100644
--- a/docs/FStar.Udp.html
+++ b/docs/FStar.Udp.html
@@ -1,16 +1,40 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Udp</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.udp">module FStar.Udp</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarudp" class="anchor" href="#fstarudp" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Udp</h1>
+<ul>
+<li>Opens module <a href="FStar.Bytes.html">FStar.Bytes</a>
+</li>
+<li>Opens module <a href="FStar.Error.html">FStar.Error</a>
+</li>
+</ul>
+<p>Type declarations</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">new</span> <span class="pl-k">val</span> <span class="pl-en">socket</span><span class="pl-c1">:</span> <span class="pl-c1">eqtype</span>
+<span class="pl-k">new</span> <span class="pl-k">val</span> <span class="pl-en">sock_in_channel</span><span class="pl-c1">:</span> <span class="pl-c1">Type0</span>
+<span class="pl-k">new</span> <span class="pl-k">val</span> <span class="pl-en">sock_out_channel</span><span class="pl-c1">:</span> <span class="pl-c1">Type0</span>
+<span class="pl-k">new</span> <span class="pl-k">val</span> <span class="pl-en">udpListener</span><span class="pl-c1">:</span> <span class="pl-c1">Type0</span></pre></div>
+<p>Server side</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">listen</span><span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">EXT</span> <span class="pl-en">udpListener</span>
+<span class="pl-k">val</span> <span class="pl-en">accept</span><span class="pl-c1">:</span> <span class="pl-en">udpListener</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">EXT</span> <span class="pl-en">socket</span>
+<span class="pl-k">val</span> <span class="pl-en">stop</span><span class="pl-c1">:</span> <span class="pl-en">udpListener</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">EXT</span> <span class="pl-c1">unit</span></pre></div>
+<p>Client side</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">connect</span><span class="pl-c1">:</span> <span class="pl-c1">string</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">EXT</span> <span class="pl-en">socket</span></pre></div>
+<p>Input/Output</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">recv</span><span class="pl-c1">:</span> <span class="pl-en">socket</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">nat</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">EXT</span> <span class="pl-c1">(</span><span class="pl-en">optResult</span> <span class="pl-c1">string</span> <span class="pl-en">bytes</span><span class="pl-c1">)</span>
+<span class="pl-k">val</span> <span class="pl-en">send</span><span class="pl-c1">:</span> <span class="pl-en">socket</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">bytes</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">EXT</span> <span class="pl-c1">(</span><span class="pl-en">optResult</span> <span class="pl-c1">string</span> <span class="pl-c1">unit)</span>
+<span class="pl-k">val</span> <span class="pl-en">close</span><span class="pl-c1">:</span> <span class="pl-en">socket</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">EXT</span> <span class="pl-c1">unit</span></pre></div>
+<p>Helper functions</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">socket_split</span><span class="pl-c1">:</span> <span class="pl-en">socket</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">EXT</span> <span class="pl-c1">(</span><span class="pl-en">sock_in_channel</span> * <span class="pl-en">sock_out_channel</span><span class="pl-c1">)</span>
+<span class="pl-k">val</span> <span class="pl-en">flush</span><span class="pl-c1">:</span> <span class="pl-en">sock_out_channel</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">EXT</span> <span class="pl-c1">unit</span></pre></div>
+<p>Unimplemented</p>
+<p>assume val connectTimeout: nat -&gt; string -&gt; nat -&gt; EXT socket
+assume val acceptTimeout: nat -&gt; tcpListener -&gt; EXT socket</p>
+
 </body>
 </html>
diff --git a/docs/FStar.Universe.html b/docs/FStar.Universe.html
index 1f6a6e7..72a7385 100644
--- a/docs/FStar.Universe.html
+++ b/docs/FStar.Universe.html
@@ -1,63 +1,47 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Universe</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.universe">module FStar.Universe</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"> This <span class="ot">module</span> implements some basic facilities <span class="kw">to</span> raise the universe <span class="kw">of</span> a <span class="kw">type</span> *
-  * The <span class="kw">type</span> [raise_t a] is supposed <span class="kw">to</span> be isomorphic <span class="kw">to</span> [a] but <span class="kw">in</span> a higher     *
-  * universe. The two functions [raise_val] <span class="kw">and</span> [dowgrade_val] allow <span class="kw">to</span> coerce   *
-  * from [a] <span class="kw">to</span> [raise_t a] <span class="kw">and</span> back.                                            *</code></pre></div>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> raise_t:Unidentified product: [(Type a)] (Type max a b)</code></pre></div>
-<p>[raise_t a] is an isomorphic copy of [a] (living in universe 'ua) in universe [max 'ua 'ub] *</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> raise_val:Unidentified product: [#a:(Type a)] Unidentified product: [x:a] raise_t a b a</code></pre></div>
-<p>[raise_val x] injects a value [x] of type [a] to [raise_t a] *</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp"><span class="kw">val</span> downgrade_val:Unidentified product: [#a:(Type a)] Unidentified product: [x:raise_t a b a] a</code></pre></div>
-<p>[downgrade_val x] projects a value [x] of type [raise_t a] to [a] *</p>
+<h1>
+<a id="user-content-fstaruniverse" class="anchor" href="#fstaruniverse" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Universe</h1>
+<p>This module implements some basic facilities to raise the universe of a type *</p>
+<ul>
+<li>The type <code>raise_t a</code> is supposed to be isomorphic to <code>a</code> but in a higher     *</li>
+<li>universe. The two functions <a href="#raise_val"><code>raise_val</code></a> and <code>dowgrade_val</code> allow to coerce   *</li>
+<li>from <code>a</code> to <code>raise_t a</code> and back.                                            *</li>
+</ul>
+<h4>
+<a id="user-content-raise_t" class="anchor" href="#raise_t" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>raise_t</h4>
+<p><code>raise_t a</code> is an isomorphic copy of <code>a</code> (living in universe 'ua) in universe <code>max 'ua 'ub</code> *</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">raise_t</span> <span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#(</span><span class="pl-en">max</span> <span class="pl-en">a</span> <span class="pl-en">b</span><span class="pl-c1">)</span></pre></div>
+<h4>
+<a id="user-content-raise_val" class="anchor" href="#raise_val" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>raise_val</h4>
+<p><code>raise_val x</code> injects a value <code>x</code> of type <code>a</code> to <code>raise_t a</code> *</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">raise_val</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">raise_t</span> <span class="pl-c1">u#</span><span class="pl-en">a</span> <span class="pl-c1">u#</span><span class="pl-en">b</span> <span class="pl-en">a</span></pre></div>
+<h4>
+<a id="user-content-downgrade_val" class="anchor" href="#downgrade_val" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>downgrade_val</h4>
+<p><code>downgrade_val x</code> projects a value <code>x</code> of type <code>raise_t a</code> to <code>a</code> *</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">downgrade_val</span> <span class="pl-c1">:</span> <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">raise_t</span> <span class="pl-c1">u#</span><span class="pl-en">a</span> <span class="pl-c1">u#</span><span class="pl-en">b</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">a</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">downgrade_val_raise_val</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">downgrade_val</span> <span class="pl-c1">u#</span><span class="pl-en">a</span> <span class="pl-c1">u#</span><span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">raise_val</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">downgrade_val</span> <span class="pl-c1">u#</span><span class="pl-en">a</span> <span class="pl-c1">u#</span><span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">raise_val</span> <span class="pl-en">x</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">raise_val_downgrade_val</span>
+  <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span> <span class="pl-en">raise_t</span> <span class="pl-c1">u#</span><span class="pl-en">a</span> <span class="pl-c1">u#</span><span class="pl-en">b</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+<span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+  <span class="pl-c1">(</span><span class="pl-en">raise_val</span> <span class="pl-c1">(</span><span class="pl-en">downgrade_val</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+  <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">raise_val</span> <span class="pl-c1">u#</span><span class="pl-en">a</span> <span class="pl-c1">u#</span><span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">downgrade_val</span> <span class="pl-en">x</span><span class="pl-c1">))]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lift_dom</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">q</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">raise_t</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span> <span class="pl-c1">=</span>
+  <span class="pl-k">fun</span> <span class="pl-en">v</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">q</span> <span class="pl-c1">(</span><span class="pl-en">downgrade_val</span> <span class="pl-en">v</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">lift_codom</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span> <span class="pl-c1">(</span><span class="pl-en">q</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">raise_t</span> <span class="pl-en">b</span> <span class="pl-c1">=</span>
+  <span class="pl-k">fun</span> <span class="pl-en">v</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">raise_val</span> <span class="pl-c1">(</span><span class="pl-en">q</span> <span class="pl-en">v</span><span class="pl-c1">)</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Util.html b/docs/FStar.Util.html
index afb5196..35c418c 100644
--- a/docs/FStar.Util.html
+++ b/docs/FStar.Util.html
@@ -1,16 +1,26 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Util</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.util">module FStar.Util</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarutil" class="anchor" href="#fstarutil" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Util</h1>
+<ul>
+<li>Opens module <a href="FStar.Heap.html">FStar.Heap</a>
+</li>
+<li>Opens module <a href="FStar.HyperStack.html">FStar.HyperStack</a>
+</li>
+</ul>
+<p>2016-11-22: the following MUST be defined here AFTER the above <code>open', since they are used in </code>op_At_Plus_At` below</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">op_Plus_Plus</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-smi">TSet.</span><span class="pl-en">union</span> <span class="pl-en">x</span> <span class="pl-en">y</span>
+<span class="pl-k">let</span> <span class="pl-en">op_Plus_Plus_Hat</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-en">x</span> <span class="pl-c1">++</span> <span class="pl-c1">(</span><span class="pl-smi">TSet.</span><span class="pl-en">singleton</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+<span class="pl-k">let</span> <span class="pl-en">op_Hat_Plus_Hat</span>  <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-smi">TSet.</span><span class="pl-en">singleton</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">++</span> <span class="pl-c1">(</span><span class="pl-smi">TSet.</span><span class="pl-en">singleton</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">op_At_Plus_At</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">reference</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">reference</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+   <span class="pl-smi">Set.</span><span class="pl-en">union</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">singleton</span> <span class="pl-c1">(</span><span class="pl-en">as_addr</span> <span class="pl-en">x</span><span class="pl-c1">))</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">singleton</span> <span class="pl-c1">(</span><span class="pl-en">as_addr</span> <span class="pl-en">y</span><span class="pl-c1">))</span>
+<span class="pl-k">let</span> <span class="pl-en">op_Plus_Plus_At</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-smi">Set.</span><span class="pl-en">set</span> <span class="pl-c1">nat)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">reference</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-smi">Set.</span><span class="pl-en">union</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-smi">Set.</span><span class="pl-en">singleton</span> <span class="pl-c1">(</span><span class="pl-en">as_addr</span> <span class="pl-en">y</span><span class="pl-c1">))</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.VConfig.html b/docs/FStar.VConfig.html
new file mode 100644
index 0000000..e9b7d30
--- /dev/null
+++ b/docs/FStar.VConfig.html
@@ -0,0 +1,48 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+  <title>FStar.VConfig</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
+</head>
+<body>
+<h1>
+<a id="user-content-fstarvconfig" class="anchor" href="#fstarvconfig" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.VConfig</h1>
+<h4>
+<a id="user-content-vconfig" class="anchor" href="#vconfig" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>vconfig</h4>
+<p>This type represents the set of verification-relevant options used
+to check a particular definition. It can be read from tactics via
+sigelt_opts and set via the check_with attribute.</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">vconfig</span> <span class="pl-c1">=</span> <span class="pl-c1">{</span>
+  <span class="pl-en">initial_fuel</span>                              <span class="pl-c1">:</span> <span class="pl-c1">int;</span>
+  <span class="pl-en">max_fuel</span>                                  <span class="pl-c1">:</span> <span class="pl-c1">int;</span>
+  <span class="pl-en">initial_ifuel</span>                             <span class="pl-c1">:</span> <span class="pl-c1">int;</span>
+  <span class="pl-en">max_ifuel</span>                                 <span class="pl-c1">:</span> <span class="pl-c1">int;</span>
+  <span class="pl-en">detail_errors</span>                             <span class="pl-c1">:</span> <span class="pl-c1">bool;</span>
+  <span class="pl-en">detail_hint_replay</span>                        <span class="pl-c1">:</span> <span class="pl-c1">bool;</span>
+  <span class="pl-en">no_smt</span>                                    <span class="pl-c1">:</span> <span class="pl-c1">bool;</span>
+  <span class="pl-en">quake_lo</span>                                  <span class="pl-c1">:</span> <span class="pl-c1">int;</span>
+  <span class="pl-en">quake_hi</span>                                  <span class="pl-c1">:</span> <span class="pl-c1">int;</span>
+  <span class="pl-en">quake_keep</span>                                <span class="pl-c1">:</span> <span class="pl-c1">bool;</span>
+  <span class="pl-en">retry</span>                                     <span class="pl-c1">:</span> <span class="pl-c1">bool;</span>
+  <span class="pl-en">smtencoding_elim_box</span>                      <span class="pl-c1">:</span> <span class="pl-c1">bool;</span>
+  <span class="pl-en">smtencoding_nl_arith_repr</span>                 <span class="pl-c1">:</span> <span class="pl-c1">string;</span>
+  <span class="pl-en">smtencoding_l_arith_repr</span>                  <span class="pl-c1">:</span> <span class="pl-c1">string;</span>
+  <span class="pl-en">smtencoding_valid_intro</span>                   <span class="pl-c1">:</span> <span class="pl-c1">bool;</span>
+  <span class="pl-en">smtencoding_valid_elim</span>                    <span class="pl-c1">:</span> <span class="pl-c1">bool;</span>
+  <span class="pl-en">tcnorm</span>                                    <span class="pl-c1">:</span> <span class="pl-c1">bool;</span>
+  <span class="pl-en">no_plugins</span>                                <span class="pl-c1">:</span> <span class="pl-c1">bool;</span>
+  <span class="pl-en">no_tactics</span>                                <span class="pl-c1">:</span> <span class="pl-c1">bool;</span>
+  <span class="pl-en">vcgen_optimize_bind_as_seq</span>                <span class="pl-c1">:</span> <span class="pl-en">option</span> <span class="pl-c1">string;</span>
+  <span class="pl-en">z3cliopt</span>                                  <span class="pl-c1">:</span> <span class="pl-en">list</span> <span class="pl-c1">string;</span>
+  <span class="pl-en">z3refresh</span>                                 <span class="pl-c1">:</span> <span class="pl-c1">bool;</span>
+  <span class="pl-en">z3rlimit</span>                                  <span class="pl-c1">:</span> <span class="pl-c1">int;</span>
+  <span class="pl-en">z3rlimit_factor</span>                           <span class="pl-c1">:</span> <span class="pl-c1">int;</span>
+  <span class="pl-en">z3seed</span>                                    <span class="pl-c1">:</span> <span class="pl-c1">int;</span>
+  <span class="pl-en">trivial_pre_for_unannotated_effectful_fns</span> <span class="pl-c1">:</span> <span class="pl-c1">bool;</span>
+  <span class="pl-en">reuse_hint_for</span>                            <span class="pl-c1">:</span> <span class="pl-en">option</span> <span class="pl-c1">string;</span>
+<span class="pl-c1">}</span></pre></div>
+<p>This type, and the whole module, mirror FStar.VConfig in F* sources.</p>
+
+</body>
+</html>
diff --git a/docs/FStar.Vector.Base.html b/docs/FStar.Vector.Base.html
index 126b5d4..98ca9bb 100644
--- a/docs/FStar.Vector.Base.html
+++ b/docs/FStar.Vector.Base.html
@@ -1,57 +1,368 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <style type="text/css">
-div.sourceCode { overflow-x: auto; }
-table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
-  margin: 0; padding: 0; vertical-align: baseline; border: none; }
-table.sourceCode { width: 100%; line-height: 100%; }
-td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
-td.sourceCode { padding-left: 5px; }
-code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
-code > span.dt { color: #902000; } /* DataType */
-code > span.dv { color: #40a070; } /* DecVal */
-code > span.bn { color: #40a070; } /* BaseN */
-code > span.fl { color: #40a070; } /* Float */
-code > span.ch { color: #4070a0; } /* Char */
-code > span.st { color: #4070a0; } /* String */
-code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
-code > span.ot { color: #007020; } /* Other */
-code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
-code > span.fu { color: #06287e; } /* Function */
-code > span.er { color: #ff0000; font-weight: bold; } /* Error */
-code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
-code > span.cn { color: #880000; } /* Constant */
-code > span.sc { color: #4070a0; } /* SpecialChar */
-code > span.vs { color: #4070a0; } /* VerbatimString */
-code > span.ss { color: #bb6688; } /* SpecialString */
-code > span.im { } /* Import */
-code > span.va { color: #19177c; } /* Variable */
-code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
-code > span.op { color: #666666; } /* Operator */
-code > span.bu { } /* BuiltIn */
-code > span.ex { } /* Extension */
-code > span.pp { color: #bc7a00; } /* Preprocessor */
-code > span.at { color: #7d9029; } /* Attribute */
-code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
-code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
-code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
-code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
-  </style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Vector.Base</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.vector.base">module FStar.Vector.Base</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
-<div class="sourceCode"><pre class="sourceCode fsharp"><code class="sourceCode fsharp">
-    Abstractly, a `vec a l` is just a sequence whose length is `U32.v l`.
-    `reveal` and `hide` build an isomorphism establishing this
-*</code></pre></div>
+<p>A library for vectors, i.e., immutable arrays, whose length is
+representable by a machine integer, FStar.UInt32.t.</p>
+<p>This is closely related to FStar.Seq, with the following main
+differences:</p>
+<p>The type <code>raw a l</code>: A raw vector</p>
+<ol>
+<li>
+<p>Raw vectors receive special treatment during extraction,
+especially by KreMLin, which extracts a vector to a raw C
+pointer. When extracing to OCaml, a <code>raw a l</code> is a
+<code>Batteries.Vect t a</code></p>
+</li>
+<li>
+<p>The length of a vector is representable in a U32.t</p>
+</li>
+<li>
+<p>The interface is designed around a length-indexed type: this
+enables the compilation to raw pointers, since this ensures
+that all functions that manipulate vectors always have a U32
+variable describing that vector's length in scope.</p>
+<p>A length-indexed interface is also suitable for clients for whom
+proving properties about the length is a primary concern: the
+signatures in this interface carry intrinsic proofs about length
+properties, simplifying proof obligations in client code.</p>
+</li>
+<li>
+<p>Raw vectors lack decidable equality (since that cannot be
+implemented given the representation choice in KreMLin)</p>
+</li>
+</ol>
+<p>The type <code>t a</code>: A dynamically sized vector</p>
+<ol>
+<li>
+<p>Conceptually, a <code>t a</code> is a pair of a <code>len:U32.t</code> and a <code>raw a len</code>. They are implemented as such by KreMLin. When extracting
+to OCaml, <code>t a</code> is identical to <code>raw a _</code>, i.e., it is still
+extracted to a <code>Batteries.Vect.t a</code></p>
+</li>
+<li>
+<p>Unlike raw vectors, <code>t a</code> supports decidable equality when it
+is supported by <code>a</code>. This is the main reason <code>t a</code> is provided
+at an abstract type, rather than being exposed as a pair of a
+U32 and a raw vector, since the latter does not support
+decidable equality.</p>
+</li>
+</ol>
+<p>@summary Immutable vectors whose length is less than  <code>pow2 32</code></p>
+<h1>
+<a id="user-content-fstarvectorbase" class="anchor" href="#fstarvectorbase" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Vector.Base</h1>
+<ul>
+<li>Aliases module <a href="FStar.UInt32.html"> FStar.UInt32</a> as <code>U32 </code>
+</li>
+<li>Aliases module <a href="FStar.Seq.html"> FStar.Seq</a> as <code>S </code>
+</li>
+</ul>
+<p>//////////////////////////////////////////////////////////////////////////////</p>
+<blockquote>
+<p>The basic model of raw vectors as u32-length sequences</p>
+</blockquote>
+<p>//////////////////////////////////////////////////////////////////////////////</p>
+<blockquote>
+<p>The length of a vector fits in 32 bits</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">len_t</span> <span class="pl-c1">=</span> <span class="pl-smi">U32.</span><span class="pl-en">t</span></pre></div>
+<blockquote>
+<p>A raw vector.</p>
+<ul>
+<li>
+<code>vector a n</code> is extracted to an <code>a*</code> in C by KreMLin</li>
+<li>Does not support decidable equality</li>
+</ul>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">raw</span><span class="pl-c1">:</span>
+    <span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">len_t</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span></pre></div>
+<blockquote>
+<p>A convenience to use <code>nat</code> for the length of vector in specs and proofs</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">raw_length</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">len_t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">GTot</span> <span class="pl-c1">nat</span> <span class="pl-c1">=</span> <span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">l</span></pre></div>
+<pre><code>Abstractly, a `vec a l` is just a sequence whose length is `U32.v l`.
+`reveal` and `hide` build an isomorphism establishing this
+</code></pre>
+<ul>
+<li>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">reveal</span><span class="pl-c1">:</span>
+    <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">len_t</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-en">l</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">S.</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s</span> <span class="pl-c1">=</span> <span class="pl-en">raw_length</span> <span class="pl-en">v</span><span class="pl-c1">})</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">hide</span><span class="pl-c1">:</span>
+    <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">S.</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s</span> &lt; <span class="pl-en">pow2</span> <span class="pl-c1">32</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">GTot</span> <span class="pl-c1">(</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">uint_to_t</span> <span class="pl-c1">(</span><span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s</span><span class="pl-c1">)))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">hide_reveal</span><span class="pl-c1">:</span>
+    <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">len_t</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-en">l</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">hide</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">v</span><span class="pl-c1">))</span>
+          <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">v</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">reveal_hide</span><span class="pl-c1">:</span>
+    <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">s</span><span class="pl-c1">:</span><span class="pl-smi">S.</span><span class="pl-en">seq</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-smi">S.</span><span class="pl-en">length</span> <span class="pl-en">s</span> &lt; <span class="pl-en">pow2</span> <span class="pl-c1">32</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-c1">(</span><span class="pl-en">hide</span> <span class="pl-en">s</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">s</span><span class="pl-c1">))</span>
+          <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">hide</span> <span class="pl-en">s</span><span class="pl-c1">)]</span></pre></div>
+<blockquote>
+<p>Extensional equality for vectors</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">equal</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">len_t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v1</span><span class="pl-c1">:</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v2</span><span class="pl-c1">:</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-smi">Seq.</span><span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">v1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">v2</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<p>Extensional equality can be used to prove syntactic equality</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">extensionality</span><span class="pl-c1">:</span>
+    <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">len_t</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">v1</span><span class="pl-c1">:</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-en">l</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">v2</span><span class="pl-c1">:</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-en">l</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-en">equal</span> <span class="pl-en">v1</span> <span class="pl-en">v2</span><span class="pl-c1">))</span>
+          <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">v1</span> <span class="pl-c1">==</span> <span class="pl-en">v2</span><span class="pl-c1">))</span></pre></div>
+<p>//////////////////////////////////////////////////////////////////////////////</p>
+<blockquote>
+<p>end of the basic model</p>
+</blockquote>
+<p>//////////////////////////////////////////////////////////////////////////////</p>
+<p>//////////////////////////////////////////////////////////////////////////////</p>
+<blockquote>
+<p>A small set of basic operations on raw vectors, corresponding to the operations
+on sequences. Other operations can be derived from these, as we do for seq.
+-- init, index, update, append, slice</p>
+</blockquote>
+<p>//////////////////////////////////////////////////////////////////////////////</p>
+<blockquote>
+<p><code>index_t v</code>: is the type of a within-bounds index of <code>v</code></p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">index_t</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">len_t</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+    <span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">len_t</span><span class="pl-c1">{</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">m</span> &lt; <span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">l</span><span class="pl-c1">}</span></pre></div>
+<blockquote>
+<p><code>init l contents</code>:
+initialize an <code>l</code>-sized vector using <code>contents i</code> for the <code>i</code>th element</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">init</span><span class="pl-c1">:</span>
+    <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">len_t</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">contents</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">{</span> <span class="pl-en">i</span> &lt; <span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">l</span> <span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-en">l</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<p><code>index v i</code>: get the <code>i</code>th element of <code>v</code></p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">index</span><span class="pl-c1">:</span>
+    <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">len_t</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-en">l</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">index_t</span> <span class="pl-en">v</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span></pre></div>
+<blockquote>
+<p><code>v.</code>i`` is shorthand for <code>index v i</code></p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_String_Access</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-en">index</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">l</span></pre></div>
+<blockquote>
+<p><code>update v i x</code>:
+- a new vector that differs from <code>v</code> only at index <code>i</code>, where it contains <code>x</code>.
+- Incurs a full copy in KreMLin
+- In OCaml, the new vector shares as much as possible with <code>v</code></p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">update</span><span class="pl-c1">:</span>
+    <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">len_t</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-en">l</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">index_t</span> <span class="pl-en">v</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-en">l</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<p><code>v.</code>i<code> &lt;- x</code> is shorthand for <code>update v i x</code></p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-en">op_String_Assignment</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">l</span> <span class="pl-c1">=</span> <span class="pl-en">update</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">l</span></pre></div>
+<blockquote>
+<p><code>append v1 v2</code>:
+- requires proving that the sum of the lengths of v1 and v2 still fit in a u32
+- Incurs a full copy in KreMLin
+- Amortized constant time in OCaml</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">append</span><span class="pl-c1">:</span>
+    <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">l1</span><span class="pl-c1">:</span><span class="pl-en">len_t</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">l2</span><span class="pl-c1">:</span><span class="pl-en">len_t</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">v1</span><span class="pl-c1">:</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-en">l1</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">v2</span><span class="pl-c1">:</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-en">l2</span><span class="pl-c1">{</span><span class="pl-smi">UInt.</span><span class="pl-en">size</span> <span class="pl-smi">U32.</span><span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">l1</span> <span class="pl-c1">+</span> <span class="pl-en">v</span> <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-smi">U32.</span><span class="pl-en">n</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-smi">U32.</span><span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-c1">+^</span> <span class="pl-en">l2</span><span class="pl-c1">))</span></pre></div>
+<blockquote>
+<p><code>v1 @| v2</code>: shorthand for <code>append v1 v2</code></p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span> <span class="pl-k">let</span> <span class="pl-c1">(</span>@<span class="pl-c1">|)</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">l1</span> <span class="pl-c1">#</span><span class="pl-en">l2</span> <span class="pl-c1">=</span> <span class="pl-en">append</span> <span class="pl-c1">#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">l1</span> <span class="pl-c1">#</span><span class="pl-en">l2</span></pre></div>
+<blockquote>
+<p><code>sub v i j</code>:
+- the sub-vector of <code>v</code> starting from index <code>i</code> up to, but not including, <code>j</code>
+- Constant time in KreMLin (just an addition on a pointer)
+- Worst-case (log l) time in OCaml</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">sub</span><span class="pl-c1">:</span>
+    <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">len_t</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-en">l</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">len_t</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">j</span><span class="pl-c1">:</span><span class="pl-en">len_t</span><span class="pl-c1">{</span><span class="pl-smi">U32.</span><span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">j</span> <span class="pl-c1">/\</span> <span class="pl-en">v</span> <span class="pl-en">j</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">l</span><span class="pl-c1">)}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-smi">U32.</span><span class="pl-c1">(</span><span class="pl-en">j</span> <span class="pl-c1">-^</span> <span class="pl-en">i</span><span class="pl-c1">))</span></pre></div>
+<p>//////////////////////////////////////////////////////////////////////////////</p>
+<blockquote>
+<p>Lemmas about the basic operations, all rather boring
+-- Each is just a lifting specifying the corresponding operation on seq</p>
+</blockquote>
+<p>//////////////////////////////////////////////////////////////////////////////</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">reveal_init</span><span class="pl-c1">:</span>
+    <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">len_t</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">contents</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:nat</span> <span class="pl-c1">{</span> <span class="pl-en">i</span> &lt; <span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">l</span> <span class="pl-c1">}</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-c1">(</span><span class="pl-en">init</span> <span class="pl-en">l</span> <span class="pl-en">contents</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-smi">Seq.</span><span class="pl-en">init</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">l</span><span class="pl-c1">)</span> <span class="pl-en">contents</span><span class="pl-c1">))</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">init</span> <span class="pl-en">l</span> <span class="pl-en">contents</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">reveal_index</span><span class="pl-c1">:</span>
+    <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">len_t</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-en">l</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">index_t</span> <span class="pl-en">v</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">.[</span><span class="pl-en">i</span><span class="pl-c1">]</span> <span class="pl-c1">==</span> <span class="pl-smi">Seq.</span><span class="pl-en">index</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">i</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">.[</span><span class="pl-en">i</span><span class="pl-c1">])]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">reveal_update</span><span class="pl-c1">:</span>
+    <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">len_t</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-en">l</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">index_t</span> <span class="pl-en">v</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">.[</span><span class="pl-en">i</span><span class="pl-c1">]</span> <span class="pl-c1">&lt;-</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-smi">Seq.</span><span class="pl-en">upd</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">.[</span><span class="pl-en">i</span><span class="pl-c1">]</span> <span class="pl-c1">&lt;-</span> <span class="pl-en">x</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">reveal_append</span><span class="pl-c1">:</span>
+    <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">l1</span><span class="pl-c1">:</span><span class="pl-en">len_t</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">l2</span><span class="pl-c1">:</span><span class="pl-en">len_t</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">v1</span><span class="pl-c1">:</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-en">l1</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">v2</span><span class="pl-c1">:</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-en">l2</span><span class="pl-c1">{</span><span class="pl-smi">UInt.</span><span class="pl-en">size</span> <span class="pl-smi">U32.</span><span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">l1</span> <span class="pl-c1">+</span> <span class="pl-en">v</span> <span class="pl-en">l2</span><span class="pl-c1">)</span> <span class="pl-smi">U32.</span><span class="pl-en">n</span><span class="pl-c1">}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-c1">(</span><span class="pl-en">v1</span> @<span class="pl-c1">|</span> <span class="pl-en">v2</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-smi">Seq.</span><span class="pl-en">append</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">v1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">v2</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">v1</span> @<span class="pl-c1">|</span> <span class="pl-en">v2</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">reveal_sub</span><span class="pl-c1">:</span>
+    <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">len_t</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-en">l</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">len_t</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">j</span><span class="pl-c1">:</span><span class="pl-en">len_t</span><span class="pl-c1">{</span><span class="pl-smi">U32.</span><span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">j</span> <span class="pl-c1">/\</span> <span class="pl-en">v</span> <span class="pl-en">j</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">l</span><span class="pl-c1">)}</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-c1">(</span><span class="pl-en">sub</span> <span class="pl-en">v</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-smi">S.</span><span class="pl-en">slice</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">i</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-en">j</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">sub</span> <span class="pl-en">v</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)]</span></pre></div>
+<p>//////////////////////////////////////////////////////////////////////////////</p>
+<blockquote>
+<p>Now, we have <code>Vector.Base.t</code>, abstractly, a raw vector paired with its u32 length</p>
+</blockquote>
+<p>//////////////////////////////////////////////////////////////////////////////</p>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">t</span><span class="pl-c1">:</span>
+    <span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span></pre></div>
+<blockquote>
+<p>Unlike raw vectors, t-vectors support decidable equality</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">t_has_eq</span><span class="pl-c1">:</span>
+    <span class="pl-en">a</span><span class="pl-c1">:Type</span> <span class="pl-c1">u#</span><span class="pl-en">a</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">hasEq</span> <span class="pl-en">a</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span>  <span class="pl-c1">(</span><span class="pl-k">hasEq</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-en">a</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-k">hasEq</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-en">a</span><span class="pl-c1">))]</span></pre></div>
+<blockquote>
+<p>The length of a t-vector is a dynamically computable u32</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">len</span><span class="pl-c1">:</span>
+    <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">t</span> <span class="pl-en">a</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">len_t</span></pre></div>
+<blockquote>
+<p>A convenience to access the length of a t-vector as a nat</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@<span class="pl-s"><span class="pl-pds">"</span>deprecated: this will be moved to the ghost effect<span class="pl-pds">"</span></span><span class="pl-c1">]</span>
+<span class="pl-k">let</span> <span class="pl-en">length</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">nat</span> <span class="pl-c1">=</span> <span class="pl-smi">U32.</span><span class="pl-en">v</span> <span class="pl-c1">(</span><span class="pl-en">len</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<p>Access the underlying raw vector</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">as_raw</span><span class="pl-c1">:</span>
+    <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">a</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-c1">(</span><span class="pl-en">len</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<p>Promote a raw vector</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">from_raw</span><span class="pl-c1">:</span>
+    <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">len_t</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-en">l</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">len</span> <span class="pl-en">x</span> <span class="pl-c1">=</span> <span class="pl-en">l</span><span class="pl-c1">}</span></pre></div>
+<blockquote>
+<p>as_raw and from_raw are mutual inverses</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">as_raw_from_raw</span><span class="pl-c1">:</span>
+    <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">#</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">len_t</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-en">l</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">as_raw</span> <span class="pl-c1">(</span><span class="pl-en">from_raw</span> <span class="pl-en">v</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">v</span><span class="pl-c1">))</span>
+          <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">from_raw</span> <span class="pl-en">v</span><span class="pl-c1">)]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">from_raw_as_raw</span><span class="pl-c1">:</span>
+    <span class="pl-c1">#</span><span class="pl-en">a</span><span class="pl-c1">:Type</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">a</span>
+  <span class="pl-c1">-&gt;</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">from_raw</span> <span class="pl-c1">(</span><span class="pl-en">as_raw</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+          <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">(</span><span class="pl-en">as_raw</span> <span class="pl-en">x</span><span class="pl-c1">)]</span></pre></div>
+<blockquote>
+<p><code>v.(i)</code> accesses the ith element of v</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">op_Array_Access</span>
+    <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span>
+    <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">index_t</span> <span class="pl-c1">(</span><span class="pl-en">as_raw</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span>
+  <span class="pl-c1">=</span> <span class="pl-c1">(</span><span class="pl-en">as_raw</span> <span class="pl-en">x</span><span class="pl-c1">).[</span><span class="pl-en">i</span><span class="pl-c1">]</span></pre></div>
+<blockquote>
+<p><code>v.(i) &lt;- x</code> is a new t-vector that differs from v only at i</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">op_Array_Assignment</span>
+    <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span>
+    <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">index_t</span> <span class="pl-c1">(</span><span class="pl-en">as_raw</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+    <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-en">from_raw</span> <span class="pl-c1">((</span><span class="pl-en">as_raw</span> <span class="pl-en">x</span><span class="pl-c1">).[</span><span class="pl-en">i</span><span class="pl-c1">]</span> <span class="pl-c1">&lt;-</span> <span class="pl-en">v</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<p><code>v1 @@ v2</code>: appending t-vectors</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-c1">(</span>@@<span class="pl-c1">)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span>
+    <span class="pl-c1">(</span><span class="pl-en">x1</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">x2</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-smi">UInt.</span><span class="pl-en">size</span> <span class="pl-c1">(</span><span class="pl-en">length</span> <span class="pl-en">x1</span> <span class="pl-c1">+</span> <span class="pl-en">length</span> <span class="pl-en">x2</span><span class="pl-c1">)</span> <span class="pl-smi">U32.</span><span class="pl-en">n</span><span class="pl-c1">})</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-en">from_raw</span> <span class="pl-c1">(</span><span class="pl-en">as_raw</span> <span class="pl-en">x1</span> @<span class="pl-c1">|</span> <span class="pl-en">as_raw</span> <span class="pl-en">x2</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<p><code>slice v i j</code>:
+the sub-vector of <code>v</code> starting from index <code>i</code> up to, but not including, <code>j</code></p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">slice</span>
+    <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span>
+    <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">t</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">i</span><span class="pl-c1">:</span><span class="pl-en">len_t</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">j</span><span class="pl-c1">:</span><span class="pl-en">len_t</span><span class="pl-c1">{</span><span class="pl-smi">U32.</span><span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">i</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">v</span> <span class="pl-en">j</span> <span class="pl-c1">/\</span> <span class="pl-en">v</span> <span class="pl-en">j</span> &lt;<span class="pl-c1">=</span> <span class="pl-en">length</span> <span class="pl-en">x</span><span class="pl-c1">)})</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">t</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-en">from_raw</span> <span class="pl-c1">(</span><span class="pl-en">sub</span> <span class="pl-c1">(</span><span class="pl-en">as_raw</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-en">i</span> <span class="pl-en">j</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">val</span> <span class="pl-en">dummy</span> <span class="pl-c1">:</span> <span class="pl-c1">unit</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/FStar.Vector.Properties.html b/docs/FStar.Vector.Properties.html
index e7615ce..278dec8 100644
--- a/docs/FStar.Vector.Properties.html
+++ b/docs/FStar.Vector.Properties.html
@@ -1,16 +1,100 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Vector.Properties</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.vector.properties">module FStar.Vector.Properties</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarvectorproperties" class="anchor" href="#fstarvectorproperties" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Vector.Properties</h1>
+<ul>
+<li>Opens module <a href="FStar.Vector.Base.html">FStar.Vector.Base</a>
+</li>
+<li>Aliases module <a href="FStar.Seq.html"> FStar.Seq</a> as <code>S </code>
+</li>
+<li>Aliases module <a href="FStar.UInt32.html"> FStar.UInt32</a> as <code>U32 </code>
+</li>
+</ul>
+<blockquote>
+<p>This coercion seems to be necessary in some places</p>
+<p>For example,  when trying to treat a    <code>raw a (l1 +^ l2)</code>
+as a <code>raw a (m1 +^ m2)</code>
+F* type inference tries matches on the head symbol of the index
+and tries to prove <code>l1 = m1 /\ l2 = m2</code>
+which is often too strong.
+This coercion is a workaround for in such cases</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">coerce</span>
+    <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">len_t</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-en">l</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">m</span><span class="pl-c1">:</span><span class="pl-en">len_t</span><span class="pl-c1">{</span><span class="pl-en">l</span> <span class="pl-c1">==</span> <span class="pl-en">m</span><span class="pl-c1">})</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-en">m</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-en">v</span></pre></div>
+<blockquote>
+<p>An abbreviation that states that some binary arithmetic
+operation on len_t's respects bouns</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">ok</span>
+    <span class="pl-c1">(</span><span class="pl-en">op</span><span class="pl-c1">:int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">int</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">int)</span>
+    <span class="pl-c1">(</span><span class="pl-en">l1</span><span class="pl-c1">:</span><span class="pl-en">len_t</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">l2</span><span class="pl-c1">:</span><span class="pl-en">len_t</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Type</span>
+  <span class="pl-c1">=</span> <span class="pl-smi">UInt.</span><span class="pl-en">size</span> <span class="pl-smi">U32.</span><span class="pl-c1">(</span><span class="pl-en">op</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">l1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">v</span> <span class="pl-en">l2</span><span class="pl-c1">))</span> <span class="pl-smi">U32.</span><span class="pl-en">n</span></pre></div>
+<blockquote>
+<p>Most lemmas from FStar.Seq.Properties can just be lifted
+to vectors, although the lengths have to be bounds checked</p>
+</blockquote>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">append_inj</span>
+    <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">l1</span><span class="pl-c1">:</span><span class="pl-en">len_t</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">l2</span><span class="pl-c1">:</span><span class="pl-en">len_t</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">m1</span><span class="pl-c1">:</span><span class="pl-en">len_t</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">m2</span><span class="pl-c1">:</span><span class="pl-en">len_t</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">u1</span><span class="pl-c1">:</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-en">l1</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">u2</span><span class="pl-c1">:</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-en">l2</span><span class="pl-c1">{</span><span class="pl-en">ok</span> <span class="pl-c1">(+)</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">})</span>
+    <span class="pl-c1">(</span><span class="pl-en">v1</span><span class="pl-c1">:</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-en">m1</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">v2</span><span class="pl-c1">:</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-en">m2</span><span class="pl-c1">{</span><span class="pl-en">ok</span> <span class="pl-c1">(+)</span> <span class="pl-en">m1</span> <span class="pl-en">m2</span><span class="pl-c1">})</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">requires</span> <span class="pl-c1">(</span><span class="pl-k">let</span> <span class="pl-k">open</span> <span class="pl-smi">U32</span> <span class="pl-k">in</span>
+               <span class="pl-en">m1</span> <span class="pl-c1">+^</span> <span class="pl-en">m2</span> <span class="pl-c1">=</span> <span class="pl-en">l1</span> <span class="pl-c1">+^</span> <span class="pl-en">l2</span> <span class="pl-c1">/\</span>
+               <span class="pl-en">equal</span> <span class="pl-c1">(</span><span class="pl-en">u1</span>@<span class="pl-c1">|</span><span class="pl-en">u2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">coerce</span> <span class="pl-c1">(</span><span class="pl-en">v1</span>@<span class="pl-c1">|</span><span class="pl-en">v2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-c1">+^</span> <span class="pl-en">l2</span><span class="pl-c1">))</span> <span class="pl-c1">/\</span>
+               <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-c1">==</span> <span class="pl-en">m1</span> <span class="pl-c1">\/</span> <span class="pl-en">l2</span> <span class="pl-c1">==</span> <span class="pl-en">m2</span><span class="pl-c1">)))</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">l1</span> <span class="pl-c1">=</span> <span class="pl-en">m1</span> <span class="pl-c1">/\</span>
+              <span class="pl-en">l2</span> <span class="pl-c1">=</span> <span class="pl-en">m2</span> <span class="pl-c1">/\</span>
+              <span class="pl-en">equal</span> <span class="pl-en">u1</span> <span class="pl-en">v1</span> <span class="pl-c1">/\</span>
+              <span class="pl-en">equal</span> <span class="pl-en">u2</span> <span class="pl-en">v2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-smi">FStar.Seq.</span><span class="pl-en">lemma_append_inj</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">u1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">u2</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">v1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">v2</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">head</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">len_t</span><span class="pl-c1">{</span><span class="pl-en">l</span> &lt;&gt; <span class="pl-c1">0ul</span><span class="pl-c1">})</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-en">l</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-en">a</span>
+  <span class="pl-c1">=</span> <span class="pl-en">v</span><span class="pl-c1">.[</span><span class="pl-c1">0ul</span><span class="pl-c1">]</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">tail</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">l</span><span class="pl-c1">:</span><span class="pl-en">len_t</span><span class="pl-c1">{</span><span class="pl-en">l</span> &lt;&gt; <span class="pl-c1">0ul</span><span class="pl-c1">})</span> <span class="pl-c1">(</span><span class="pl-en">v</span><span class="pl-c1">:</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-en">l</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-smi">U32.</span><span class="pl-c1">(</span><span class="pl-en">l</span> <span class="pl-c1">-^</span> <span class="pl-c1">1ul</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-en">sub</span> <span class="pl-en">v</span> <span class="pl-c1">1ul</span> <span class="pl-en">l</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">head_append</span>
+    <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">l1</span><span class="pl-c1">:</span><span class="pl-en">len_t</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">l2</span><span class="pl-c1">:</span><span class="pl-en">len_t</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">v1</span><span class="pl-c1">:</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-en">l1</span><span class="pl-c1">{</span><span class="pl-en">l1</span> &lt;&gt; <span class="pl-c1">0ul</span><span class="pl-c1">})</span>
+    <span class="pl-c1">(</span><span class="pl-en">v2</span><span class="pl-c1">:</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-en">l2</span><span class="pl-c1">{</span><span class="pl-en">ok</span> <span class="pl-c1">(+)</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">})</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">head</span> <span class="pl-c1">(</span><span class="pl-en">v1</span>@<span class="pl-c1">|</span><span class="pl-en">v2</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">head</span> <span class="pl-en">v1</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-c1">()</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">tail_append</span>
+    <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">l1</span><span class="pl-c1">:</span><span class="pl-en">len_t</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(#</span><span class="pl-en">l2</span><span class="pl-c1">:</span><span class="pl-en">len_t</span><span class="pl-c1">)</span>
+    <span class="pl-c1">(</span><span class="pl-en">v1</span><span class="pl-c1">:</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-en">l1</span><span class="pl-c1">{</span><span class="pl-en">l1</span> &lt;&gt; <span class="pl-c1">0ul</span><span class="pl-c1">})</span>
+    <span class="pl-c1">(</span><span class="pl-en">v2</span><span class="pl-c1">:</span><span class="pl-en">raw</span> <span class="pl-en">a</span> <span class="pl-en">l2</span><span class="pl-c1">{</span><span class="pl-en">ok</span> <span class="pl-c1">(+)</span> <span class="pl-en">l1</span> <span class="pl-en">l2</span><span class="pl-c1">})</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span>
+    <span class="pl-c1">(</span><span class="pl-en">ensures</span> <span class="pl-c1">(</span><span class="pl-en">tail</span> <span class="pl-c1">(</span><span class="pl-en">v1</span>@<span class="pl-c1">|</span><span class="pl-en">v2</span><span class="pl-c1">)</span> <span class="pl-c1">==</span> <span class="pl-en">tail</span> <span class="pl-en">v1</span>@<span class="pl-c1">|</span><span class="pl-en">v2</span><span class="pl-c1">))</span>
+  <span class="pl-c1">=</span> <span class="pl-smi">Seq.</span><span class="pl-en">lemma_tail_append</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">v1</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">reveal</span> <span class="pl-en">v2</span><span class="pl-c1">)</span></pre></div>
+<blockquote>
+<p>and so on ...</p>
+</blockquote>
+
 </body>
 </html>
diff --git a/docs/FStar.Vector.html b/docs/FStar.Vector.html
index 864a1c1..5d2a694 100644
--- a/docs/FStar.Vector.html
+++ b/docs/FStar.Vector.html
@@ -1,16 +1,19 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.Vector</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.vector">module FStar.Vector</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<h1>
+<a id="user-content-fstarvector" class="anchor" href="#fstarvector" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.Vector</h1>
+<ul>
+<li>Includes module <a href="FStar.Vector.Base.html">FStar.Vector.Base</a>
+</li>
+<li>Includes module <a href="FStar.Vector.Properties.html">FStar.Vector.Properties</a>
+</li>
+</ul>
+
 </body>
 </html>
diff --git a/docs/FStar.WellFounded.html b/docs/FStar.WellFounded.html
index db95cc3..a8832fe 100644
--- a/docs/FStar.WellFounded.html
+++ b/docs/FStar.WellFounded.html
@@ -1,16 +1,144 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>FStar.WellFounded</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
-<h1 id="module-fstar.wellfounded">module FStar.WellFounded</h1>
-<p>fsdoc: no-summary-found</p>
-<p>fsdoc: no-comment-found</p>
+<p>Copyright 2015 Chantal Keller and Catalin Hritcu, Microsoft Research and Inria</p>
+<p>Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at</p>
+<pre><code>http://www.apache.org/licenses/LICENSE-2.0
+</code></pre>
+<p>Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.</p>
+<p>Defining accessibility predicates and well-founded recursion like in Coq
+<a href="https://coq.inria.fr/library/Coq.Init.Wf.html" rel="nofollow">https://coq.inria.fr/library/Coq.Init.Wf.html</a></p>
+<h1>
+<a id="user-content-fstarwellfounded" class="anchor" href="#fstarwellfounded" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>FStar.WellFounded</h1>
+<ul>
+<li>
+<p>Opens module <a href="FStar.Preorder.html">FStar.Preorder</a></p>
+</li>
+<li>
+<p>The accessibility relation</p>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">noeq</span>
+<span class="pl-k">type</span> <span class="pl-en">acc</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">AccIntro</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span> <span class="pl-en">y</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">acc</span> <span class="pl-en">r</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">acc</span> <span class="pl-en">r</span> <span class="pl-en">x</span></pre></div>
+<ul>
+<li>A relation r is well-founded if every element is accessible</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">well_founded</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span> <span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">acc</span> <span class="pl-en">r</span> <span class="pl-en">x</span></pre></div>
+<ul>
+<li>Accessibility predicates can be used for implementing</li>
+<li>total fix points</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">acc_inv</span> <span class="pl-c1">(#</span><span class="pl-en">aa</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">aa</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">aa</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">acc</span> <span class="pl-en">r</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">e</span><span class="pl-c1">:(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">aa</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span> <span class="pl-en">y</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">acc</span> <span class="pl-en">r</span> <span class="pl-en">y</span><span class="pl-c1">){</span><span class="pl-en">e</span> &lt;&lt; <span class="pl-en">a</span><span class="pl-c1">})</span>
+  <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">a</span> <span class="pl-k">with</span> <span class="pl-c1">|</span> <span class="pl-c1">AccIntro</span> <span class="pl-en">h1</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">h1</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">fix_F</span> <span class="pl-c1">(#</span><span class="pl-en">aa</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">aa</span><span class="pl-c1">)</span> <span class="pl-c1">(#</span><span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">aa</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type))</span>
+              <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">aa</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">aa</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span> <span class="pl-en">y</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+              <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">aa</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:</span><span class="pl-en">acc</span> <span class="pl-en">r</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">y</span> <span class="pl-en">h</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">fix_F</span> <span class="pl-en">f</span> <span class="pl-en">y</span> <span class="pl-c1">(</span><span class="pl-en">acc_inv</span> <span class="pl-en">x</span> <span class="pl-en">a</span> <span class="pl-en">y</span> <span class="pl-en">h</span><span class="pl-c1">))</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">fix</span> <span class="pl-c1">(#</span><span class="pl-en">aa</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">aa</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">rwf</span><span class="pl-c1">:</span><span class="pl-en">well_founded</span> <span class="pl-en">r</span><span class="pl-c1">)</span>
+        <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">aa</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">Type)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">aa</span> <span class="pl-c1">-&gt;</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">aa</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span> <span class="pl-en">y</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">p</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+        <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">aa</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-en">p</span> <span class="pl-en">x</span>
+  <span class="pl-c1">=</span> <span class="pl-en">fix_F</span> <span class="pl-en">f</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">rwf</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<ul>
+<li>An erasable version of the accessibility relation,</li>
+<li>may be well-suited when the relation is in squashed form,</li>
+<li>and when you want to use the internalized support for</li>
+<li>accessibility-based termination proofs in F*</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">[</span>@@ <span class="pl-en">erasable</span><span class="pl-c1">]</span>
+<span class="pl-k">noeq</span>
+<span class="pl-k">type</span> <span class="pl-en">acc_g</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">r</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Type</span> <span class="pl-c1">=</span>
+  <span class="pl-c1">|</span> <span class="pl-c1">AccIntro_g</span> <span class="pl-c1">:</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span> <span class="pl-en">y</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">acc_g</span> <span class="pl-en">r</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">acc_g</span> <span class="pl-en">r</span> <span class="pl-en">x</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">is_well_founded</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+  <span class="pl-k">forall</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">).</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">acc_g</span> <span class="pl-en">rel</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">type</span> <span class="pl-en">well_founded_relation</span> <span class="pl-c1">(</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">=</span> <span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">a</span><span class="pl-c1">{</span><span class="pl-en">is_well_founded</span> <span class="pl-en">rel</span><span class="pl-c1">}</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">#</span><span class="pl-en">push</span><span class="pl-c1">-</span><span class="pl-en">options</span> <span class="pl-s"><span class="pl-pds">"</span>--warn_error -271<span class="pl-pds">"</span></span>
+<span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">as_well_founded</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">rel</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">acc_g</span> <span class="pl-en">rel</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+  <span class="pl-c1">:</span> <span class="pl-en">well_founded_relation</span> <span class="pl-en">a</span>
+  <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-en">aux</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+      <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">acc_g</span> <span class="pl-en">rel</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+              <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">()]</span>
+      <span class="pl-c1">=</span> <span class="pl-smi">FStar.Squash.</span><span class="pl-en">return_squash</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-k">in</span>
+    <span class="pl-en">rel</span>
+<span class="pl-c1">#</span><span class="pl-en">pop</span><span class="pl-c1">-</span><span class="pl-en">options</span></pre></div>
+<ul>
+<li>
+<p>Opens module <a href="FStar.IndefiniteDescription.html">FStar.IndefiniteDescription</a></p>
+</li>
+<li>
+<p>Proofs that subrelation and inverse image commute with well-foundedness</p>
+</li>
+<li>
+</li>
+<li>
+<p>Reference: Constructing Recursion Operators in Type Theory, L. Paulson  JSC (1986) 2, 325-355</p>
+</li>
+</ul>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">subrelation_wf</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">r</span> <span class="pl-c1">#</span><span class="pl-en">sub_r</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">sub_w</span><span class="pl-c1">:(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">sub_r</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">))</span>
+  <span class="pl-c1">(</span><span class="pl-en">r_wf</span><span class="pl-c1">:</span><span class="pl-en">well_founded</span> <span class="pl-en">r</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-en">well_founded</span> <span class="pl-en">sub_r</span>
+  <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">aux</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">acc_r</span><span class="pl-c1">:</span><span class="pl-en">acc</span> <span class="pl-en">r</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">acc</span> <span class="pl-en">sub_r</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">acc_r</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+      <span class="pl-c1">AccIntro</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">y</span> <span class="pl-en">sub_r_y_x</span> <span class="pl-c1">-&gt;</span>
+        <span class="pl-en">aux</span> <span class="pl-en">y</span>
+          <span class="pl-c1">(</span><span class="pl-k">match</span> <span class="pl-en">acc_r</span> <span class="pl-k">with</span>
+           <span class="pl-c1">|</span> <span class="pl-c1">AccIntro</span> <span class="pl-en">f</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span> <span class="pl-en">y</span> <span class="pl-c1">(</span><span class="pl-en">sub_w</span> <span class="pl-en">y</span> <span class="pl-en">x</span> <span class="pl-en">sub_r_y_x</span><span class="pl-c1">)))</span> <span class="pl-k">in</span>
+    <span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">aux</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">r_wf</span> <span class="pl-en">x</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-c1">#</span><span class="pl-en">push</span><span class="pl-c1">-</span><span class="pl-en">options</span> <span class="pl-s"><span class="pl-pds">"</span>--warn_error -271<span class="pl-pds">"</span></span>
+<span class="pl-k">let</span> <span class="pl-en">subrelation_squash_wf</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">r</span> <span class="pl-c1">#</span><span class="pl-en">sub_r</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">sub_w</span><span class="pl-c1">:(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">sub_r</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">r</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">r_wf</span><span class="pl-c1">:</span><span class="pl-en">well_founded</span> <span class="pl-en">r</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-en">is_well_founded</span> <span class="pl-en">sub_r</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-en">aux</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span>
+      <span class="pl-c1">:</span> <span class="pl-c1">Lemma</span> <span class="pl-c1">(</span><span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">acc_g</span> <span class="pl-en">sub_r</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+              <span class="pl-c1">[</span><span class="pl-k">SMTPat</span> <span class="pl-c1">()]</span>
+      <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">acc_y</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">acc_r</span><span class="pl-c1">:</span><span class="pl-en">acc</span> <span class="pl-en">r</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:</span><span class="pl-en">sub_r</span> <span class="pl-en">y</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+          <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">acc_g</span> <span class="pl-en">sub_r</span> <span class="pl-en">y</span><span class="pl-c1">)</span>
+                <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">acc_r</span><span class="pl-c1">)</span>
+          <span class="pl-c1">=</span> <span class="pl-c1">AccIntro_g</span> <span class="pl-c1">(</span><span class="pl-en">acc_y</span> <span class="pl-en">y</span>
+              <span class="pl-c1">(</span><span class="pl-k">match</span> <span class="pl-en">acc_r</span> <span class="pl-k">with</span>
+               <span class="pl-c1">|</span> <span class="pl-c1">AccIntro</span> <span class="pl-en">f</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">f</span> <span class="pl-en">y</span> <span class="pl-c1">(</span><span class="pl-en">elim_squash</span> <span class="pl-c1">(</span><span class="pl-en">sub_w</span> <span class="pl-en">y</span> <span class="pl-en">x</span> <span class="pl-en">p</span><span class="pl-c1">))))</span> <span class="pl-k">in</span>
+        <span class="pl-smi">Squash.</span><span class="pl-en">return_squash</span> <span class="pl-c1">(</span><span class="pl-c1">AccIntro_g</span> <span class="pl-c1">(</span><span class="pl-en">acc_y</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">r_wf</span> <span class="pl-en">x</span><span class="pl-c1">)))</span>
+    <span class="pl-k">in</span>
+    <span class="pl-c1">()</span>
+<span class="pl-c1">#</span><span class="pl-en">pop</span><span class="pl-c1">-</span><span class="pl-en">options</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">unfold</span>
+<span class="pl-k">let</span> <span class="pl-en">subrelation_as_wf</span> <span class="pl-c1">(#</span><span class="pl-en">a</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">r</span> <span class="pl-c1">#</span><span class="pl-en">sub_r</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">a</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">sub_w</span><span class="pl-c1">:(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">sub_r</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span> <span class="pl-k">squash</span> <span class="pl-c1">(</span><span class="pl-en">r</span> <span class="pl-en">x</span> <span class="pl-en">y</span><span class="pl-c1">)))</span>
+  <span class="pl-c1">(</span><span class="pl-en">r_wf</span><span class="pl-c1">:</span><span class="pl-en">well_founded</span> <span class="pl-en">r</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-en">well_founded_relation</span> <span class="pl-en">a</span>
+  <span class="pl-c1">=</span> <span class="pl-en">subrelation_squash_wf</span> <span class="pl-en">sub_w</span> <span class="pl-en">r_wf</span><span class="pl-c1">;</span>
+    <span class="pl-en">sub_r</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">inverse_image</span> <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(</span><span class="pl-en">r_b</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">)</span> <span class="pl-c1">:</span> <span class="pl-en">relation</span> <span class="pl-en">a</span> <span class="pl-c1">=</span>
+  <span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-en">y</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">r_b</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">y</span><span class="pl-c1">)</span></pre></div>
+<div class="highlight highlight-source-fstar"><pre><span class="pl-k">let</span> <span class="pl-en">inverse_image_wf</span> <span class="pl-c1">(#</span><span class="pl-en">a</span> <span class="pl-c1">#</span><span class="pl-en">b</span><span class="pl-c1">:Type)</span> <span class="pl-c1">(#</span><span class="pl-en">r_b</span><span class="pl-c1">:</span><span class="pl-en">relation</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">f</span><span class="pl-c1">:</span><span class="pl-en">a</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">(</span><span class="pl-en">r_b_wf</span><span class="pl-c1">:</span><span class="pl-en">well_founded</span> <span class="pl-en">r_b</span><span class="pl-c1">)</span>
+  <span class="pl-c1">:</span> <span class="pl-en">well_founded</span> <span class="pl-c1">(</span><span class="pl-en">inverse_image</span> <span class="pl-en">r_b</span> <span class="pl-en">f</span><span class="pl-c1">)</span>
+  <span class="pl-c1">=</span> <span class="pl-k">let</span> <span class="pl-k">rec</span> <span class="pl-en">aux</span> <span class="pl-c1">(</span><span class="pl-en">x</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">acc_r_b</span><span class="pl-c1">:</span><span class="pl-en">acc</span> <span class="pl-en">r_b</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">))</span>
+      <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">acc</span> <span class="pl-c1">(</span><span class="pl-en">inverse_image</span> <span class="pl-en">r_b</span> <span class="pl-en">f</span><span class="pl-c1">)</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+            <span class="pl-c1">(</span><span class="pl-en">decreases</span> <span class="pl-en">acc_r_b</span><span class="pl-c1">)</span> <span class="pl-c1">=</span>
+      <span class="pl-k">let</span> <span class="pl-en">get_acc_r_b_y</span> <span class="pl-c1">(</span><span class="pl-en">y</span><span class="pl-c1">:</span><span class="pl-en">a</span><span class="pl-c1">)</span> <span class="pl-c1">(</span><span class="pl-en">p</span><span class="pl-c1">:(</span><span class="pl-en">inverse_image</span> <span class="pl-en">r_b</span> <span class="pl-en">f</span><span class="pl-c1">)</span> <span class="pl-en">y</span> <span class="pl-en">x</span><span class="pl-c1">)</span>
+        <span class="pl-c1">:</span> <span class="pl-c1">Tot</span> <span class="pl-c1">(</span><span class="pl-en">acc_r_b_y</span><span class="pl-c1">:</span><span class="pl-en">acc</span> <span class="pl-en">r_b</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">y</span><span class="pl-c1">){</span><span class="pl-en">acc_r_b_y</span> &lt;&lt; <span class="pl-en">acc_r_b</span><span class="pl-c1">})</span>
+        <span class="pl-c1">=</span> <span class="pl-k">match</span> <span class="pl-en">acc_r_b</span> <span class="pl-k">with</span>
+          <span class="pl-c1">|</span> <span class="pl-c1">AccIntro</span> <span class="pl-en">g</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">g</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">y</span><span class="pl-c1">)</span> <span class="pl-en">p</span> <span class="pl-k">in</span>
+      <span class="pl-c1">AccIntro</span> <span class="pl-c1">(</span><span class="pl-k">fun</span> <span class="pl-en">y</span> <span class="pl-en">p</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">aux</span> <span class="pl-en">y</span> <span class="pl-c1">(</span><span class="pl-en">get_acc_r_b_y</span> <span class="pl-en">y</span> <span class="pl-en">p</span><span class="pl-c1">))</span> <span class="pl-k">in</span>
+    <span class="pl-k">fun</span> <span class="pl-en">x</span> <span class="pl-c1">-&gt;</span> <span class="pl-en">aux</span> <span class="pl-en">x</span> <span class="pl-c1">(</span><span class="pl-en">r_b_wf</span> <span class="pl-c1">(</span><span class="pl-en">f</span> <span class="pl-en">x</span><span class="pl-c1">))</span></pre></div>
+
 </body>
 </html>
diff --git a/docs/index.html b/docs/index.html
index a95eb18..ebc0d0c 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -1,54 +1,58 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta http-equiv="Content-Style-Type" content="text/css" />
-  <meta name="generator" content="pandoc" />
-  <title></title>
-  <style type="text/css">code{white-space: pre;}</style>
-  <link rel="stylesheet" href="style.ccs" type="text/css" />
+  <title>index</title>
+  <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
 <p><a href="FStar.Algebra.CommMonoid.html">FStar.Algebra.CommMonoid</a></p>
+<p><a href="FStar.Algebra.CommMonoid.Equiv.html">FStar.Algebra.CommMonoid.Equiv</a></p>
 <p><a href="FStar.Algebra.Monoid.html">FStar.Algebra.Monoid</a></p>
 <p><a href="FStar.All.html">FStar.All</a></p>
 <p><a href="FStar.BV.html">FStar.BV</a></p>
+<p><a href="FStar.BaseTypes.html">FStar.BaseTypes</a></p>
 <p><a href="FStar.BigOps.html">FStar.BigOps</a></p>
 <p><a href="FStar.BitVector.html">FStar.BitVector</a></p>
+<p><a href="FStar.Bytes.html">FStar.Bytes</a></p>
 <p><a href="FStar.Calc.html">FStar.Calc</a></p>
+<p><a href="FStar.Char.html">FStar.Char</a></p>
 <p><a href="FStar.Classical.html">FStar.Classical</a></p>
+<p><a href="FStar.Classical.Sugar.html">FStar.Classical.Sugar</a></p>
+<p><a href="FStar.Date.html">FStar.Date</a></p>
 <p><a href="FStar.DependentMap.html">FStar.DependentMap</a></p>
+<p><a href="FStar.Dyn.html">FStar.Dyn</a></p>
 <p><a href="FStar.Endianness.html">FStar.Endianness</a></p>
 <p><a href="FStar.Exn.html">FStar.Exn</a></p>
 <p><a href="FStar.Fin.html">FStar.Fin</a></p>
+<p><a href="FStar.Float.html">FStar.Float</a></p>
 <p><a href="FStar.FunctionalExtensionality.html">FStar.FunctionalExtensionality</a></p>
 <p><a href="FStar.GSet.html">FStar.GSet</a></p>
 <p><a href="FStar.Ghost.html">FStar.Ghost</a></p>
 <p><a href="FStar.Heap.html">FStar.Heap</a></p>
+<p><a href="FStar.HyperStack.html">FStar.HyperStack</a></p>
 <p><a href="FStar.HyperStack.All.html">FStar.HyperStack.All</a></p>
 <p><a href="FStar.HyperStack.ST.html">FStar.HyperStack.ST</a></p>
-<p><a href="FStar.HyperStack.html">FStar.HyperStack</a></p>
 <p><a href="FStar.IFC.html">FStar.IFC</a></p>
 <p><a href="FStar.IO.html">FStar.IO</a></p>
 <p><a href="FStar.IndefiniteDescription.html">FStar.IndefiniteDescription</a></p>
-<p><a href="FStar.Int.Cast.Full.html">FStar.Int.Cast.Full</a></p>
-<p><a href="FStar.Int.Cast.html">FStar.Int.Cast</a></p>
 <p><a href="FStar.Int.html">FStar.Int</a></p>
+<p><a href="FStar.Int.Cast.html">FStar.Int.Cast</a></p>
+<p><a href="FStar.Int.Cast.Full.html">FStar.Int.Cast.Full</a></p>
 <p><a href="FStar.Int128.html">FStar.Int128</a></p>
 <p><a href="FStar.Int16.html">FStar.Int16</a></p>
-<p><a href="FStar.Int31.html">FStar.Int31</a></p>
 <p><a href="FStar.Int32.html">FStar.Int32</a></p>
-<p><a href="FStar.Int63.html">FStar.Int63</a></p>
 <p><a href="FStar.Int64.html">FStar.Int64</a></p>
 <p><a href="FStar.Int8.html">FStar.Int8</a></p>
 <p><a href="FStar.Integers.html">FStar.Integers</a></p>
+<p><a href="FStar.LexicographicOrdering.html">FStar.LexicographicOrdering</a></p>
+<p><a href="FStar.List.html">FStar.List</a></p>
+<p><a href="FStar.List.Pure.html">FStar.List.Pure</a></p>
 <p><a href="FStar.List.Pure.Base.html">FStar.List.Pure.Base</a></p>
 <p><a href="FStar.List.Pure.Properties.html">FStar.List.Pure.Properties</a></p>
-<p><a href="FStar.List.Pure.html">FStar.List.Pure</a></p>
+<p><a href="FStar.List.Tot.html">FStar.List.Tot</a></p>
 <p><a href="FStar.List.Tot.Base.html">FStar.List.Tot.Base</a></p>
 <p><a href="FStar.List.Tot.Properties.html">FStar.List.Tot.Properties</a></p>
-<p><a href="FStar.List.Tot.html">FStar.List.Tot</a></p>
-<p><a href="FStar.List.html">FStar.List</a></p>
 <p><a href="FStar.MRef.html">FStar.MRef</a></p>
 <p><a href="FStar.Map.html">FStar.Map</a></p>
 <p><a href="FStar.MarkovsPrinciple.html">FStar.MarkovsPrinciple</a></p>
@@ -63,111 +67,79 @@
 <p><a href="FStar.Monotonic.HyperHeap.html">FStar.Monotonic.HyperHeap</a></p>
 <p><a href="FStar.Monotonic.HyperStack.html">FStar.Monotonic.HyperStack</a></p>
 <p><a href="FStar.Monotonic.Map.html">FStar.Monotonic.Map</a></p>
+<p><a href="FStar.Monotonic.Pure.html">FStar.Monotonic.Pure</a></p>
 <p><a href="FStar.Monotonic.Seq.html">FStar.Monotonic.Seq</a></p>
 <p><a href="FStar.Monotonic.Witnessed.html">FStar.Monotonic.Witnessed</a></p>
 <p><a href="FStar.Mul.html">FStar.Mul</a></p>
 <p><a href="FStar.Option.html">FStar.Option</a></p>
-<p><a href="FStar.OrdMap.html">FStar.OrdMap</a></p>
-<p><a href="FStar.OrdMapProps.html">FStar.OrdMapProps</a></p>
-<p><a href="FStar.OrdSet.html">FStar.OrdSet</a></p>
 <p><a href="FStar.OrdSetProps.html">FStar.OrdSetProps</a></p>
 <p><a href="FStar.Order.html">FStar.Order</a></p>
-<p><a href="FStar.Pervasives.Native.html">FStar.Pervasives.Native</a></p>
+<p><a href="FStar.PCM.html">FStar.PCM</a></p>
 <p><a href="FStar.Pervasives.html">FStar.Pervasives</a></p>
+<p><a href="FStar.Pervasives.Native.html">FStar.Pervasives.Native</a></p>
 <p><a href="FStar.PredicateExtensionality.html">FStar.PredicateExtensionality</a></p>
 <p><a href="FStar.Preorder.html">FStar.Preorder</a></p>
 <p><a href="FStar.Printf.html">FStar.Printf</a></p>
 <p><a href="FStar.PropositionalExtensionality.html">FStar.PropositionalExtensionality</a></p>
-<p><a href="FStar.Reader.html">FStar.Reader</a></p>
+<p><a href="FStar.Range.html">FStar.Range</a></p>
+<p><a href="FStar.Real.html">FStar.Real</a></p>
 <p><a href="FStar.Ref.html">FStar.Ref</a></p>
+<p><a href="FStar.Reflection.html">FStar.Reflection</a></p>
 <p><a href="FStar.Reflection.Arith.html">FStar.Reflection.Arith</a></p>
-<p><a href="FStar.Reflection.Basic.html">FStar.Reflection.Basic</a></p>
+<p><a href="FStar.Reflection.Builtins.html">FStar.Reflection.Builtins</a></p>
 <p><a href="FStar.Reflection.Const.html">FStar.Reflection.Const</a></p>
-<p><a href="FStar.Reflection.Data.html">FStar.Reflection.Data</a></p>
-<p><a href="FStar.Reflection.Derived.Lemmas.html">FStar.Reflection.Derived.Lemmas</a></p>
 <p><a href="FStar.Reflection.Derived.html">FStar.Reflection.Derived</a></p>
+<p><a href="FStar.Reflection.Derived.Lemmas.html">FStar.Reflection.Derived.Lemmas</a></p>
 <p><a href="FStar.Reflection.Formula.html">FStar.Reflection.Formula</a></p>
-<p><a href="FStar.Reflection.html">FStar.Reflection</a></p>
+<p><a href="FStar.Reflection.Types.html">FStar.Reflection.Types</a></p>
 <p><a href="FStar.ReflexiveTransitiveClosure.html">FStar.ReflexiveTransitiveClosure</a></p>
 <p><a href="FStar.ST.html">FStar.ST</a></p>
+<p><a href="FStar.Seq.html">FStar.Seq</a></p>
 <p><a href="FStar.Seq.Base.html">FStar.Seq.Base</a></p>
+<p><a href="FStar.Seq.Permutation.html">FStar.Seq.Permutation</a></p>
 <p><a href="FStar.Seq.Properties.html">FStar.Seq.Properties</a></p>
 <p><a href="FStar.Seq.Sorted.html">FStar.Seq.Sorted</a></p>
-<p><a href="FStar.Seq.html">FStar.Seq</a></p>
 <p><a href="FStar.Set.html">FStar.Set</a></p>
 <p><a href="FStar.Squash.html">FStar.Squash</a></p>
 <p><a href="FStar.SquashProperties.html">FStar.SquashProperties</a></p>
+<p><a href="FStar.String.html">FStar.String</a></p>
 <p><a href="FStar.StrongExcludedMiddle.html">FStar.StrongExcludedMiddle</a></p>
 <p><a href="FStar.TSet.html">FStar.TSet</a></p>
+<p><a href="FStar.Tactics.html">FStar.Tactics</a></p>
 <p><a href="FStar.Tactics.Arith.html">FStar.Tactics.Arith</a></p>
 <p><a href="FStar.Tactics.BV.html">FStar.Tactics.BV</a></p>
 <p><a href="FStar.Tactics.Builtins.html">FStar.Tactics.Builtins</a></p>
 <p><a href="FStar.Tactics.Canon.html">FStar.Tactics.Canon</a></p>
-<p><a href="FStar.Tactics.CanonCommMonoid.html">FStar.Tactics.CanonCommMonoid</a></p>
-<p><a href="FStar.Tactics.CanonCommMonoidSimple.html">FStar.Tactics.CanonCommMonoidSimple</a></p>
 <p><a href="FStar.Tactics.CanonCommSemiring.html">FStar.Tactics.CanonCommSemiring</a></p>
 <p><a href="FStar.Tactics.CanonCommSwaps.html">FStar.Tactics.CanonCommSwaps</a></p>
 <p><a href="FStar.Tactics.CanonMonoid.html">FStar.Tactics.CanonMonoid</a></p>
+<p><a href="FStar.Tactics.Common.html">FStar.Tactics.Common</a></p>
 <p><a href="FStar.Tactics.Derived.html">FStar.Tactics.Derived</a></p>
 <p><a href="FStar.Tactics.Effect.html">FStar.Tactics.Effect</a></p>
 <p><a href="FStar.Tactics.Logic.html">FStar.Tactics.Logic</a></p>
 <p><a href="FStar.Tactics.PatternMatching.html">FStar.Tactics.PatternMatching</a></p>
+<p><a href="FStar.Tactics.Print.html">FStar.Tactics.Print</a></p>
 <p><a href="FStar.Tactics.Result.html">FStar.Tactics.Result</a></p>
 <p><a href="FStar.Tactics.Simplifier.html">FStar.Tactics.Simplifier</a></p>
 <p><a href="FStar.Tactics.SyntaxHelpers.html">FStar.Tactics.SyntaxHelpers</a></p>
 <p><a href="FStar.Tactics.Typeclasses.html">FStar.Tactics.Typeclasses</a></p>
+<p><a href="FStar.Tactics.Types.html">FStar.Tactics.Types</a></p>
 <p><a href="FStar.Tactics.Util.html">FStar.Tactics.Util</a></p>
-<p><a href="FStar.Tactics.html">FStar.Tactics</a></p>
+<p><a href="FStar.Tcp.html">FStar.Tcp</a></p>
 <p><a href="FStar.UInt.html">FStar.UInt</a></p>
 <p><a href="FStar.UInt128.html">FStar.UInt128</a></p>
 <p><a href="FStar.UInt16.html">FStar.UInt16</a></p>
-<p><a href="FStar.UInt31.html">FStar.UInt31</a></p>
 <p><a href="FStar.UInt32.html">FStar.UInt32</a></p>
-<p><a href="FStar.UInt63.html">FStar.UInt63</a></p>
 <p><a href="FStar.UInt64.html">FStar.UInt64</a></p>
 <p><a href="FStar.UInt8.html">FStar.UInt8</a></p>
+<p><a href="FStar.Udp.html">FStar.Udp</a></p>
 <p><a href="FStar.Universe.html">FStar.Universe</a></p>
 <p><a href="FStar.Util.html">FStar.Util</a></p>
+<p><a href="FStar.VConfig.html">FStar.VConfig</a></p>
+<p><a href="FStar.Vector.html">FStar.Vector</a></p>
 <p><a href="FStar.Vector.Base.html">FStar.Vector.Base</a></p>
 <p><a href="FStar.Vector.Properties.html">FStar.Vector.Properties</a></p>
-<p><a href="FStar.Vector.html">FStar.Vector</a></p>
 <p><a href="FStar.WellFounded.html">FStar.WellFounded</a></p>
-<p><a href="FStar.BV.html">FStar.BV</a></p>
-<p><a href="FStar.BaseTypes.html">FStar.BaseTypes</a></p>
-<p><a href="FStar.BigOps.html">FStar.BigOps</a></p>
-<p><a href="FStar.Bytes.html">FStar.Bytes</a></p>
-<p><a href="FStar.Char.html">FStar.Char</a></p>
-<p><a href="FStar.Classical.html">FStar.Classical</a></p>
-<p><a href="FStar.Date.html">FStar.Date</a></p>
-<p><a href="FStar.Dyn.html">FStar.Dyn</a></p>
-<p><a href="FStar.Endianness.html">FStar.Endianness</a></p>
-<p><a href="FStar.Float.html">FStar.Float</a></p>
-<p><a href="FStar.FunctionalExtensionality.html">FStar.FunctionalExtensionality</a></p>
-<p><a href="FStar.GSet.html">FStar.GSet</a></p>
-<p><a href="FStar.Ghost.html">FStar.Ghost</a></p>
-<p><a href="FStar.HyperStack.ST.html">FStar.HyperStack.ST</a></p>
-<p><a href="FStar.Map.html">FStar.Map</a></p>
-<p><a href="FStar.Math.Euclid.html">FStar.Math.Euclid</a></p>
-<p><a href="FStar.Math.Fermat.html">FStar.Math.Fermat</a></p>
-<p><a href="FStar.Modifies.html">FStar.Modifies</a></p>
-<p><a href="FStar.ModifiesGen.html">FStar.ModifiesGen</a></p>
-<p><a href="FStar.Monotonic.DependentMap.html">FStar.Monotonic.DependentMap</a></p>
-<p><a href="FStar.Monotonic.Heap.html">FStar.Monotonic.Heap</a></p>
-<p><a href="FStar.Monotonic.HyperHeap.html">FStar.Monotonic.HyperHeap</a></p>
-<p><a href="FStar.Monotonic.HyperStack.html">FStar.Monotonic.HyperStack</a></p>
-<p><a href="FStar.Monotonic.Witnessed.html">FStar.Monotonic.Witnessed</a></p>
-<p><a href="FStar.Range.html">FStar.Range</a></p>
-<p><a href="FStar.Real.html">FStar.Real</a></p>
-<p><a href="FStar.Reflection.Types.html">FStar.Reflection.Types</a></p>
-<p><a href="FStar.ReflexiveTransitiveClosure.html">FStar.ReflexiveTransitiveClosure</a></p>
-<p><a href="FStar.Set.html">FStar.Set</a></p>
-<p><a href="FStar.Squash.html">FStar.Squash</a></p>
-<p><a href="FStar.String.html">FStar.String</a></p>
-<p><a href="FStar.Tactics.Types.html">FStar.Tactics.Types</a></p>
-<p><a href="FStar.Tcp.html">FStar.Tcp</a></p>
-<p><a href="FStar.UInt128.html">FStar.UInt128</a></p>
-<p><a href="FStar.Udp.html">FStar.Udp</a></p>
-<p><a href="FStar.Universe.html">FStar.Universe</a></p>
-<p><a href="FStar.Vector.Base.html">FStar.Vector.Base</a></p>
+
 </body>
 </html>

From aa586ca61db5f28e928381d07cf7a93f99b219a0 Mon Sep 17 00:00:00 2001
From: Mark Gritter <mgritter@gmail.com>
Date: Sun, 7 Nov 2021 16:00:03 -0600
Subject: [PATCH 2/3] Add introductions to index file, extracted from
 individual MD files

---
 docs/index.html | 42 ++++++++++++++++++++++--------------------
 1 file changed, 22 insertions(+), 20 deletions(-)

diff --git a/docs/index.html b/docs/index.html
index ebc0d0c..628079f 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -6,36 +6,38 @@
   <style>@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}</style>
 </head>
 <body>
+<h1>
+<a id="user-content-f-standard-library-modules" class="anchor" href="#f-standard-library-modules" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>F* standard library modules</h1>
 <p><a href="FStar.Algebra.CommMonoid.html">FStar.Algebra.CommMonoid</a></p>
 <p><a href="FStar.Algebra.CommMonoid.Equiv.html">FStar.Algebra.CommMonoid.Equiv</a></p>
 <p><a href="FStar.Algebra.Monoid.html">FStar.Algebra.Monoid</a></p>
 <p><a href="FStar.All.html">FStar.All</a></p>
-<p><a href="FStar.BV.html">FStar.BV</a></p>
-<p><a href="FStar.BaseTypes.html">FStar.BaseTypes</a></p>
-<p><a href="FStar.BigOps.html">FStar.BigOps</a></p>
-<p><a href="FStar.BitVector.html">FStar.BitVector</a></p>
+<p><a href="FStar.BV.html">FStar.BV</a> --  This module defines an abstract type of length-indexed bit vectors.</p>
+<p><a href="FStar.BaseTypes.html">FStar.BaseTypes</a> --  This module aggregates commonly used primitive type constants into a single module, providing abbreviations for them.</p>
+<p><a href="FStar.BigOps.html">FStar.BigOps</a> --  This library provides propositional connectives over finite sets expressed as lists, aka "big operators", in analogy with LaTeX usage for \bigand, \bigor, etc.</p>
+<p><a href="FStar.BitVector.html">FStar.BitVector</a> --  This module defines a bit vector as a sequence of booleans of a given length, and provides various utilities.</p>
 <p><a href="FStar.Bytes.html">FStar.Bytes</a></p>
 <p><a href="FStar.Calc.html">FStar.Calc</a></p>
-<p><a href="FStar.Char.html">FStar.Char</a></p>
-<p><a href="FStar.Classical.html">FStar.Classical</a></p>
-<p><a href="FStar.Classical.Sugar.html">FStar.Classical.Sugar</a></p>
-<p><a href="FStar.Date.html">FStar.Date</a></p>
-<p><a href="FStar.DependentMap.html">FStar.DependentMap</a></p>
+<p><a href="FStar.Char.html">FStar.Char</a> --  This module provides the <code>char</code> type, an abstract type representing UTF-8 characters.</p>
+<p><a href="FStar.Classical.html">FStar.Classical</a> --  This module provides various utilities to manipulate the squashed logical connectives <code>==&gt;</code>, <code>/\</code>, <code>\/</code>, <code>forall</code>, <code>exists</code> and <code>==</code>, defined in Prims in terms of the <code>squash</code> type.</p>
+<p><a href="FStar.Classical.Sugar.html">FStar.Classical.Sugar</a> --  This module provides a few combinators that are targeted by the desugaring phase of the F* front end</p>
+<p><a href="FStar.Date.html">FStar.Date</a> --  A module providing primitives for dates and times</p>
+<p><a href="FStar.DependentMap.html">FStar.DependentMap</a> --  This module provides an abstract type of maps whose co-domain depends on the value of each key.</p>
 <p><a href="FStar.Dyn.html">FStar.Dyn</a></p>
-<p><a href="FStar.Endianness.html">FStar.Endianness</a></p>
+<p><a href="FStar.Endianness.html">FStar.Endianness</a> --  A library of lemmas for reasoning about sequences of machine integers and their (little|big)-endian representation as a sequence of bytes.</p>
 <p><a href="FStar.Exn.html">FStar.Exn</a></p>
-<p><a href="FStar.Fin.html">FStar.Fin</a></p>
-<p><a href="FStar.Float.html">FStar.Float</a></p>
-<p><a href="FStar.FunctionalExtensionality.html">FStar.FunctionalExtensionality</a></p>
+<p><a href="FStar.Fin.html">FStar.Fin</a> --  This module is supposed to contain various lemmas about finiteness.</p>
+<p><a href="FStar.Float.html">FStar.Float</a> --  Support for floating point numbers in F* is nearly non-existent.</p>
+<p><a href="FStar.FunctionalExtensionality.html">FStar.FunctionalExtensionality</a> --  Functional extensionality asserts the equality of pointwise-equal functions.</p>
 <p><a href="FStar.GSet.html">FStar.GSet</a></p>
-<p><a href="FStar.Ghost.html">FStar.Ghost</a></p>
+<p><a href="FStar.Ghost.html">FStar.Ghost</a> --  This module provides an erased type to abstract computationally irrelevant values.</p>
 <p><a href="FStar.Heap.html">FStar.Heap</a></p>
 <p><a href="FStar.HyperStack.html">FStar.HyperStack</a></p>
 <p><a href="FStar.HyperStack.All.html">FStar.HyperStack.All</a></p>
 <p><a href="FStar.HyperStack.ST.html">FStar.HyperStack.ST</a></p>
-<p><a href="FStar.IFC.html">FStar.IFC</a></p>
+<p><a href="FStar.IFC.html">FStar.IFC</a> --  FStar.IFC provides a simple, generic abstraction for monadic information-flow control based on a user-defined (semi-)lattice of information flow labels.</p>
 <p><a href="FStar.IO.html">FStar.IO</a></p>
-<p><a href="FStar.IndefiniteDescription.html">FStar.IndefiniteDescription</a></p>
+<p><a href="FStar.IndefiniteDescription.html">FStar.IndefiniteDescription</a> --  Indefinite description is an axiom that allows picking a witness for existentially quantified predicate.</p>
 <p><a href="FStar.Int.html">FStar.Int</a></p>
 <p><a href="FStar.Int.Cast.html">FStar.Int.Cast</a></p>
 <p><a href="FStar.Int.Cast.Full.html">FStar.Int.Cast.Full</a></p>
@@ -45,7 +47,7 @@
 <p><a href="FStar.Int64.html">FStar.Int64</a></p>
 <p><a href="FStar.Int8.html">FStar.Int8</a></p>
 <p><a href="FStar.Integers.html">FStar.Integers</a></p>
-<p><a href="FStar.LexicographicOrdering.html">FStar.LexicographicOrdering</a></p>
+<p><a href="FStar.LexicographicOrdering.html">FStar.LexicographicOrdering</a> --  This module proves that lexicographic ordering is well-founded   (i.e. every element is accessible)</p>
 <p><a href="FStar.List.html">FStar.List</a></p>
 <p><a href="FStar.List.Pure.html">FStar.List.Pure</a></p>
 <p><a href="FStar.List.Pure.Base.html">FStar.List.Pure.Base</a></p>
@@ -92,7 +94,7 @@
 <p><a href="FStar.Reflection.Derived.Lemmas.html">FStar.Reflection.Derived.Lemmas</a></p>
 <p><a href="FStar.Reflection.Formula.html">FStar.Reflection.Formula</a></p>
 <p><a href="FStar.Reflection.Types.html">FStar.Reflection.Types</a></p>
-<p><a href="FStar.ReflexiveTransitiveClosure.html">FStar.ReflexiveTransitiveClosure</a></p>
+<p><a href="FStar.ReflexiveTransitiveClosure.html">FStar.ReflexiveTransitiveClosure</a> --  This module defines the reflexive transitive closure of a relation.</p>
 <p><a href="FStar.ST.html">FStar.ST</a></p>
 <p><a href="FStar.Seq.html">FStar.Seq</a></p>
 <p><a href="FStar.Seq.Base.html">FStar.Seq.Base</a></p>
@@ -100,7 +102,7 @@
 <p><a href="FStar.Seq.Properties.html">FStar.Seq.Properties</a></p>
 <p><a href="FStar.Seq.Sorted.html">FStar.Seq.Sorted</a></p>
 <p><a href="FStar.Set.html">FStar.Set</a></p>
-<p><a href="FStar.Squash.html">FStar.Squash</a></p>
+<p><a href="FStar.Squash.html">FStar.Squash</a> --  The module provides an interface to work with <code>squash</code> types, F*'s representation for proof-irrelevant propositions.</p>
 <p><a href="FStar.SquashProperties.html">FStar.SquashProperties</a></p>
 <p><a href="FStar.String.html">FStar.String</a></p>
 <p><a href="FStar.StrongExcludedMiddle.html">FStar.StrongExcludedMiddle</a></p>
@@ -110,7 +112,7 @@
 <p><a href="FStar.Tactics.BV.html">FStar.Tactics.BV</a></p>
 <p><a href="FStar.Tactics.Builtins.html">FStar.Tactics.Builtins</a></p>
 <p><a href="FStar.Tactics.Canon.html">FStar.Tactics.Canon</a></p>
-<p><a href="FStar.Tactics.CanonCommSemiring.html">FStar.Tactics.CanonCommSemiring</a></p>
+<p><a href="FStar.Tactics.CanonCommSemiring.html">FStar.Tactics.CanonCommSemiring</a> --  A tactic to solve equalities on a commutative semiring (a, +, *, 0, 1)</p>
 <p><a href="FStar.Tactics.CanonCommSwaps.html">FStar.Tactics.CanonCommSwaps</a></p>
 <p><a href="FStar.Tactics.CanonMonoid.html">FStar.Tactics.CanonMonoid</a></p>
 <p><a href="FStar.Tactics.Common.html">FStar.Tactics.Common</a></p>

From 06840b4f5c655b25ced2189a552251c6d3945c6c Mon Sep 17 00:00:00 2001
From: Mark Gritter <mgritter@gmail.com>
Date: Sun, 7 Nov 2021 18:09:16 -0600
Subject: [PATCH 3/3] Add github CSS instead of embedding it in every file.

---
 docs/gh-style.css | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 docs/gh-style.css

diff --git a/docs/gh-style.css b/docs/gh-style.css
new file mode 100644
index 0000000..27b8023
--- /dev/null
+++ b/docs/gh-style.css
@@ -0,0 +1 @@
+@charset "utf-8"; .gist{font-size:16px;color:#333;text-align:left;/*!* GitHub Light v0.4.1 * Copyright(c) 2012 - 2017 GitHub,Inc. * Licensed under MIT(https://github.com/primer/github-syntax-theme-generator/blob/master/LICENSE) */ direction:ltr}.gist .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;font-size:16px;line-height:1.5;word-wrap:break-word}.gist .markdown-body kbd{display:inline-block;padding:3px 5px;font:11px SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;line-height:10px;color:#444d56;vertical-align:middle;background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da}.gist .markdown-body:before{display:table;content:""}.gist .markdown-body:after{display:table;clear:both;content:""}.gist .markdown-body>:first-child{margin-top:0 !important}.gist .markdown-body>:last-child{margin-bottom:0 !important}.gist .markdown-body a:not([href]){color:inherit;text-decoration:none}.gist .markdown-body .absent{color:#cb2431}.gist .markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.gist .markdown-body .anchor:focus{outline:none}.gist .markdown-body blockquote,.gist .markdown-body details,.gist .markdown-body dl,.gist .markdown-body ol,.gist .markdown-body p,.gist .markdown-body pre,.gist .markdown-body table,.gist .markdown-body ul{margin-top:0;margin-bottom:16px}.gist .markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e1e4e8;border:0}.gist .markdown-body blockquote{padding:0 1em;color:#6a737d;border-left:.25em solid #dfe2e5}.gist .markdown-body blockquote>:first-child{margin-top:0}.gist .markdown-body blockquote>:last-child{margin-bottom:0}.gist .markdown-body h1,.gist .markdown-body h2,.gist .markdown-body h3,.gist .markdown-body h4,.gist .markdown-body h5,.gist .markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.gist .markdown-body h1 .octicon-link,.gist .markdown-body h2 .octicon-link,.gist .markdown-body h3 .octicon-link,.gist .markdown-body h4 .octicon-link,.gist .markdown-body h5 .octicon-link,.gist .markdown-body h6 .octicon-link{color:#1b1f23;vertical-align:middle;visibility:hidden}.gist .markdown-body h1:hover .anchor,.gist .markdown-body h2:hover .anchor,.gist .markdown-body h3:hover .anchor,.gist .markdown-body h4:hover .anchor,.gist .markdown-body h5:hover .anchor,.gist .markdown-body h6:hover .anchor{text-decoration:none}.gist .markdown-body h1:hover .anchor .octicon-link,.gist .markdown-body h2:hover .anchor .octicon-link,.gist .markdown-body h3:hover .anchor .octicon-link,.gist .markdown-body h4:hover .anchor .octicon-link,.gist .markdown-body h5:hover .anchor .octicon-link,.gist .markdown-body h6:hover .anchor .octicon-link{visibility:visible}.gist .markdown-body h1 code,.gist .markdown-body h1 tt,.gist .markdown-body h2 code,.gist .markdown-body h2 tt,.gist .markdown-body h3 code,.gist .markdown-body h3 tt,.gist .markdown-body h4 code,.gist .markdown-body h4 tt,.gist .markdown-body h5 code,.gist .markdown-body h5 tt,.gist .markdown-body h6 code,.gist .markdown-body h6 tt{font-size:inherit}.gist .markdown-body h1{font-size:2em}.gist .markdown-body h1,.gist .markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eaecef}.gist .markdown-body h2{font-size:1.5em}.gist .markdown-body h3{font-size:1.25em}.gist .markdown-body h4{font-size:1em}.gist .markdown-body h5{font-size:.875em}.gist .markdown-body h6{font-size:.85em;color:#6a737d}.gist .markdown-body ol,.gist .markdown-body ul{padding-left:2em}.gist .markdown-body ol.no-list,.gist .markdown-body ul.no-list{padding:0;list-style-type:none}.gist .markdown-body ol ol,.gist .markdown-body ol ul,.gist .markdown-body ul ol,.gist .markdown-body ul ul{margin-top:0;margin-bottom:0}.gist .markdown-body li{word-wrap:break-all}.gist .markdown-body li>p{margin-top:16px}.gist .markdown-body li+li{margin-top:.25em}.gist .markdown-body dl{padding:0}.gist .markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:600}.gist .markdown-body dl dd{padding:0 16px;margin-bottom:16px}.gist .markdown-body table{display:block;width:100%;overflow:auto}.gist .markdown-body table th{font-weight:600}.gist .markdown-body table td,.gist .markdown-body table th{padding:6px 13px;border:1px solid #dfe2e5}.gist .markdown-body table tr{background-color:#fff;border-top:1px solid #c6cbd1}.gist .markdown-body table tr:nth-child(2n){background-color:#f6f8fa}.gist .markdown-body table img{background-color:initial}.gist .markdown-body img{max-width:100%;box-sizing:initial;background-color:#fff}.gist .markdown-body img[align=right]{padding-left:20px}.gist .markdown-body img[align=left]{padding-right:20px}.gist .markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:initial}.gist .markdown-body span.frame{display:block;overflow:hidden}.gist .markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #dfe2e5}.gist .markdown-body span.frame span img{display:block;float:left}.gist .markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#24292e}.gist .markdown-body span.align-center{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.gist .markdown-body span.align-center span img{margin:0 auto;text-align:center}.gist .markdown-body span.align-right{display:block;overflow:hidden;clear:both}.gist .markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.gist .markdown-body span.align-right span img{margin:0;text-align:right}.gist .markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.gist .markdown-body span.float-left span{margin:13px 0 0}.gist .markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.gist .markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.gist .markdown-body code,.gist .markdown-body tt{padding:.2em .4em;margin:0;font-size:85%;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body code br,.gist .markdown-body tt br{display:none}.gist .markdown-body del code{text-decoration:inherit}.gist .markdown-body pre{word-wrap:normal}.gist .markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.gist .markdown-body .highlight{margin-bottom:16px}.gist .markdown-body .highlight pre{margin-bottom:0;word-break:normal}.gist .markdown-body .highlight pre,.gist .markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f6f8fa;border-radius:3px}.gist .markdown-body pre code,.gist .markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:#f6f8fa;border:0}.gist .markdown-body .csv-data td,.gist .markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.gist .markdown-body .csv-data .blob-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.gist .markdown-body .csv-data tr{border-top:0}.gist .markdown-body .csv-data th{font-weight:600;background:#f6f8fa;border-top:0}.gist .pl-c{color:#6a737d}.gist .pl-c1,.gist .pl-s .pl-v{color:#005cc5}.gist .pl-e,.gist .pl-en{color:#6f42c1}.gist .pl-s .pl-s1,.gist .pl-smi{color:#24292e}.gist .pl-ent{color:#22863a}.gist .pl-k{color:#d73a49}.gist .pl-pds,.gist .pl-s,.gist .pl-s .pl-pse .pl-s1,.gist .pl-sr,.gist .pl-sr .pl-cce,.gist .pl-sr .pl-sra,.gist .pl-sr .pl-sre{color:#032f62}.gist .pl-smw,.gist .pl-v{color:#e36209}.gist .pl-bu{color:#b31d28}.gist .pl-ii{color:#fafbfc;background-color:#b31d28}.gist .pl-c2{color:#fafbfc;background-color:#d73a49}.gist .pl-c2:before{content:"^M"}.gist .pl-sr .pl-cce{font-weight:700;color:#22863a}.gist .pl-ml{color:#735c0f}.gist .pl-mh,.gist .pl-mh .pl-en,.gist .pl-ms{font-weight:700;color:#005cc5}.gist .pl-mi{font-style:italic;color:#24292e}.gist .pl-mb{font-weight:700;color:#24292e}.gist .pl-md{color:#b31d28;background-color:#ffeef0}.gist .pl-mi1{color:#22863a;background-color:#f0fff4}.gist .pl-mc{color:#e36209;background-color:#ffebda}.gist .pl-mi2{color:#f6f8fa;background-color:#005cc5}.gist .pl-mdr{font-weight:700;color:#6f42c1}.gist .pl-ba{color:#586069}.gist .pl-sg{color:#959da5}.gist .pl-corl{text-decoration:underline;color:#032f62}.gist .breadcrumb{font-size:16px;color:#586069}.gist .breadcrumb .separator{white-space:pre-wrap}.gist .breadcrumb .separator:after,.gist .breadcrumb .separator:before{content:" "}.gist .breadcrumb strong.final-path{color:#24292e}.gist strong{font-weight:bolder}.gist .editor-abort{display:inline;font-size:14px}.gist .blob-interaction-bar{position:relative;background-color:#f2f2f2;border-bottom:1px solid #e5e5e5}.gist .blob-interaction-bar:before{display:table;content:""}.gist .blob-interaction-bar:after{display:table;clear:both;content:""}.gist .blob-interaction-bar .octicon-search{position:absolute;top:10px;left:10px;font-size:12px;color:#586069}.gist .blob-filter{width:100%;padding:4px 20px 5px 30px;font-size:12px;border:0;border-radius:0;outline:none}.gist .blob-filter:focus{outline:none}.gist .html-blob{margin-bottom:15px}.gist .TagsearchPopover{width:inherit;max-width:600px}.gist .TagsearchPopover-content{max-height:300px}.gist .TagsearchPopover-list .TagsearchPopover-list-item:hover{background-color:#f6f8fa}.gist .TagsearchPopover-list .TagsearchPopover-list-item .TagsearchPopover-item:hover{text-decoration:none}.gist .TagsearchPopover-list .blob-code-inner{white-space:pre-wrap}.gist .linejump .linejump-input{width:340px;background-color:#fafbfc}.gist .linejump .btn,.gist .linejump .linejump-input{padding:10px 15px;font-size:16px}.gist .CopyBlock{line-height:20px;cursor:pointer}.gist .CopyBlock .octicon-clippy{display:none}.gist .CopyBlock:active,.gist .CopyBlock:focus,.gist .CopyBlock:hover{background-color:#fff;outline:none}.gist .CopyBlock:active .octicon-clippy,.gist .CopyBlock:focus .octicon-clippy,.gist .CopyBlock:hover .octicon-clippy{display:inline-block}.gist .blob-wrapper{overflow-x:auto;overflow-y:hidden}.gist .page-blob.height-full .blob-wrapper{overflow-y:auto}.gist .page-edit-blob.height-full .CodeMirror{height:300px}.gist .page-edit-blob.height-full .CodeMirror,.gist .page-edit-blob.height-full .CodeMirror-scroll{display:flex;flex-direction:column;flex:1 1 auto}.gist .blob-wrapper-embedded{max-height:240px;overflow-y:auto}.gist .diff-table{width:100%;border-collapse:initial}.gist .diff-table .line-comments{padding:10px;vertical-align:top;border-top:1px solid #e1e4e8}.gist .diff-table .line-comments:first-child+.empty-cell{border-left-width:1px}.gist .diff-table tr:not(:last-child) .line-comments{border-top:1px solid #e1e4e8;border-bottom:1px solid #e1e4e8}.gist .blob-num{width:1%;min-width:50px;padding-right:10px;padding-left:10px;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,.3);text-align:right;white-space:nowrap;vertical-align:top;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gist .blob-num:hover{color:rgba(27,31,35,.6)}.gist .blob-num:before{content:attr(data-line-number)}.gist .blob-num.non-expandable{cursor:default}.gist .blob-num.non-expandable:hover{color:rgba(27,31,35,.3)}.gist .blob-code{position:relative;padding-right:10px;padding-left:10px;line-height:20px;vertical-align:top}.gist .blob-code-inner{overflow:visible;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;color:#24292e;word-wrap:normal;white-space:pre}.gist .blob-code-inner .x-first{border-top-left-radius:.2em;border-bottom-left-radius:.2em}.gist .blob-code-inner .x-last{border-top-right-radius:.2em;border-bottom-right-radius:.2em}.gist .blob-code-inner.highlighted,.gist .blob-code-inner .highlighted{background-color:#fffbdd}.gist .blob-code-marker:before{padding-right:8px;content:attr(data-code-marker)}.gist .blob-code-marker-addition:before{content:"+ "}.gist .blob-code-marker-deletion:before{content:"- "}.gist .blob-code-marker-context:before{content:" "}.gist .soft-wrap .diff-table{table-layout:fixed}.gist .soft-wrap .blob-code{padding-left:18px;text-indent:-7px}.gist .soft-wrap .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .soft-wrap .no-nl-marker{display:none}.gist .soft-wrap .add-line-comment{margin-left:-28px}.gist .blob-code-hunk,.gist .blob-num-expandable,.gist .blob-num-hunk{color:rgba(27,31,35,.7);vertical-align:middle}.gist .blob-num-expandable,.gist .blob-num-hunk{background-color:#dbedff}.gist .blob-code-hunk{padding-top:4px;padding-bottom:4px;background-color:#f1f8ff;border-width:1px 0}.gist .blob-expanded .blob-code,.gist .blob-expanded .blob-num{background-color:#fafbfc}.gist .blob-expanded+tr:not(.blob-expanded) .blob-code,.gist .blob-expanded+tr:not(.blob-expanded) .blob-num,.gist .blob-expanded .blob-num-hunk,.gist tr:not(.blob-expanded)+.blob-expanded .blob-code,.gist tr:not(.blob-expanded)+.blob-expanded .blob-num{border-top:1px solid #eaecef}.gist .blob-num-expandable{padding:0;font-size:12px;text-align:center}.gist .blob-num-expandable .diff-expander{display:block;width:auto;height:auto;padding:4px 11px 4px 10px;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .diff-expander .octicon{vertical-align:top}.gist .blob-num-expandable .directional-expander{display:block;width:auto;height:auto;margin-right:-1px;color:#586069;cursor:pointer}.gist .blob-num-expandable .single-expander{padding-top:4px;padding-bottom:4px}.gist .blob-num-expandable .diff-expander:hover,.gist .blob-num-expandable .directional-expander:hover{color:#fff;text-shadow:none;background-color:#0366d6;border-color:#0366d6}.gist .blob-code-addition{background-color:#e6ffed}.gist .blob-code-addition .x{color:#24292e;background-color:#acf2bd}.gist .blob-num-addition{background-color:#cdffd8;border-color:#bef5cb}.gist .blob-code-deletion{background-color:#ffeef0}.gist .blob-code-deletion .x{color:#24292e;background-color:#fdb8c0}.gist .blob-num-deletion{background-color:#ffdce0;border-color:#fdaeb7}.gist .is-selecting,.gist .is-selecting .blob-num{cursor:ns-resize !important}.gist .is-selecting .add-line-comment,.gist .is-selecting a{pointer-events:none;cursor:ns-resize !important}.gist .is-selecting .is-hovered .add-line-comment{opacity:0}.gist .is-selecting.file-diff-split,.gist .is-selecting.file-diff-split .blob-num{cursor:nwse-resize !important}.gist .is-selecting.file-diff-split .add-line-comment,.gist .is-selecting.file-diff-split .empty-cell,.gist .is-selecting.file-diff-split a{pointer-events:none;cursor:nwse-resize !important}.gist .selected-line{position:relative}.gist .selected-line:after{position:absolute;top:0;left:0;display:block;width:100%;height:100%;box-sizing:border-box;pointer-events:none;content:"";background:rgba(255,223,93,.2);mix-blend-mode:multiply}.gist .selected-line.selected-line-top:after{border-top:1px solid #ffd33d}.gist .selected-line.selected-line-bottom:after{border-bottom:1px solid #ffd33d}.gist .selected-line.selected-line-left:after,.gist .selected-line:first-child:after{border-left:1px solid #ffd33d}.gist .selected-line.selected-line-right:after,.gist .selected-line:last-child:after{border-right:1px solid #ffd33d}.gist .is-commenting .selected-line.blob-code:before{position:absolute;top:0;left:-1px;display:block;width:4px;height:100%;content:"";background:#0366d6}.gist .add-line-comment{position:relative;z-index:5;float:left;width:22px;height:22px;margin:-2px -10px -2px -20px;line-height:21px;color:#fff;text-align:center;text-indent:0;cursor:pointer;background-color:#0366d6;background-image:linear-gradient(#0372ef,#0366d6);border-radius:3px;box-shadow:0 1px 4px rgba(27,31,35,.15);opacity:0;transition:transform .1s ease-in-out;transform:scale(.8)}.gist .add-line-comment:hover{transform:scale(1)}.gist .add-line-comment:focus,.is-hovered .gist .add-line-comment{opacity:1}.gist .add-line-comment .octicon{vertical-align:text-top;pointer-events:none}.gist .add-line-comment.octicon-check{background:#333;opacity:1}.gist .inline-comment-form{border:1px solid #dfe2e5;border-radius:3px}.gist .inline-review-comment{margin-top:0 !important;margin-bottom:10px !important}.gist .inline-review-comment .gc:first-child+tr .blob-code,.gist .inline-review-comment .gc:first-child+tr .blob-num{padding-top:5px}.gist .inline-review-comment tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code,.gist .inline-review-comment tr:last-child .blob-num{padding-bottom:8px}.gist .inline-review-comment tr:last-child .blob-code:first-child,.gist .inline-review-comment tr:last-child .blob-num:first-child{border-bottom-left-radius:3px}.gist .inline-review-comment tr:last-child .blob-code:last-child,.gist .inline-review-comment tr:last-child .blob-num:last-child{border-bottom-right-radius:3px}.gist .timeline-inline-comments{width:100%;table-layout:fixed}.gist .show-inline-notes .inline-comments,.gist .timeline-inline-comments .inline-comments{display:table-row}.gist .inline-comments,.gist .inline-comments.is-collapsed{display:none}.gist .inline-comments .line-comments.is-collapsed{visibility:hidden}.gist .inline-comments .line-comments+.blob-num{border-left-width:1px}.gist .inline-comments .timeline-comment{margin-bottom:10px}.gist .comment-holder,.gist .inline-comments .inline-comment-form,.gist .inline-comments .inline-comment-form-container{max-width:780px}.gist .empty-cell+.line-comments,.gist .line-comments+.line-comments{border-left:1px solid #eaecef}.gist .inline-comment-form-container .inline-comment-form,.gist .inline-comment-form-container.open .inline-comment-form-actions{display:none}.gist .inline-comment-form-container .inline-comment-form-actions,.gist .inline-comment-form-container.open .inline-comment-form{display:block}.gist body.full-width .container,.gist body.full-width .container-lg,.gist body.full-width .container-xl,.gist body.split-diff .container,.gist body.split-diff .container-lg,.gist body.split-diff .container-xl{width:100%;max-width:none;padding-right:20px;padding-left:20px}.gist body.full-width .repository-content,.gist body.split-diff .repository-content{width:100%}.gist body.full-width .new-pr-form,.gist body.split-diff .new-pr-form{max-width:980px}.gist .file-diff-split{table-layout:fixed}.gist .file-diff-split .blob-code+.blob-num{border-left:1px solid #f6f8fa}.gist .file-diff-split .blob-code-inner{word-wrap:break-word;white-space:pre-wrap}.gist .file-diff-split .empty-cell{cursor:default;background-color:#fafbfc;border-right-color:#eaecef}@media (max-width:1280px){.gist .file-diff-split .write-selected .comment-form-head{margin-bottom:48px !important}.gist .file-diff-split markdown-toolbar{position:absolute;right:8px;bottom:-40px}}.gist .submodule-diff-stats .octicon-diff-removed{color:#cb2431}.gist .submodule-diff-stats .octicon-diff-renamed{color:#677a85}.gist .submodule-diff-stats .octicon-diff-modified{color:#d0b44c}.gist .submodule-diff-stats .octicon-diff-added{color:#28a745}.gist .BlobToolbar{left:-17px}.gist .BlobToolbar-dropdown{margin-left:-2px}.gist .code-navigation-banner{background:linear-gradient(180deg,rgba(242,248,254,0),rgba(242,248,254,.47))}.gist .code-navigation-banner .code-navigation-banner-illo{background-image:url(code-navigation-banner-illo.svg);background-repeat:no-repeat;background-position:50%}.gist .pl-token.active,.gist .pl-token:hover{cursor:pointer;background:#ffea7f}.gist .task-list-item{list-style-type:none}.gist .task-list-item label{font-weight:400}.gist .task-list-item.enabled label{cursor:pointer}.gist .task-list-item+.task-list-item{margin-top:3px}.gist .task-list-item .handle{display:none}.gist .task-list-item-checkbox{margin:0 .2em .25em -1.6em;vertical-align:middle}.gist .reorderable-task-lists .markdown-body .contains-task-list{padding:0}.gist .reorderable-task-lists .markdown-body li:not(.task-list-item){margin-left:26px}.gist .reorderable-task-lists .markdown-body ol:not(.contains-task-list) li,.gist .reorderable-task-lists .markdown-body ul:not(.contains-task-list) li{margin-left:0}.gist .reorderable-task-lists .markdown-body li p{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item{padding-right:15px;padding-left:42px;margin-right:-15px;margin-left:-15px;border:1px solid transparent}.gist .reorderable-task-lists .markdown-body .task-list-item+.task-list-item{margin-top:0}.gist .reorderable-task-lists .markdown-body .task-list-item .contains-task-list{padding-top:4px}.gist .reorderable-task-lists .markdown-body .task-list-item .handle{display:block;float:left;width:20px;padding:2px 0 0 2px;margin-left:-43px;opacity:0}.gist .reorderable-task-lists .markdown-body .task-list-item .drag-handle{fill:#333}.gist .reorderable-task-lists .markdown-body .task-list-item.hovered>.handle{opacity:1}.gist .reorderable-task-lists .markdown-body .task-list-item.is-dragging{opacity:0}.gist .review-comment-contents .markdown-body .task-list-item{padding-left:42px;margin-right:-12px;margin-left:-12px;border-top-left-radius:3px;border-bottom-left-radius:3px}.gist .review-comment-contents .markdown-body .task-list-item.hovered{border-left-color:#ededed}.gist .highlight{padding:0;margin:0;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;font-size:12px;font-weight:400;line-height:1.4;color:#333;background:#fff;border:0}.gist .octospinner,.gist .render-viewer-error,.gist .render-viewer-fatal,.gist .render-viewer-invalid{display:none}.gist iframe.render-viewer{width:100%;height:480px;overflow:hidden;border:0}.gist code,.gist pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace !important}.gist .gist-meta{padding:10px;overflow:hidden;font:12px -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji;color:#586069;background-color:#f7f7f7;border-radius:0 0 3px 3px}.gist .gist-meta a{font-weight:600;color:#666;text-decoration:none;border:0}.gist .gist-data{overflow:auto;word-wrap:normal;background-color:#fff;border-bottom:1px solid #ddd;border-radius:3px 3px 0 0}.gist .gist-file{margin-bottom:1em;font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,monospace;border:1px solid;border-color:#ddd #ddd #ccc;border-radius:3px}.gist .gist-file article{padding:6px}.gist .gist-file .scroll .gist-data{position:absolute;top:0;right:0;bottom:30px;left:0;overflow:scroll}.gist .gist-file .scroll .gist-meta{position:absolute;right:0;bottom:0;left:0}.gist .blob-num{min-width:inherit}.gist .blob-code,.gist .blob-num{padding:1px 10px !important;background:transparent}.gist .blob-code{text-align:left;border:0}.gist .blob-wrapper table{border-collapse:collapse}.gist table,.gist table tr,.gist table tr td,.gist table tr th{border-collapse:collapse}.gist .blob-wrapper tr:first-child td{padding-top:4px}.gist .markdown-body .anchor{display:none}